Security Center

The best way to secure your personal information is by creating unique usernames and strong passwords. A strong password is at least 8 characters long with a mixture of upper and lower case letters, numbers, and special characters.

You should avoid using your pet's name, your child's name, or anything else that a fraudster could easily find out, like your address, phone number, or birth date. For added security, remember to change your password regularly and avoid using the same password for multiple sites.

The mobile authenticator sends a unique, one-time passcode to your LMCU mobile app. This passcode takes the place of your usual password when logging into LMCU’s Online Banking. Since the authenticator passcode is randomly generated on the spot and expires after a short period, it’s an added security layer.

To learn more click here.

Biometrics are a way to measure a person’s physical characteristics to verify their identity. Common biometrics used for passcodes include fingerprints and facial recognition.

Biometrics are powerful because while they’re not “secret” like passwords, they can’t simply be ‘typed’ by a fraudster, and they are extremely difficult to recreate.

Want to enable fingerprint and facial recognition? Log into your account via the LMCU mobile app and navigate to Settings > Login Options > Biometric ID.

Always protect your card by keeping it in a safe place. If your card is lost or stolen, contact us immediately. Carefully review your account statements and report any fraudulent transactions immediately.

Memorize your PIN. Do not write it on your card, keep it in your wallet, or give it to anyone. If you choose your own PIN, avoid using numbers for your PIN that are easily identified (for example, birthdates, telephone numbers, and addresses).

Never give your PIN to anyone or information about your card over the telephone, email, or the internet unless to a trusted merchant in a call or transaction you initiated. If someone asks for this information, refuse and immediately contact us.

Be aware of your surroundings at the ATM. Make sure others cannot see the keypad while you’re entering your PIN. Shield the keypad with your hand or body when entering your PIN at an ATM.

Put your card, cash, and receipt away immediately after completing your transaction. Do not display or count your cash at the ATM. If you print a receipt, take it with you and keep it in a safe place. The receipt may contain information about your account balance and a partial account number, which may be used for fraud. When you’re done with your receipts, shred them.

If you must use an ATM at night, take someone with you. Be aware of people and your surroundings before, during, and after you use an ATM, particularly at night. If you feel unsafe, press Cancel and visit another ATM.

If you notice anything suspicious about the ATM or surrounding area, cancel your transaction and notify LMCU or law enforcement immediately. The activity around LMCU ATMs may be monitored or recorded by surveillance cameras.

Mobile devices that are used to access financial information should be locked with a secure passcode. If your device is lost/stolen, report it immediately to your carrier so it can be deactivated.

Don't access financial accounts from free, public networks. Public Wi-Fi hotspots are prime targets for hackers, who obtain direct access to your mobile device.

Delete messages received from the credit union on a regular basis.

Do not respond to text messages from unknown sources that request your personal information such as social security number, account numbers, etc. LMCU will never contact you and request any personal information.

Install anti-virus and firewall software on your computer and keep it up to date.

Be cautious about offers for free anti-virus software; make sure you get your software from a reputable company. Look for anti-virus software that scans incoming communications and files for viruses, removes or quarantines viruses, and updates automatically.

A firewall is software or hardware designed to block unauthorized access to your computer. It's especially important to run a firewall if you have a cable modem or DSL line or other broadband connection, because they’re targeted often. Many current operating systems come with a built-in firewall, which you have to turn on.

Before you enter any of your login credentials, make sure you’re on the authentic LMCU.org website by checking your browser address bar to see if it has:

1. A lock icon
2. The LMCU logo
3. https://www.lmcu.org

A malicious email can look just like it comes from a financial institution, an e-commerce site, a government agency, or any other service or business. It often urges you to act quickly because your account has been compromised, your order cannot be fulfilled, or there is another urgent matter to address.

Don't open the email or any attachments, even if it appears to be from a friend or co-worker, unless you're expecting it or you’re absolutely sure you know what it contains.

Watch out for email subject lines or emails with a generic message like, "check this out" or "thought you'd be interested in this". Make sure you know who sent the email before you open an attachment or click any links.

If you temporarily misplace your debit card or suspect fraudulent activity on your account, you can freeze it to prevent new purchases and ATM transactions. It’s easy to freeze or unfreeze your debit card in seconds via the mobile app or online banking.

Please keep in mind that while your debit card is frozen, other account activity will continue as normal.

Early detection is a key component in stopping fraud quickly. eAlerts are a great way to keep track of your finances to detect withdrawals you didn’t authorize or other suspicious account activity, and to get notice about them quickly. You can sign up to get all types of alerts by text, phone, or email.

Learn how to set up eAlerts here.

Opting for eStatements is not only convenient, it also helps protect your personal information. When you enroll in eStatements, you keep a record of your transactions behind a secure login and will be notified by email when a new statement is available.

Learn how to enroll in eStatements here.

When you are ready to leave a site to which you have logged in, log off rather than just closing the page or browser.

At least once a year, read through your credit reports carefully. You can request a free annual credit report from each of the 3 national credit reporting agencies, even if you don’t suspect any unauthorized activity on your account.

For your free annual report, go to AnnualCreditReport.com or call 877-FACTACT (1-877-322-8228). Or, request the reports directly from each agency:
Equifax: (800) 525-6285
Experian: (888) 397-3742
TransUnion: (800) 680-7289

Look out for credit inquiries from unfamiliar companies, accounts you never opened, and unexplained debts. This can be a warning sign of fraud or identity theft.

Phishing is a scam to collect valuable information such as credit card, social security numbers, usernames and passwords. These emails will claim to be from a company you know and trust. They usually ask you to ‘update’ or ‘validate’ your account information. It often threatens some type of consequence such as ‘your debit card will be deactivated’. The message directs you to a website that looks legitimate, but is not.

Never reply to an email you receive that is requesting your personal information, never open an attachment or click on the link provided in the email. It is best to type the URL address directly in to your browser.

Vishing is the voice counterpart to phishing. Instead of being directed by email to a website, an email asks the user to make a telephone call. The call triggers a voice response system that asks for personal or financial information. The initial contact can also be a telephone call with a recording that instructs the user to phone an 800-number or another area code within or outside of the United States.

If the message appears to be from a legitimate source, contact that sources main phone number - not the number provided in the email or phone message – and verify.

Additionally, you could receive a call that says LMCU on your Caller ID, but it is really from a fraudster pretending to be us. For more information on Caller ID spoofing, visit: https://www.fcc.gov/spoofing.

Smishing is the mobile phone counterpart to phishing. Instead of being directed by email to a website, a text message is sent to the user’s cell phone or other mobile device with some ploy to click on a link. The link causes a Trojan to be installed on the cell phone or other mobile device.

If a text message looks suspicious, delete it right away without reading it. Never reply to or follow the instructions of a text message that asks you for personal information. A legitimate business will never ask you to reveal your personal information over the phone or online.

Skimming is when thieves use devices to collect — or skim — private data from debit, credit, and ATM cards. Skimmers often target gas stations, retail stores, and ATMs. Handheld skimming devices can be used at restaurants, like when you hand your card to a server to pay for a meal.

At Gas Pumps, be sure to check the pump for any loose or tampered card slots, choose credit over debit to avoid entering your PIN, and if you’re ever suspicious, go into the station and pay the attendant.

At ATMs, be aware of your surrounding and check the ATM for any loose parts like the card slot, money dispenser, or ATM screen. Cover the keypad with your hand when entering your PIN.

At restaurants and retail stores, choose credit over debit to protect your PIN from being detected by a skimming device.

Pay attention to the web address (URL) of websites. A website may look legitimate, but the URL may have a variation in spelling or use a different address. If you are suspicious of a website, close your browser and contact the company directly by phone. Do not click links on social networking sites, pop- up windows, or non-trusted websites. Links can take you to a different website than their labels indicate. Typing an address into your browser is a safer alternative. Only give sensitive information to websites using a secure connection. Verify the web address begins with https:// (the “s” is for secure) rather than just HTTP:// with no “s”.

You are notified that you have won a lottery or sweepstakes in a foreign country and are asked to send funds back to pay for fees and taxes on the winnings. Do not deposit any checks that are supposed winnings from a lottery or sweepstakes that you don’t remember entering. Take time to research any offers you receive over the internet.

1. The subject line uses an urgent or aggressive tone.
2. The sender the email came from is one letter off from what they should be (e.g., “netftix” instead of “netflix”) so that, at a glance, everything appears official.
3. The greeting is generic or awkwardly phrased.
4. Spelling and grammar errors are always a red flag.
5. Buttons and links are easy for scammers to format and disguise. Get in the habit of accessing your accounts by typing the official URL in a new browser window. Avoid clicking on direct links in email messages.
6. The contact info looks sketchy. Cross-reference it with a separate web search.
7. Malicious attachments can be easily disguised as innocent Word documents, spreadsheets, and presentations. Be deliberate about which attachments you choose to open or download.

Your identity is unique and LMCU will help you keep it that way!

LMCU and LifeLock are pleased to partner and offer our members a discount on additional Identity Protection. LifeLock is an identity theft protection service. Identity theft affects millions of consumers every year. Take steps to prevent it from harming you. Protect yourself with identity theft protection services including prevention, detection, and restoration.

You can sign up and learn more about LifeLock here.

For the most up-to-date information relating to scams, including common scams, how to avoid scams, what to do if you believe you have been scammed, and how to report a complaint please visit the Federal Trade Commission’s (FTC) Consumer Information page at www.consumer.ftc.gov/features/scam-alerts where you can browse scams by topic.

An individual’s personal information is an incredibly important asset to protect. Knowing how to protect both your financial identity and your online identity is a must in this day and age. The Federal Trade Commission has very valuable tips to do this effectively. Please visit www.consumer.ftc.gov/topics/privacy-identity-online-security to learn more about the following topics:

• Limiting Unwanted Calls & Emails
• Online Security
• Protecting Kids Online
• Identity Theft

If you suspect that someone may be using your personal information to open accounts, file taxes, or make purchases, please visit www.identitytheft.gov to report that you believe you are a victim of identity theft. Once you have made your report, you can create a personal recovery plan and put that plan into action. The FTC will walk you through each recovery step. For more identity theft resources, please visit ftc.gov/idtheft.

If your debit or credit card is lost or stolen, please report it immediately to prevent unauthorized use.

Contact our 24/7 Toll-Free Lost/Stolen number: (866) 304-8684.

A new card and new PIN will be ordered and should arrive by mail in about 7-10 business days.

You can start a dispute by logging in to Online Banking, clicking on your Checking account, and choosing 'Debit/Credit Card Dispute' on the right-hand side.

To dispute a debit card transaction, we need your signature on a Dispute form. This form can be filled out at any of our branch locations. You may also contact our Member Services Department at (800) 242-9790 or send an email to [email protected] to have it mailed or emailed to you.

If you have questions, or need to dispute any unauthorized transactions, you may also contact our Member Services Department at (800) 242-9790.

Use our secure contact form to send us a copy of the email to review, or call our Member Services Department at (800) 242-9790

If you are entering the correct username and/or password but are unable to login:

1. Make sure your CAPS lock or NUM lock are not on. Passwords are case sensitive.
2. If your browser has saved your username or password, try deleting the saved information and enter it manually.
3. Your account may be locked due to too many invalid login attempts.
   • Unlock your account
   • Reset your password

For assistance, please contact our Member Services Department at (800) 242-9790.

Follow these steps immediately if your purse or wallet has been stolen, your home was burglarized, or you think you may have become a victim of identity theft:

• Call LMCU Member Services Department at (800) 242-9790.
• If you are a LifeLock member, they will provide resolution services – you will be assigned an identity restoration specialist who will be ready to help and take charge
• Place a “fraud alert” on your credit reports by calling one of the major credit reporting agencies. Contact information is listed below:
  Equifax: (800) 525-6285
  Experian: (888) 397-3742
  TransUnion: (800) 680-7289
• Check your credit report every 30 days.
• Monitor your banking, retirement, all credit card and debit card activity for anything suspicious.
• Close any accounts that have been tampered with or opened without your approval.
• File a report with your local law enforcement agency, as well as with the Federal Trade Commission by calling (877) IDTHEFT or online at ftc.gov/idtheft.
• Monitor your credit report once a year to check for any inaccuracies or suspicious activity by visiting www.annualcreditreport.com to obtain your free copy.