Protecting your financial identity is very crucial. Together with Cy-Fair Federal Credit Union, you can take steps to prevent and detect identity theft and fraud. The most important step toward protecting yourself is to never give out account information to anyone who comes asking for it. CFFCU does not call, text, or send emails asking for account information. Remember—we already have it!


[{Vulnerabilities}]Online Security Vulnerabilities

When Cy-Fair becomes aware of online security vulnerabilities that may impact you as a member, helpful information will be posted here with trusted advice on how to best protect yourself.

Debit and Credit Card Data Breaches

If you think you may have been impacted by an unauthorized debit or credit card data breach from a retailer or any other institution you do business with, there are a few simple things you can do to protect yourself. Keep an eye on your account through online banking or monthly statements to watch for any unusual activity. You can even set up alerts that will notify you if account balances or transaction amounts exceed certain thresholds you set. If you notice anything suspicious or unusual on your Cy-Fair accounts, please notify Member Resource Center immediately for assistance by calling 281.890.7676. If desired, Cy-Fair can close your debit or credit card and reissue a new one for you. You should also report fraud or identity theft to the Federal Trade Commission and local law enforcement.

If you suspect that your card has been breached, it is recommended that you change your PIN number as an added measure of security. To help protect your account information, consider periodically changing your PIN number quarterly or annually.

CFFCU will never call you asking for your card number, PIN, or other card information in the case of a debit or credit card data breach. As always, if you ever question the legitimacy of a call from CFFCU, please hang up and call 281.890.7676 or 1.888.890.7676.


Prevent Identity Theft - An excellent way to detect fraudulent activity is to keep a close eye on your accounts, such as by using CFFCU’s online banking to watch your accounts on a daily basis. You should also take advantage of your free annual credit report check, which gives an overview of your credit accounts from all financial institutions. 

Free credit reports are available under Federal law at AnnualCreditReport.com. To receive your free annual credit report, you can

There are several other precautions you can take to protect yourself against identity theft. These government websites provide precautions, tips, and advice on protecting yourself online, while on the telephone, or by mail.

[{Common Scams}]By using these tips, you’ll be well on your way toward protecting your financial identity.

  • Social Engineering - Those looking to misuse your account information will often disguise themselves as Cy-Fair Federal Credit Union, or any other financial institution, and then ask you to “verify” your account information by sending them confidential information. These “social engineers” also search dumpsters for valuable information, memorize access codes by looking over someone’s shoulder (shoulder surfing), or take advantage of people’s natural inclination to choose passwords that are meaningful to them but can be easily guessed. Some examples of social engineering techniques include the following:

  • Phishing - Phishing uses e-mails that appear to originate from a trusted source (such as a financial institution) to trick users into entering confidential information on a fake web page.

  • Vishing - This technique uses an interactive voice response (IVR) system to recreate a legitimate-sounding copy of a financial institution’s IVR system. The victim is prompted to “verify” various financial information. More advanced systems transfer the victim to the attacker, posing as a customer service agent, for further questioning.

  • Smishing - The victim receives a text message telling them to call a toll-free number, which is answered by a bogus interactive voice-response system that tries to fool the victim into providing his or her account number and password.

  • Baiting - An attacker will leave a software-infected computer disk or USB flash drive in a location such as a bathroom, elevator, or parking lot. The attacker gives it a legitimate looking label and name, and then simply waits for the victim to use the device. Baiting can also take the form of an App for your mobile phone. These Apps are designed to look and feel legitimate.

  • Business and Commercial Accounts - Unfortunately, even businesses are not immune to identity theft and fraud. In fact, some online business account transactions may incur a higher level of risk when it comes to fraud than a consumer account transaction. To help protect your business against identity theft and fraud, CFFCU strongly encourages you to conduct periodic risk assessments and evaluations of your controls to detect weaknesses or inadequacies.

    Many companies keep sensitive personal information about customers or employees in their files. Having a sound security plan in place can help you meet your legal requirements to protect sensitive information. The Federal Trade Commission provides helpful guidelines to take into consideration when conducting your risk assessments and controls evaluation. This this document from the Bureau of Consumer Protection Business Center also provides information on how a business can protect information.


[{Protect Yourself}]Protect Yourself - Always bear in mind that security does not stop or start with the technology alone. The majority of security issues can be prevented by simply using common sense.

  • If you get an email, phone call, or text alert about an account, don’t respond before you verify that it’s legitimate. It is best to verify by initiating a call to Cy-Fair Federal Credit Union at 281.890.7676 before responding to any communication.

  • Use strong passwords that are hard to guess, and never share them with anyone. Our recommendation includes the following:

  • Use at least one number in your password

  • Use at least one CAPITAL letter in your password

  • Use at least one symbol or special character in your password

  • It is recommended that your passwords be a minimum of 12 characters in length. For highly confidential sites or information, we recommend 15 characters.

  • Many of the precautions taken to protect mobile devices are the same as those for desktop computers. Devices should be password protected, and programs should only be downloaded and installed from trusted sources.

Members’ Rights and Liabilities - There are several federal regulations which may protect victims who incur unauthorized or fraudulent transactions on their accounts. The victim’s rights and liabilities for the fraudulent or unauthorized transaction depends on the type of transaction, the amount of time it took to notify the Credit Union of the fraudulent transaction, and whether the victim was a consumer or a business.

Consumer Accounts - For a consumer, certain protections are provided under Regulations E and Z for fraudulent or unauthorized transactions. The protections are dependent on numerous factors, including the type of transaction.

Some of the types of transactions that are covered by Regulation E include the following:

  • Point-of-sale (POS) transfers;

  • Automated teller machine (ATM) transfers;

  • Direct deposits or withdrawals of funds;

  • Transfers initiated by telephone;

  • Transactions where a check, draft, or similar paper instrument is used as a source of information to initiate a one-time electronic fund transfer from a consumer’s account; and

  • Transfers resulting from debit card transactions, whether or not initiated through an electronic terminal.

Likewise, there are other transactions which are not covered by Regulation E and are not given the same protection as the transactions listed above. Transactions that are not covered by Regulation E include the following:

  • Checks;

  • Check guarantees or authorizations;

  • Wire or other similar transfers;

  • Securities and commodities transfers;

  • Automatic transfers by the Credit Union resulting from an agreement between the member and the Credit Union in which the Credit Union initiates individual transfers without a specific request from the member; and

  • Telephone-initiated transfers including any transfer of funds initiated by a telephone communication between the member and the Credit Union that does not take place under a telephone bill-payment or any other written plan in which periodic or recurring transfers are contemplated.

Additional protections may also be provided by MasterCard® as well.

Business/Commercial Accounts - Unfortunately, business accounts are not provided the same protections as consumer accounts under Regulations E and Z. Rest assured, however, that the Credit Union will still investigate any fraudulent or unauthorized business transaction thoroughly and in a timely manner. While business accounts may not have the same protections under Regulations E and Z, MasterCard may still offer some protections to these accounts.