Cyber Security Center 

Card Compromise FAQs

What is a compromised card?

A compromised card is an ATM/debit/credit card that is at risk of fraudulent activity because an unauthorized individual or individuals may have obtained the card information. By notifying members when we discover a potential compromised card, we take every precaution to ensure your account is handled with the highest level of safety and security. Receiving a compromised card letter does not mean fraudulent activity has occurred on your account.

How can a card become compromised?

Card skimming can occur when a skimming device is inserted or attached to an ATM or card reader. The device records the information from cards until it is removed. The data is used to produce counterfeit cards.

Does this mean there is fraud on my account?

Not necessarily. If you receive a compromised card letter it does not mean that fraudulent activity has occurred on your account. It could mean that your card information could have been compromised. Be sure to review your monthly statements and verify your daily transactions using Online Banking or the Mobile App.to make sure there is no fraudulent activity.

What do I need to do if I discover fraud on my account?

Call TAPCO immediately at 1.800.345.7183. You will need to submit a fraud form to report any unauthorized transactions.

Will I be receiving a new card?

Yes, your card will be replaced for precautionary measures to prevent potential fraudulent usage.

What if I do not want my card blocked?

Fraudulent activity may occur if the card is not blocked. While many members do not experience fraud when a compromised card is reported, the risk of exposure still exists if the cards are not blocked. Although it is an inconvenience to have your compromised card blocked, to protect our members and avoid losses it is still necessary.

How long will it take to receive my new card?

You will receive your replacement card within 7-10 business days. Your PIN will be mailed separately. You may receive an instant replacement at any branch location, excluding the Frederickson Branch.

Will my PIN number change along with my card number?

Yes. The new card number will have a new randomly generated PIN number that will be mailed to you separately. This is done in order to protect your privacy and ensure that your personal PIN number was not included in the compromise. You may also change your PIN once the new PIN is received by calling 1.866.762.0558.

What happens if I do not receive my replacement card within 10 business days?

Please contact TAPCO at 1.800.345.7183 so that we can check on the card status immediately.

What is the next step when I receive my new card?

Please destroy (shred/cut up) the old compromised card. Activate your new card by calling the phone number on the sticker on the front of the card.

What if I have preauthorized debits scheduled with my compromised card?

If you have preauthorized charges that are made to your current card, contact the merchant(s) immediately upon receipt of your replacement card, and provide them with your new card number and expiration date.

There are other joint/authorized users on my account, does this affect their cards too?

For every account, each cardholder has a different card number, so it will not impact joint/authorized users unless their individual card has also been compromised. If their card has also been compromised, they will receive a similar notification.

Is there a charge for the new card?

As a courtesy to our members, under these circumstances, we do not charge the normal card replacement fee.

Can this information be used to steal my identity?

The information encoded on the compromised card pertains strictly to the card, potentially including the name, card number, and expiration date. Confidential information such as Social Security Numbers, driver’s license numbers, addresses and dates of birth are not stored on the card.

Is there anything I can do to ensure that fraud does not occur on my card?

While some compromises are unavoidable, it is important to always know where your card is. If lost or stolen, please call TAPCO immediately at 1.800.345.7183. Never write your PIN on the card or carry the written PIN with you. Use Online Banking or the Mobile App to monitor your account activity on a regular basis and call TAPCO if you see anything suspicious.

Why are the details of card compromise kept confidential?

Once TAPCO is aware of a potential card compromise, an investigation begins immediately. TAPCO works with the card processor, Visa, merchants and law enforcement to limit exposure. It is imperative details remain confidential in order to not impact the investigation.

Stimulus Check Scams

We know there’s been a flood of information and updates about the government’s economic impact (stimulus) payments. Quickly and safely moving massive amounts of money into the hands of those who need it is a big job with a lot of moving parts.

We also feel the more you know about the process, the less likely you’re going to be tripped up by calls, text messages, or emails from scammers trying to steal your money or personal information.

Here’s what you need to know about the stimulus payments and how to avoid scams related to these payments.

Who will get money?

Adult U.S. residents that meet established income limits are eligible to receive money from the government. This includes:

• Taxpayers – people who filed a federal tax return for 2018 or 2019.
• Retirees – people who get Social Security, Railroad, or other retirement benefits.
• Beneficiaries – people who get public benefits like SSDI, disability, or veterans’ benefits.
• Non-filers – people who do not have to file a federal tax return, including people who made no income or made less than $12,200 (or $24,400 for married couples).

How will funds be distributed?

Most people don’t have to do anything to get their money because the IRS will use the same payment method – direct deposit, Direct Express debit card, or paper check – used to send you your tax refund, Social Security, retirement, or other government benefits money. If the IRS doesn’t have your direct deposit information, you can go to the “Get My Payment” feature at irs.gov/coronavirus and let them know where to send your direct deposit.

If you don’t usually file a tax return, go to irs.gov/coronavirus to access the “Non-filer” portal and to figure out what, if anything, you have to do to claim your money.

To check on the status of your payment, you can now use the “Get My Payment” feature at irs.gov/coronavirus.

Avoiding Coronavirus Stimulus Payment Scams

Scammers are using these stimulus payments to try to rip people off. They might try to get you to pay a fee to get your stimulus payment. Or they might try to convince you to give them your Social Security number, bank account, or government benefits debit card account number.

Four Tips for Avoiding a Coronavirus Stimulus Payment Scam

• Only use irs.gov/coronavirus to submit information to the IRS – and never in response to a call, text, or email.
• The IRS won’t contact you by phone, email, text message, or social media with information about your stimulus payment, or to ask you for your Social Security number, bank account, or government benefits debit card account number. Anyone who does is a scammer phishing for your information.
• You don’t have to pay to get your stimulus money.
• The IRS won’t tell you to deposit your stimulus check then send them money back because they paid you more than they owed you. That’s a fake check scam.

Report scams to the Federal Trade Commission at ftc.gov/complaint.

TAPCO is here to help – if you have questions, don’t hesitate to reach out to the Member Contact Center at 253-565-9895 (or 1-800-345-7183).

Grandparent Scams

Grandparent scams can take a new twist – and a new sense of urgency – in these days of coronavirus. Here’s what to keep in mind.

In grandparent scams, scammers pose as panicked family members in trouble, calling or sending messages urging you to wire money immediately. They’ll say they need cash to help with an emergency – like paying a hospital bill or needing to leave a foreign country. They pull at your heartstrings so they can trick you into sending money before you realize it’s a scam. In these days of Coronavirus concerns, their lies can be particularly compelling. But we all need to save our money for real family emergencies.

So, how can we avoid grandparent scams or family emergency scams? If someone calls or sends a message claiming to be a grandchild, other family member, or friend desperate for money:

• Resist the urge to act immediately – no matter how dramatic the story is.
• Verify the caller’s identity. Ask questions that a stranger couldn’t possibly answer. Call a phone number for your family member or friend that you know to be genuine.
• Check the story out with someone else in your family or circle of friends, even if you’ve been told to keep it a secret.
• Don’t send cash, gift cards, or money transfers – once the scammer gets the money, it’s gone!

For more information, read Family Emergency Scams. And if you get a scam call, report it to the FTC at ftc.gov/complaint.

Small Business Fraud 

If you own a small business or work for one, you’ve seen the headlines about financial relief that may be available to some companies through the Small Business Administration (SBA). You’ve also likely heard about scammers who extract a grain of truth from the news and distort it in an effort to cheat small businesses. Now more than ever, it’s critical for small businesses to go straight to the source for accurate information about what’s happening at the SBA. That source, of course, is the Small Business Administration’s dedicated page.

The SBA’s Coronavirus Small Business Guidance & Loan Resources page offers the latest information about the Paycheck Protection Program, Economic Injury Disaster Loans, Loan Advances, SBA Debt Relief, and SBA Express Bridge Loans. Yes, there are legitimate business groups and financial institutions sharing information, too. But given the number of fraudsters out to make a quick buck with bogus websites and phony emails, your safest bet is to go straight to the SBA by carefully typing the URL sba.gov/coronavirus into the address bar at the top of your browser.

Here are more tips to help you avoid scams targeting small businesses.

• Scammers often mimic the look and feel of legitimate email. You’ve heard warnings for years about email phishing attempts. Fraudsters have upped their game in response. They’ve been known to copy logos of financial institutions and government agencies, including the SBA, and use wording that sounds familiar. They also manipulate email addresses so that a message looks to be from a legitimate source – but isn’t. That’s why it’s dangerous to respond to those emails. Instead, go directly to the SBA site.
• Don’t click on links. Say you get an email that says it’s from your bank or a government agency. Don’t click on any links. It could load malware onto your computer. If you think you may need to respond, pick up the phone and call the office directly, but don’t use a number listed in the email. That could be fake, too. Instead, search online for a genuine telephone number or call your banker using the number you’ve always used. Yes, now is a good time to keep in close contact with your financial institution, but employ the same established lines of communication you used before COVID-19 became a concern.
• Be suspicious of unsolicited phone calls. Some scammers may try the personal approach by calling you and impersonating someone from a financial institution or government agency. Don’t engage in conversation. If you think you may need to respond, call using a number you know is legit.
• Watch out for application scams. Some small businesses report they’ve received unsolicited calls or email from people claiming to have an inside track to expedite financial relief. The people contacting them may charge upfront fees or ask for sensitive financial information – account numbers, tax IDs, Social Security numbers, and the like. Don’t take the bait. It’s a scam. Applying for a loan was a step-by-step process before the Coronavirus crisis and it’s a step-by-step process now. That’s why the SBA’s sba.gov/coronavirus site is the safest place for you to start.
• Alert others to Coronavirus relief check scams. Most people have read the news about Coronavirus relief checks that many Americans may receive. The FTC Consumer Blog has advice about spotting relief check scams. Share the tips with your co-workers, family, and social networks.

If you spot a potential Coronavirus-related scam, report it to the FTC at ftc.gov/complaint.

Secure Password Tips

TAPCO Credit Union will NEVER ask you to reveal your online banking password. You should not reveal this password to any one.

Create a unique password for all the different systems you use. If you don’t, then one breach leaves all your accounts vulnerable.

Never share your password over the phone, in texts, by email, or in person. If you are asked for your password, it’s probably a scam.

Use unpredictable passwords with a combination of lowercase letters, capital letters, numbers, and special characters.

The longer the password, the tougher it is to crack. Use a password with at least eight characters. Aim for a password that is both complex and long. A six-character, lowercase password takes five minutes to break; one with eight characters takes two months. A six-character password with numbers and symbols takes less than nine days to break; one with eight characters takes nearly 20,000 years. You get the idea!

Avoid using obvious passwords such as:

• your name
• your business name
• family member names
• your user name
• birthdates
• dictionary words

Obey these password commandments:

• Don't use your Social Security number, phone number, birth date, first and last names or your user ID when creating a strong password.
• Don't use the same password on multiple sites, reuse passwords, or use variations of the same password.
• Ideally, each of your passwords should be unique.
• Avoid storing your passwords in unencrypted electronic files, like the notes app on your phone. Instead, write them down and store them in a safe place.

Choose a password you can remember without writing it down. A strong password should be based on something you can remember but that would be difficult for a hacker to guess. Stay away from well-known phrases, quotes or song lyrics. Start with a sentence such as "I live for boating!" and transform it to "ILv4Btng!" Or string a series of random words together to create a strong password like this: "wizardboWLingchicKeN."

Following these tips can help you create stronger passwords that are tough for hackers to break—and help protect your identity.

Mobile Security Tips

• Configure your device to require a passcode to gain access if this feature is supported in your device.
• Avoid storing sensitive information on your mobile device. Devices are easily stolen. If sensitive data is stored then encryption should be used.
• Keep your mobile device’s software up-to-date. Mobile devices are small computers running software that needs to be updated just as you would update your PC. Use the automatic update option if one is available.
• Review the privacy policy and data access of any applications (apps) before installing them.
• Disable features not actively in use such as Bluetooth, Wi-Fi, and infrared. Set Bluetooth-enabled devices to “non-discoverable” when Bluetooth is enabled.
• Delete all information stored on a device before the device changes ownership. Use a “hard factory reset” to permanently erase all content and settings stored on the device.
• “Sign out” or “Log off” when finished with an app rather than just closing it.

Online Security Tips

• Never click on suspicious links in emails, tweets, posts, nor online advertising. Links can take you to a different website than their labels indicate. Typing an address in your browser instead of clicking a link in an email is a safer alternative.
• Only give sensitive information to websites using encryption so your information is protected as it travels across the Internet. Verify the web address begins with “https://” (the “s” is for secure) rather than just “http://”. Some browsers also display a closed padlock.
• Do not trust sites with certificate warnings or errors. These messages could be caused by your connection being intercepted or the web server misrepresenting its identity.
• Avoid using public computers or public wireless access points for online banking and other activities involving sensitive information when possible.
• Always “sign out” or “log off” of password protected websites when finished to prevent unauthorized access. Simply closing the browser window may not actually end your session,
• Be cautious of unsolicited phone calls, emails, or texts directing you to a website or requesting information.

Malware

Scam artists try to trick people into clicking on links that will download malware and spyware to their computers, especially computers that don't use adequate security software. To reduce your risk of downloading unwanted malware and spyware:

• Keep your security software updated. At a minimum, your computer should have anti-virus and anti-spyware software, and a firewall. Set your security software, internet browser, and operating system (like Windows or Mac OS) to update automatically.
• Instead of clicking on a link in an email, type the URL of the site you want directly into your browser. Criminals send emails that appear to be from companies you know and trust. The links may look legitimate, but clicking on them could download malware or send you to a spoof site designed to steal your personal information.
• Don’t open attachments in emails unless you know who sent it and what it is. Opening attachments—even in emails that seem to be from friends or family—can install malware on your computer.
• Download and install software only from websites you know and trust. Downloading free games, file-sharing programs, and customized toolbars may sound appealing, but free software can come with malware.
• Minimize "drive-by" downloads. Make sure your browser security setting is high enough to detect unauthorized downloads. For Internet Explorer, for example, use the "medium" setting at a minimum.
• Use a pop-up blocker and don't click on any links within pop-ups. If you do, you may install malware on your computer. Close pop-up windows by clicking on the "X" in the title bar.
• Resist buying software in response to unexpected pop-up messages or emails. especially ads that claim to have scanned your computer and detected malware. That's a tactic scammers use to spread malware.
• Talk about safe computing. Tell your kids that some online actions can put the computer at risk: clicking on pop-ups, downloading "free" games or programs, opening chain emails, or posting personal information.
• Back up your data regularly. Whether it's text files or photos that are important to you, back up any data that you'd want to keep in case your computer crashes.

Detect Malware

Monitor your computer for unusual behavior. Your computer may be infected with malware if it:

• slows down, crashes, or displays repeated error messages
• won't shut down or restart
• serves up a barrage of pop-ups
• displays web pages you didn't intend to visit, or sends emails you didn't write

Other warning signs of malware include:

• New and unexpected toolbars
• New and unexpected icons in your shortcuts or on your desktop
• A sudden or repeated change in your computer's internet homepage
• A laptop battery that drains more quickly than it should

Get Rid of Malware

If you suspect there is malware is on your computer, take these steps:

• Stop shopping, banking, and doing other online activities that involve user names, passwords, or other sensitive information.
• Update your security software, and then run it to scan your computer for viruses and spyware. Delete anything it identifies as a problem. You may have to restart your computer for the changes to take effect.
• If your computer is covered by a warranty that offers free tech support, contact the manufacturer. Before you call, write down the model and serial number of your computer, the name of any software you've installed, and a short description of the problem.
• Many companies—including some affiliated with retail stores—offer tech support on the phone, online, at their store, and in your home. Decide which is most convenient for you. Telephone and online help generally are the least expensive, but you may have to do some of the work yourself. Taking your computer to a store usually is less expensive than hiring a repair person to come into your home.
• Once your computer is back up and running, think about how malware could have been downloaded to your machine, and what you could do differently to avoid it in the future.

Report Malware

If you think your computer has malware, report it to the Federal Trade Commission. File a complaint at www.ftc.gov/complaint. 

PC Security Tips

Maintain active and up-to-date antivirus protection provided by a reputable vendor. Schedule regular scans of your computer in addition to real-time scanning.

Update your software frequently to ensure you have the latest security patches. This includes your computer’s operating system and other installed software (e.g. Web Browsers, Adobe Flash Player, Adobe Reader, Java, Microsoft Office, etc.).

Automate software updates, when the software supports it, to ensure it’s not overlooked. If you suspect your computer is infected with malware, discontinue using it for banking, shopping, or other activities involving sensitive information. Use security software and/or professional help to find and remove malware.

Use firewalls on your computer or local network to add another layer of protection for all the devices that connect through the firewall (e.g. PCs, smart phones, and tablets).

Require a password to gain access. Log off or lock your computer when not in use.

Use a cable lock to physically secure laptops, when the device is stored in an untrusted location.