Go online with confidence and peace of mind.

Contact Us

staying secure online

Understand online threats and how to avoid them.

Information is everywhere in the digital age, which means you need to be vigilant when it comes to communicating online. Keeping your personal and financial information safe is a necessity to avoid the potentially catastrophic impact of identity theft and fraud.

Safeguard Your Info

Safeguard Your Info

Never share account data

Monitor Accounts

Monitor Accounts

Review account statements regularly

Protect Your Computer

Protect Your Computer

Update firewalls and anti-spyware

Act Immediately

Act Immediately

Contact us if data has been compromised
Firefly already has a few safeguards in place to aid in secure digital banking:
 
  • Secure Socket Layer (SSL) encryption (using highest level of 128-bit) scrambles data during transmission to protect it from being deciphered.
  • Enhanced Login Security for digital banking identifies you as the “owner” of your accounts.
  • If your password or computer isn’t recognized (i.e., you logged in from a public computer or one not used before), you’ll be asked to receive a secure access code (SAC) either via phone call, email, or text to confirm your identity.
Firefly will never contact you to request your member number, username/login ID or digital banking password; if someone does, it’s probably a fraudster. Additionally, we will never contact you and ask for your debit/credit card numbers or PINs. Unless you contact us regarding your account, always refrain from giving this information to anyone attempting to identify themselves as a credit union employee who is trying to verify your account information via phone, text or e-mail.
If you notice suspicious activity within your account or experience a security-related event (such as loss of confidential financial information, compromised PIN or password, know or suspect infection of computer or network by viruses or malware, etc.) please contact us immediately! We will help you with your situation.
 
Avoid clicking links sent to you in emails, text messages, and other online media from unfamiliar sources directing you to any login sites. If you notice our site looks different, or if you see significant spelling and grammar errors, close your browser and call us.
Avoid clicking links sent to you in emails, text messages, and other online media from unfamiliar sources directing you to any digital banking sites. If you notice our site looks different, or if you see significant spelling and grammar errors, close your browser and call us.
Firefly is required to follow specific rules issued by the Consumer Financial Protection Bureau; one of those rules, known as Regulation E or Reg E, covers consumer electronic transactions. It covers all kinds of situations revolving around transfers made electronically.
 
Under the consumer protections provided under Reg E, you can recover online banking losses according to how soon you detect and report them.
 
If you report the losses within two (2) days of receiving your statement, you can be liable for the first $50. After two (2) days, the amount you can be liable for increases to $500. After sixty (60) days, you could be liable for the full amount. Details on your rights and obligations regarding electronic transfers are contained in our Privacy & Disclosures.  
 
In addition, your account statement includes information on how to report errors or make inquiries about an electronic transaction.
 
For business accounts, Reg E consumer protections do not apply; so it is important for business owners who use online services to use enhanced controls that include:
  • conducting periodic assessments of internal controls;
  • use layered security for system administrators;
  • initiating enhanced controls over high-dollar transactions; and
  • providing increased levels of security as transaction risk increase.
  • Protect yourself and your sensitive information by accessing digital banking only from your own devices to avoid unsafe settings or viruses.
  • Verify the connection to the site is secure by confirming the URL starts with https:// (the "s" means secure).
  • You should see a small yellow padlock icon on the bottom status bar, too; if either of these are not found, contact the financial institution.
  • Don’t use email or text links asking for verification. Forward those to the financial institution if you receive them.
  • If something seems off, close the browser and call the financial institution.
  • Create strong, complex passwords for all of your online accounts, especially those containing sensitive information like your online banking account.
  • If you think you may have visited a website with malware or if you think your computer may be infected with a virus, do not access your digital banking or other sensitive logins until you have scanned your computer and know it is clean and virus-free.
Wireless connectivity has increased the ability for others to gain access to networks, or even access information on your computer. Here's how to secure your network:
 
  • Make sure your router is encrypted, make your router’s identifier unique, and set a strong password.
  • Turn off identifier broadcasting. Most wireless routers have a mechanism called identifier broadcasting. This is how you see a list of nearby wireless networks when connecting to Wi-Fi.  You do not need to broadcast this information. You can instead disable the identifier broadcasting mechanism if allowed by your wireless router and connect manually with the SSID name, which can be found on your router.
  • Use Anti-virus and anti-spyware software paired with a firewall will help safeguard your system from being accessed.
  • Allow only specific computers to access your wireless network. Every computer that is able to communicate with a network is assigned a unique Media Access Control (MAC) address. Wireless routers usually have a mechanism to allow only devices with particular MAC addresses access to the network. Hackers can mimic MAC addresses, so do not rely on this step alone.
  • Turn off your wireless network or your wireless adapter at times when you know you will not use it.
Public Wi-Fi and computers allow us to remain connected almost everywhere; however, they can create security vulnerabilities. Use the following tips to stay safe:
 
  • Do not assume that public "hot spots" are secure. Many caf├ęs, hotels, airports, and other public establishments offer wireless networks for their customers' use. These "hot spots" are convenient, but they are typically not secure. Ask the owner what security measures are in place.
  • Be wary about sending or accessing information from a public wireless network. To be cautious, you may want to assume that other people can access any information you see or send over a public wireless network. Unless you can verify that a hot spot has effective security measures in place, it may be best to avoid sending or receiving sensitive information over that network.
  • Look out for "shoulder surfers" who will try to watch you type your password, and never leave your laptop or device unattended.
  • Avoid checking any financial account information or sensitive personal information on a public computer or public Wi-Fi network.
  • If you are unable to use your own electronic device or home network to access sensitive information, see if you can use a friend or relative's computer before you resort to using one at a public place.
  • If you use a public computer, make sure your login is secure.
  • After using a public network, use your home computer to change the password on any accounts that you accessed from the public systems to help safeguard your information
  • Monitor accounts you accessed on the public computer for the next few weeks for unauthorized access.
Because of today’s technology, shopping online is easy. Here's how to do it safely:
  • Know from whom you are buying by getting contact information from the seller and checking with the Better Business Bureau to verify there are no complaints logged against them. Not every retailer you see online, especially those on social networking sites like Pinterest, is legitimate.
  • Review the online retailer’s privacy statement before entering your personal information. If there is no privacy policy, expect that all your information will have no safeguard, and consider going to another seller.
  • Before purchasing, look for signs of encryption to make sure your transaction is secure, and be aware of how the transaction is conducted.
  • Never provide your sensitive information via email to the seller.
  • Confirm that the seller has a return policy. Also determine if you are responsible for shipping and handling if you do need a return and if there are restock fees. Read all the fine print for warranty and service information regarding your purchase as well.
  • Know exactly what you are buying, how much it will cost. Understand the seller's description of the product and read all the fine print. If it sounds too good to be true, it probably is! Factor in all charges, including shipping and handling. Be sure to comparison shop other sites to validate the cost.
  • Be careful when contributing to a crowdfunding campaign. Do your research before making any payments to avoid being scammed by the creator of the page.
  • Pay with a credit card in case you want to dispute charges for goods you never received, ordered, or that were misrepresented to you.
  • Print and save records of all online transactions and the associated details.
If you have problems with an online shopping transaction, try to reach a resolution directly with the seller of the product or director of the auction site. If you can’t resolve the issue, contact and file a complaint with one or more of the following:

At times, individuals try to mimic legitimate sites to gather personal information for fraudulent use. Guard yourself by understanding what to look for when visiting websites. Extended Validation (EV) certificates are an authentication method that shows you are visiting a legitimate website. With an EV certification, it's more difficult for an imposter site to appear authentic.

When you visit sites through an EV-supported browser, your address bar may change colors to indicate its security level. A green bar notes that Firefly, for example, controls the site you’re visiting. A yellow or red bar means there may be a problem validating the site. The lock icon on your browser also will indicate encryption is in place for your safety.

Voice Over Internet Protocol (VoIP) is a method for converting audio signals, such as the kind you hear when you talk on the phone, and turning them into digital data that can be transmitted over the Internet.

As VoIP becomes more popular, users need to be aware of the security threats in order to maintain good phone service and minimize vulnerabilities. As with computer and internet security practices, VoIP users must take the proper precautions to ensure their voice communications are safe and provide the cost savings they expect. To secure your systems against potential threats, employ the following security measures:

  • Follow the tips on creating passwords on our Electronic Device Security page when setting up both your username and password on VoIP accounts (e.g. Skype and Google Voice)
  • When selecting a VoIP provider, ensure that they take security precautions and use high-tech firewall installations on their hosted VoIP equipment.
  • Install anti-virus programs on your own computer and keep them updated.
  • Make sure that your VoIP application is using the most recent software update or security patch. The same goes for any VoIP routers, switches and firewalls. Check for these update these on a regular basis. See the vendor website for each product as needed.
  • Check your billing statement with care as unusually high charges may signal a hacker may be committing toll fraud on your account.
  • Be highly suspicious of messages directing you to call and provide credit card or bank account numbers.
  • Verify the connection to a site is secure by confirming the URL starts with https:// (the "s" means secure). You should see a small padlock icon on the address bar, too; if either of these are missing on any site that holds your sensitive information (like who you bank with or an online retailer), contact the company.
  • Don’t use email or text links asking for verification unless you have triggered them to be sent (i.e., when you create an account on a website).

Let's discuss more details about eSecurity.

Contact Us

Your go-to Minneapolis-St. Paul credit union.


Firefly CU is the Minnesota credit union that offers full banking services and ATM access for your convenience. We'll help you open new accounts and loans, apply for mortgages, access wealth management services and strengthen your business with the right solutions.