The Rock Building Society Limited
Search


Fraudulent Behaviour

  1. Phishing and Internet Banking
  2. Identity Theft
  3. Cheque Fraud
  4. Debit Card Fraud
  5. I-Bank Access

Phishing and Internet Banking

  1. ‘Phishing’ is the term used to describe the wide net cyber-spammers use to generate messages asking recipients to reveal personal details or depicting an urgent scenario, offer or event to entice them to click a link. Links can contain dangerous payloads which can not only upload dangerous code to computers but capture personal details.

  2. Some banking websites have been ghosted or ‘spoofed’ in the past to appear as if they are a real site, you should always check for the https in the address which denotes you are at a secure site. If the site looks strange or different in any way disconnect and report to us immediately.

  3. If you receive an email message from a sender unknown to you or with content unknown - delete it immediately including deleting it permanently from deleted items.

  4. Perpetrators will use immediate alerts or urgent response mechanisms to entice you to reveal details, always confirm any message reportedly from your banking provider with them BEFORE responding even if the message is headed urgent or stresses your banking links or cards will be rendered inactive.

  5. Do not use public access internet terminals to conduct internet banking or another source where you cannot verify virus protection is current and firewalls are installed.

  6. Email spam messaging can contain dangerous payloads in the form of computer viruses that capture personal banking details. If you suspect you have had this occur or suspect your details may have been compromised you should tell us immediately.

  7. If you suspect your personal banking details have been compromised you should discontinue using internet banking until you have contacted us to reset your password and verified with you all recent transactions.

  8. You should change your internet banking password regularly and install firewalls, anti-spy-ware and virus protection ensuring you always run ‘live updates’. There are many different types of vendor programs, information is available from Internet Association of Australia at http://www.iia.net.au/ on various programs and vendors.

  9. There is also a government website which features a wide range of information on all types of internet fraud and how to prevent becoming a victim. The site can be found at http://www.staysafeonline.gov.au

While The Rock Building Society has not been the target of such criminal activity, we are alerting our clients to the possibility of such scams. The Rock Building Society will NEVER ask you, via email, or telephone, or any other way to divulge your internet banking Access Password.

Your internet banking Access Password is like a PIN for an ATM card - it controls access to your account(s) and should never be revealed to anyone.

Account Aggregation Services

There are a number of financial services and portal sites who offer you the convenience of displaying all of your account details on your own personalised web page. These sites need your client number and access password to your Rock accounts so that they can interrogate our system and display your details back to you.

The Rock can take no responsibility for unauthorised transactions that may arise as a result of you disclosing your client number and access password to other parties. It is your risk if you give your access password to an account aggregation service.

^ Back to top

Identity Theft

Identity theft is fast becoming a major issue for Australian financial institutions and their customer’s funds.

Identity Fraud can take many forms, it can be perpetrated in a number of ways including

  1. Take-over of a valid identity of a customer using valid channels such as Internet banking, Telephone banking, bill payments, account opening, lending applications via remote sources and changing customer contact details.

  2. Theft of a valid identity and attempt to open an account in the customer’s name using the stolen and sometimes altered documentation

In dealing with possible identity theft issues, The Rock may have to ask for additional proof of identity for certain types of transactions and although this process may cause some inconvenience for the customer, it is an essential action The Rock must take to protect the customer’s funds.

Some of the requests that may require heightened proof of identity include:-

  1. Almost all non face-to-face requests (phone, email, fax etc)

  2. Requests to change address (may also require other proof of this change)

  3. Third party introduced lending and account applications where original documents have not been sighted by the individual institution

  4. Requests for issue of debit card or internet/phone banking access (particularly over the phone)

How to avoid identity theft

  1. Never carry your identification documents such as your birth certificate or passport in a wallet, case or handbag unless you need them

  2. Ensure you retain personal tax records and other financial documents such as statements and receipts in a secure place.

  3. Destroy or delete your tax file number (TFN) from any documents before throwing them away never quote or give out your TFN unless there is a good reason- completing a government tax form or opening an account

  4. Never leave documents such as registration papers, expired drivers' licences, utility bills or spare house keys in the glove box of your car (even locked) as these are all items a would be thief can use to steal your identity

  5. Receipts and other personal information should never be disposed of unless shredded or destroyed

  6. Identity thieves will search through bins for your personal information. Always ensure that documents disclosing your credit card number are destroyed

  7. Install appropriate anti-virus and anti-spy ware controls on your home computer and in addition run live updates to ensure use of latest version

  8. Public computers or sharing a friend’s can be dangerous as PINs and passwords can be captured by criminals and be used to steal funds

  9. Try to select passwords you can remember but that will be hard for a thief to guess if your details are stolen, having separate passwords spreads the risk whereas one password for all means all may be compromised

  10. Always have a locked mailbox to send and receive mail or use a post office box.

  11. Ensure your mailbox is big enough to take large articles so that they can’t fall out or easily be taken

  12. Be alert to when your account statements should arrive and card expiry dates and always advise your financial institution immediately if an expected new or reissue credit or debit card or PIN mailer has not arrived

  13. If you suspect mail theft, contact the post office to confirm that your mail has not been redirected to another address

  14. Never reveal personal or account information over the telephone unless you are absolutely certain the person is genuine and YOU initiated the phone call

  15. Identity thieves sometimes trick you into providing your credit card number by claiming that you have won a competition or a holiday- don’t let this fool you

  16. If you photocopy proof of identity documents, keep them in a safe place.

  17. If you suspect you may be a victim of identity fraud, contact all financial institutions you do business with immediately. Keep records of persons you have spoken to, lodge a report with police and advise your credit reporting agency as soon as possible

  18. Check all your statements and account details regularly following any suspected incident and immediately report to the police and The Rock institutions any instances of misuse of your personal information

Protecting your business or organization from identity theft and fraud

  1. Staff training in detection and prevention of identity fraud is crucial both to assist them to recognise potential signs and understand what to do.

  2. Practice a clean desk policy, ensuing that all customer records and similar are locked away each evening

  3. Ensure that all information on laptops, disk drives and portable storage devices is either encrypted or password protected

  4. Use a locked bag or post office mailbox, identity thieves can steal and alter incoming cheques from customers

  5. Account department validation of all accounts including any online services should be performed daily and regular audits performed on access controls

  6. Ensure you have facilities for secure destruction of sensitive information and never throw customer details into the rubbish

  7. Never divulge customer information to anyone and ensure staff are well trained in privacy legislation and requirements

  8. Law enforcement and government agencies may approach you to request records of customer accounts are produced. Always ensure you check on the legitimacy of the document and if necessary call the issuing department

  9. Tasking your external and internal auditors to regularly review items such as accounts, debtors and customer details can assist to reveal incidents of internal fraud. Ensure early action on any triggers or red flags especially with items such as dormant accounts, statement cycle manipulations or similar

  10. Always practice robust pre-employment screening of your staff – permanent, temporary and contractors

  11. Practice a zero tolerance to fraud by reporting all suspected frauds to the police

^ Back to top

Cheque Fraud

Cheque fraud has for many years been a popular mechanism for criminals to access bank account funds. There are some simple measures that you as a customer can undertake to mitigate the risk of this activity.

Business Cheque Accounts

Business cheque accounts are particularly vulnerable due to the often high balances and activity. Some precautions that should be taken include:-

  1. Reconcile accounts regularly – online daily if possible. This then reduces the time elapsed between discovery of any anomalies, perpetration of any fraud and informing the credit union. This generally will minimise the loss or potential loss.

  2. Only mail cheques to trusted addresses including locked boxes, Post Office boxes (not including street front private boxes).

  3. Ensure no gaps in words or numbers when cheques are drawn.

  4. Secure all blank cheque forms, especially at daily close of business, and restrict access to vetted employees.

  5. Report immediately to The Rock any instance where cheques sent out appear to have been Not Received, Intercepted (or NRI) and ensure appropriate stop payment instructions are provided to The Rock.

Personal Cheque Accounts

  1. All the above (for Business Cheque Account Customers), especially personal safeguard of cheque books at all times – avoid leaving in cars and generally visible to others eg. on office desks, in unlocked drawers, cupboards etc.

  2. Regularly reconcile and report anomalies

  3. Make mental note of when the ‘trigger’ cheque is written – the one that will initiate despatch of a new cheque book – and keep alert for its arrival in the mail.

^ Back to top

Debit Card Fraud

Your debit card (“CashCard”) that is used for ATM withdrawals and EFTPOS transactions is a highly valuable item requiring careful attention to the safety of the card and particularly the PIN (Personal Identification Number) that allows access to these funds.

We offer some valuable advice for their safeguarding

  1. Keep a separate record of the card number, expiration date, and The Rock’s lost and stolen cards hotline 1800 639 419 so you can provide these details in the event the card is lost or stolen. This should be done immediately.

  2. Cut up old cards before disposing of them to ensure they cannot be used again.

  3. Carefully check that EFTPOS transaction amounts are correct before entering your PIN to authorise the transaction.

  4. Regularly check transactions on our internet banking facility and compare the listed transactions with their receipts, looking for questionable transactions or sudden changes in balance.

  5. Criminals can initiate transactions on a cardholder’s account by fraudulently obtaining the card data and PIN. This is usually done without the cardholder’s knowledge. To reduce the incidence of this type of fraud, cardholders need to be vigilant at ATMs.

  6. Watch for “shoulder surfing” (ie the practice of looking over cardholders’ shoulders while they are entering their PIN)

  7. Keep the card in your sight at all times and only allow the “swiping” on the EFTPOS terminal. Card “skimming” out of sight can lead to personal details being compromised.
    (Note however that your PIN is NOT stored on your card)

PINs (Personal Identification Numbers)

It is imperative that each PIN is kept secure and known only to the cardholder. The following measures will assist in preventing the PIN falling into the wrong hands.

  1. You can change your PIN to a personally-selected number at any Rock ATM or branch and we encourage you to do this regularly.

  2. Ensure PINs are of sufficient length to make it difficult for anyone to derive them through calculation or guesswork.

  3. Do not make them your or a family member’s birthday (even if the numbers are not in order) or part of your phone or car registration number or address.

  4. Memorise your PIN – it should never be written down.

Please note:- For your protection, cards are disabled after 3 consecutive invalid PIN attempts and are not re-enabled until you are properly identified by Rock staff.

See section 6 of our Terms & Conditions for other essential details of your responsibilities in relation to card usage.

^ Back to top