Keeping You and Your Accounts Safe

Print

Provident Credit Union is committed to the safety of our members' information and accounts. With over 60 years in business, Provident has earned a reputation for absolute safety and soundness.

Provident's Security Policies & Procedures 

Provident Credit Union has instituted a number of policies and procedures designed to keep your information and funds safe and secure, and we make sure these policies and procedures are strictly followed by all Provident staff involved.

Our Web Site

We do not require you to identify yourself when visiting our Web site at providentcu.org. We will only ask you to identify yourself if you are contacting us, requesting information, applying for or enrolling in Provident products or services, participating or enrolling in online banking, reserving a spot at a seminar, signing up to view a Webinar, and other specific activities where we need to know who you are in order to satisfy your needs. Provident is very interested in hearing from our visitors about their experience when visiting our Web site or using our online services. You may occasionally be asked to complete a survey, or answer simple questions. Questions may include your opinion about our products and services or performance.

top

Cookies and Online Tracking

Provident records and retains online transactions that users perform through our site, such as those performed within online banking or online loan applications and account opening. This is necessary in order to conduct business and satisfy record-keeping requirements. Information about what pages have been viewed, for how long, and the paths people take through our site is also collected in order to evaluate how the site is being used, so that Provident can make improvements. Mostly this "tracking" information is anonymous and viewed in aggregate, but there are also areas of our site where members are personally identified via a secure sign on, and we retain the information for a limited time in order to help protect Provident and its members from actual or potential fraud, and to be able to assist members who need help. No personally identifying tracking information is shared outside of Provident, except when necessary for law enforcement purposes.

Some of this information collection is accomplished via "cookies" (also known as "http cookies"). Cookies are small bits of data that a Web page may ask your browser to store, so that the same site can read them on subsequent pages or on additional visits to the same page.

Provident uses cookies on our site for measuring the effectiveness of our pages and communication, maintaining an ongoing session state when navigating between pages, as well as for improving the user experience and remembering user preferences. For instance, members can opt to have the site remember their online banking User IDs for easier sign on during subsequent visits. This is accomplished via a cookie stored on the member's computer, which in later visits is read by the site in order to pre-populate the User ID field.

Some areas of the Provident site will not work correctly or will be inaccessible without cookies enabled. For instance, online banking requires cookies to help maintain a continuous secure session. We also use cookies as one of the ways we help identify members who have previously signed on from the same computer. With this extra layer of identification (the cookie, plus other general information about the browser and network) Provident is able to streamline the sign on process for members who repeatedly sign on from the same computer.

top

Extended SSL Certificates on Secure Servers

The Provident Web site resides on what is known as "secure servers", which have page location addresses that begin with "https", such as with "https://accountmanager.providentcu.org". On these pages, all information exchanged between the Provident Web server and the your browser is encrypted for more secure and private transmission over the Internet (encryption is a method used to encode the information when it is sent or returned, so that it cannot be read in transit by a third party). This encrypted information exchange includes pages sent from our secure server to the browser for display, passwords and form fields that you enter and submit, and requests for pages that you make by clicking on links.

All "secure sites" using the https protocol require an electronic certificate to enable the encryption and to identify the owners of the site. Provident Credit Union goes further, by using Extended Validation SSL Certificates on its secure sites. These certificates add an extra layer of validation to positively identify Provident Credit Union as the site owner, and not just someone who is fraudulently using Provident's name. This is a way you can check to make sure you are on the real site before entering any private information that fraudsters might otherwise abuse. Most modern browsers will indicate the existence of an Extended Validation SSL Certificate via a color change, and will allow you to view the information in the certificate, including the verified organization name (Provident Credit Union), physical address, and more:

  • If you are using Internet Explorer, the Web location address field of your browser will turn green when you visit our secure site, and the right side of that field will say "Provident Credit Union" (the right side may be clipped to a limited length, but you can move your mouse over it to see the whole name). To see the certificate information, click on the padlock icon in the address field.
  • When you visit our secure site using Firefox, it will say "Provident Credit Union" to the right of the padlock icon or site icon on the left side of the Web location address field of the browser, and either the icon and that text will turn green, or its background will turn green. To see the certificate information, click on either the icon or Provident name there.
  • In Safari, there will be a green rectangle with rounded corners on the left side of the Web location address field of the browser, where it will say "Provident Credit Union" and have a green padlock icon. To see the certificate information, click anywhere within that green rectangle.
  • In Chrome, there will be a green rectangle with rounded corners on the left side of the Web location address field of the browser, where it will have a green padlock icon, and say "Provident Credit Union". To see the certificate information, click anywhere within that green rectangle.

top

Firewall

Provident Credit Union has taken a layered approach to security, and our firewall is one of those layers. The firewall blocks unauthorized access to our network and computing environment, by limiting what traffic is allowed to flow in and out of our network. Provident also uses intrusion detection software to detect unusual network activity and automatically block attacks that might still take place inside the firewall. On computer systems operating inside the firewall, private data is securely encrypted and password protected, following best practices for maintaining strong passwords that are changed periodically. Password access to secure data is limited to those Provident employees who need the access to perform their job duties, and access is logged and audited.

top

Privacy Policy

Provident's official privacy policy can be accessed any time, by clicking on a Privacy link at the bottom of almost every page of our site.

top

Children's Online Privacy

Children accessing the Internet are potentially exposed to inappropriate Web sites and unnecessary risks. Parents are encouraged to limit Web site access to their children by installing filtering software. COPPA, the Children's Online Privacy Protection Act, protects children under the age of 13 from the online collection of personal information. The Provident Web site is not intended to attract anyone under 13, and we do not link to other sites that we believe to be inappropriate for that age. Provident does not intentionally collect information from our Web site from those we know are under the age of 13. More information about COPPA may be found at the Federal Trade Commission's web site for children's privacy.

top

Provident is not responsible for the information practices employed by sites linked to or from our Web site. Provident provides links on its site to partner sites we have contracted with, in order to offer useful additional online services to Provident members. As a convenience to our members, we also provide links to other unaffiliated Web sites, with information and services that we think you may find useful. When you click on a Provident link to a third party site, Provident displays a message to make it clear that you are leaving the Provident site to go to another site that may have different privacy policies and/or security standards than Provident.

Provident also integrates some third-party content within its site without warning messages. For this to happen, however, Provident first undergoes an extensive security review with that third party, to ensure that they are rigorously protecting the privacy and security of any member information that they may store, and to ensure that they only collect and store the minimum amount of data needed for them to provide online services to members. These security reviews are repeated annually to ensure that the third party remains in compliance with Provident policies and security standards.

top

Social Security Number Practice

Provident, as required by law, collects Social Security numbers to establish, maintain and service member accounts. Provident’s practice is to implement reasonable measures to protect confidentiality, prohibit unlawful disclosure, and limit access to Social Security numbers.

top

Submitting Forms Online

Confidential information you provide via electronic forms from our Web site to Provident is sent in encrypted form. See Extended SSL Certificates on Secure Servers, above, for more details.

top

Sending E-Mail to Provident

There are three ways to send e-mail to Provident securely and privately, and two ways to receive e-mail securely and privately:

Method Send Securely Receive Securely

Contacts page
When not signed on to online banking, accessed via the "Contact" button at the top of the page or the "Contacts" link at the bottom of the page. When you use this page, we can not positively identify who you are, and thus cannot use regular e-mail to answer questions about your account. In order to respond to you securely, we would need to use one of the other methods.

Yes No

Message Center in online banking
When you are signed on to online banking, use the "Message Center" button on the left, the "Contact" button at the top of the page, or the "Contacts" link at the bottom of the page. This is the best way to contact Provident about your account, as it enables secure, two-way communications, along with a message history thread when multiple e-mails are required.

Yes Yes

PGP Encrypted E-Mail
Occasionally Provident may need to send you secure e-mail to your regular e-mail address. When this occurs, you will receive a link PGP Universal Encryption Web site, where you will be able to sign on to be able to read it. Because this is a separate site with a separate passphrase for you to maintain, it is generally easier to use Provident online banking instead for your secure online communication.

Yes Yes

Messages sent to us through regular e-mail is not secure, and could potentially be read by others along the way as it makes its way through the Internet. This is especially true if you are connected to the Internet through a non-secure WiFi connection. We ask you not to send confidential information such as Social Security Numbers, account numbers, or passwords to us via an unsecured e-mail.

Besides the methods described above, you may also contact Provident through the mail, or by calling (800) 432-4600, or by visiting one of our community branches.

top

Online Banking Security 

Provident Credit Union knows that security is important to you when it comes to online transactions, and we take every safeguard to protect your accounts. Provident's online banking supports the latest 128 bit encryption to ensure a secure environment for your account access. Unauthorized access is prevented by limiting the number of incorrect sign on attempts, by automatically ending a session after a prolonged period of inactivity, and more. The safety of your money and information is of primary concern to Provident.

With "Multi-Factor Authentication" we do not rely on a User ID and password alone, but also have complex heuristics that determine if there is anything out of the ordinary about your sign on. If there is, we ask you follow-up questions that only you should be able to answer. Plus, before you enter your password, we show you the picture that you picked previously. In this way, you are assured to be on the real Provident site before you reveal your password. More information about Enhanced Security Sign On

Provident's online banking lets you set a complex User ID and password using numbers, upper and lower case letters, and even punctuation. This greatly decreases the chances that anyone else will ever guess your password. Members are encouraged to use long passwords or pass-phrases, as longer passwords are much more secure and harder to crack.

With our Zero Liability Fraud Protection Guarantee, you can rest assured that in the event your account is compromised, you will not be held accountable for any fraudulent electronic transactions made on your account.

Secure Messages

Provident has long offered its members a "Message Center" feature in online banking, where you can exchange mail messages with us securely. When you use this feature, any mail you send or receive through the online banking interface is encrypted (encoded so no one but the sender and recipient can read it). And because you've signed on using your own User ID and password, we know we're really talking to you, and not to an impostor. To use this feature, sign on to online banking, the either use the "Message Center" button on the left, the "Contact" button at the top of the page, or the "Contacts" link at the bottom of the page. This is the best way to contact Provident about your account, as it enables secure, two-way communications, along with a message history thread when multiple e-mails are required.

Mobile Banking Security 

Criminals may publish mobile banking smart phone software ("apps") designed to mimic the Provident app, in order to steal your online banking sign-on credentials. To help protect your accounts and information, only download Provident Credit Union’s mobile banking app using links from this site. The real Provident iPhone app is located on the App Store, here, and the real Provident Android app is located on Google Play, here. Provident does not endorse or support any other apps that require you to enter your online banking User ID and password.

Security for mobile Web access to online banking is similar to the full size online banking site. Your User ID and password are the same, and multi-factor authentication works similarly, asking you a security question if there is something unfamiliar about the way you are signing in. All communication is encrypted by industry-standard 128-bit SSL encryption, preventing successful cell phone "scanning" or other attempts to eavesdrop on a transmission.

Please note that some mobile phone companies decrypt and re-encrypt the transmission to and from their phone system and the Internet, and that Provident cannot take responsibility for the security or privacy of your information during that step. Of particular concern are the Opera Mini browser (designed for use on small-screen phones), or the Silk browser on the Amazon Fire.

For your own security, make sure to sign off every time that you are finished with your mobile banking session. Provident also recommends that members set a hard-to-guess password or PIN on the phone itself. Although mobile Web sessions do time out automatically, the last page you accessed may remain visible on some phones until you sign off manually or try to access another page after the timeout period, and these measures will help prevent casual viewing by anyone who picks up your phone.

Stolen Portable Devices

Because mobile phones and tablets are easy to lose or steal, please consider the following:

  • Enabling automatic screen-locking helps prevent unauthorized access when the device is not in use. The locked screen requires entering the correct password to unlock it. This is not foolproof, as the device can often be cracked via a separate computer to access the contents without using the password.
  • Setting up a remote wipe program will enable you to send a command to your lost or stolen device that will delete any stored data. This must be done quickly after the theft, however, as a dead battery, disabled Internet access, or even bad reception will prevent the wipe from taking place.
  • Store device records including device make, model, and serial number in a safe place in case you need to report it lost or stolen
  • You can disable access to mobile Web banking and Provident's mobile apps from within Provident's online banking. It is also a good idea to change your online banking password and User ID while you're at it, to further thwart any attempts to access your account by other means.
  • You can reach our Contact Center or your nearest community branch and they can disable your access to mobile banking

For more information about Provident's mobile banking, and a link to all of our mobile banking FAQs, please see our Mobile Banking page.

Dealing with a Data Breach 

A data breach is a security incident in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so.

How Provident Credit Union is Notified of a Breach

Provident may receive information about a breach from multiple outside sources or law enforcement agencies. Details specific to the breach may not be disclosed to the credit union so we cannot provide the name of the merchant or where the data breach may have occurred.

What to Expect When a Data Breach Occurs

Learning that your account information may have been compromised can be alarming. Important things to know if a breach occurs and your card account data has been compromised:

  • The credit union may attempt to contact you and also reserves the right to close your card and reissue a new one in order to help protect your account.
  • Notice of a data breach does not mean fraud will occur on your account or that you will become a victim of identity theft.
  • If Provident learns of a data breach that may affect our members, we will post a message and link about it on our home page and on this page near the top. Following the link will provide more information and advice on how to proceed.