Provident Credit Union is committed to the safety of our members' information and accounts. With over 60 years in business, Provident has earned a reputation for absolute safety and soundness.
Provident Credit Union has instituted a number of policies and procedures designed to keep your information and funds safe and secure, and we make sure these policies and procedures are strictly followed by all Provident staff involved.
Our Web Site
We do not require you to identify yourself when visiting our Web site at providentcu.org. We will only ask you to identify yourself if you are contacting us, requesting information, applying for or enrolling in Provident products or services, participating or enrolling in online banking, reserving a spot at a seminar, signing up to view a Webinar, and other specific activities where we need to know who you are in order to satisfy your needs. Provident is very interested in hearing from our visitors about their experience when visiting our Web site or using our online services. You may occasionally be asked to complete a survey, or answer simple questions. Questions may include your opinion about our products and services or performance.
Cookies and Online Tracking
Provident records and retains online transactions that users perform through our site, such as those performed within online banking or online loan applications and account opening. This is necessary in order to conduct business and satisfy record-keeping requirements. Information about what pages have been viewed, for how long, and the paths people take through our site is also collected in order to evaluate how the site is being used, so that Provident can make improvements. Mostly this "tracking" information is anonymous and viewed in aggregate, but there are also areas of our site where members are personally identified via a secure sign on, and we retain the information for a limited time in order to help protect Provident and its members from actual or potential fraud, and to be able to assist members who need help. No personally identifying tracking information is shared outside of Provident, except when necessary for law enforcement purposes.
Some of this information collection is accomplished via "cookies" (also known as "http cookies"). Cookies are small bits of data that a Web page may ask your browser to store, so that the same site can read them on subsequent pages or on additional visits to the same page.
Extended SSL Certificates on Secure Servers
The Provident Web site resides on what is known as "secure servers", which have page location addresses that begin with "https", such as with "https://accountmanager.providentcu.org". On these pages, all information exchanged between the Provident Web server and the your browser is encrypted for more secure and private transmission over the Internet (encryption is a method used to encode the information when it is sent or returned, so that it cannot be read in transit by a third party). This encrypted information exchange includes pages sent from our secure server to the browser for display, passwords and form fields that you enter and submit, and requests for pages that you make by clicking on links.
All "secure sites" using the https protocol require an electronic certificate to enable the encryption and to identify the owners of the site. Provident Credit Union goes further, by using Extended Validation SSL Certificates on its secure sites. These certificates add an extra layer of validation to positively identify Provident Credit Union as the site owner, and not just someone who is fraudulently using Provident's name. This is a way you can check to make sure you are on the real site before entering any private information that fraudsters might otherwise abuse. Most modern browsers will indicate the existence of an Extended Validation SSL Certificate via a color change, and will allow you to view the information in the certificate, including the verified organization name (Provident Credit Union), physical address, and more:
- If you are using Internet Explorer, the Web location address field of your browser will turn green when you visit our secure site, and the right side of that field will say "Provident Credit Union" (the right side may be clipped to a limited length, but you can move your mouse over it to see the whole name). To see the certificate information, click on the padlock icon in the address field.
- When you visit our secure site using Firefox, it will say "Provident Credit Union" to the right of the padlock icon or site icon on the left side of the Web location address field of the browser, and either the icon and that text will turn green, or its background will turn green. To see the certificate information, click on either the icon or Provident name there.
- In Safari, there will be a green rectangle with rounded corners on the left side of the Web location address field of the browser, where it will say "Provident Credit Union" and have a green padlock icon. To see the certificate information, click anywhere within that green rectangle.
- In Chrome, there will be a green rectangle with rounded corners on the left side of the Web location address field of the browser, where it will have a green padlock icon, and say "Provident Credit Union". To see the certificate information, click anywhere within that green rectangle.
FirewallProvident Credit Union has taken a layered approach to security, and our firewall is one of those layers. The firewall blocks unauthorized access to our network and computing environment, by limiting what traffic is allowed to flow in and out of our network. Provident also uses intrusion detection software to detect unusual network activity and automatically block attacks that might still take place inside the firewall. On computer systems operating inside the firewall, private data is securely encrypted and password protected, following best practices for maintaining strong passwords that are changed periodically. Password access to secure data is limited to those Provident employees who need the access to perform their job duties, and access is logged and audited.
Children's Online Privacy
Children accessing the Internet are potentially exposed to inappropriate Web sites and unnecessary risks. Parents are encouraged to limit Web site access to their children by installing filtering software. COPPA, the Children's Online Privacy Protection Act, protects children under the age of 13 from the online collection of personal information. The Provident Web site is not intended to attract anyone under 13, and we do not link to other sites that we believe to be inappropriate for that age. Provident does not intentionally collect information from our Web site from those we know are under the age of 13. More information about COPPA may be found at the Federal Trade Commission's web site for children's privacy.
Links to Third Party Websites
Provident is not responsible for the information practices employed by sites linked to or from our Web site. Provident provides links on its site to partner sites we have contracted with, in order to offer useful additional online services to Provident members. As a convenience to our members, we also provide links to other unaffiliated Web sites, with information and services that we think you may find useful. When you click on a Provident link to a third party site, Provident displays a message to make it clear that you are leaving the Provident site to go to another site that may have different privacy policies and/or security standards than Provident.
Provident also integrates some third-party content within its site without warning messages. For this to happen, however, Provident first undergoes an extensive security review with that third party, to ensure that they are rigorously protecting the privacy and security of any member information that they may store, and to ensure that they only collect and store the minimum amount of data needed for them to provide online services to members. These security reviews are repeated annually to ensure that the third party remains in compliance with Provident policies and security standards.
Social Security Number Practice
Provident, as required by law, collects Social Security numbers to establish, maintain and service member accounts. Provident’s practice is to implement reasonable measures to protect confidentiality, prohibit unlawful disclosure, and limit access to Social Security numbers.
Submitting Forms Online
Confidential information you provide via electronic forms from our Web site to Provident is sent in encrypted form. See Extended SSL Certificates on Secure Servers, above, for more details.
Sending E-Mail to Provident
There are three ways to send e-mail to Provident securely and privately, and two ways to receive e-mail securely and privately:
|Method||Send Securely||Receive Securely|
Secure E-Mail in online banking
PGP Encrypted E-Mail
Messages sent to us through regular e-mail is not secure, and could potentially be read by others along the way as it makes its way through the Internet. This is especially true if you are connected to the Internet through a non-secure WiFi connection. We ask you not to send confidential information such as Social Security Numbers, account numbers, or passwords to us via an unsecured e-mail.
Provident Credit Union knows that security is important to you when it comes to online transactions, and we take every safeguard to protect your accounts. Provident's online banking supports the latest 128 bit encryption to ensure a secure environment for your account access. Unauthorized access is prevented by limiting the number of incorrect sign on attempts, by automatically ending a session after a prolonged period of inactivity, and more. The safety of your money and information is of primary concern to Provident.
With "Multi-Factor Authentication" we do not rely on a User ID and password alone, but also have complex heuristics that determine if there is anything out of the ordinary about your sign on. If there is, we ask you follow-up questions that only you should be able to answer. Plus, before you enter your password, we show you the picture that you picked previously. In this way, you are assured to be on the real Provident site before you reveal your password. More information about Enhanced Security Sign On
Provident's online banking lets you set a complex User ID and password using numbers, upper and lower case letters, and even punctuation. This greatly decreases the chances that anyone else will ever guess your password. Members are encouraged to use long passwords or pass-phrases, as longer passwords are much more secure and harder to crack.
With our Zero Liability Fraud Protection Guarantee, you can rest assured that in the event your account is compromised, you will not be held accountable for any fraudulent electronic transactions made on your account.
Provident has long offered its members a "Secure E-Mail" feature in online banking, where you can exchange mail messages with us securely. When you use this feature, any mail you send or receive through the online banking interface is encrypted (encoded so no one but the sender and recipient can read it). And because you've signed on using your own User ID and password, we know we're really talking to you, and not to an impostor. To use this feature, sign on to online banking, the either use the "Secure E-Mails & Alerts" button on the left, the "Contact" button at the top of the page, or the "Contacts" link at the bottom of the page. This is the best way to contact Provident about your account, as it enables secure, two-way communications, along with a message history thread when multiple e-mails are required.
Criminals may publish mobile banking smart phone software ("apps") designed to mimic the Provident app, in order to steal your online banking sign-on credentials. To help protect your accounts and information, only download Provident Credit Union’s mobile banking app using links from this site. The real Provident iPhone app is located on the App Store, here, and the real Provident Android app is located on Google Play, here. Provident does not endorse or support any other apps that require you to enter your online banking User ID and password.
Security for mobile Web access to online banking is similar to the full size online banking site. Your User ID and password are the same, and multi-factor authentication works similarly, asking you a security question if there is something unfamiliar about the way you are signing in. All communication is encrypted by industry-standard 128-bit SSL encryption, preventing successful cell phone "scanning" or other attempts to eavesdrop on a transmission.
Please note that some mobile phone companies decrypt and re-encrypt the transmission to and from their phone system and the Internet, and that Provident cannot take responsibility for the security or privacy of your information during that step. Of particular concern are the Opera Mini browser (designed for use on small-screen phones), or the Silk browser on the Amazon Fire.
For your own security, make sure to sign off every time that you are finished with your mobile banking session. Provident also recommends that members set a hard-to-guess password or PIN on the phone itself. Although mobile Web sessions do time out automatically, the last page you accessed may remain visible on some phones until you sign off manually or try to access another page after the timeout period, and these measures will help prevent casual viewing by anyone who picks up your phone.
Stolen Portable Devices
Because mobile phones and tablets are easy to lose or steal, please consider the following:
- Enabling automatic screen-locking helps prevent unauthorized access when the device is not in use. The locked screen requires entering the correct password to unlock it. This is not foolproof, as the device can often be cracked via a separate computer to access the contents without using the password.
- Setting up a remote wipe program will enable you to send a command to your lost or stolen device that will delete any stored data. This must be done quickly after the theft, however, as a dead battery, disabled Internet access, or even bad reception will prevent the wipe from taking place.
- Store device records including device make, model, and serial number in a safe place in case you need to report it lost or stolen
- You can disable access to mobile Web banking and Provident's mobile apps from within Provident's online banking. It is also a good idea to change your online banking password and User ID while you're at it, to further thwart any attempts to access your account by other means.
- You can contact our Call Center or your nearest community branch and they can disable your access to mobile banking
For more information about Provident's mobile banking, and a link to all of our mobile banking FAQs, please see our Mobile Banking page.
A data breach is a security incident in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so.
How Provident Credit Union is Notified of a Breach
Provident may receive information about a breach from multiple outside sources or law enforcement agencies. Details specific to the breach may not be disclosed to the credit union so we cannot provide the name of the merchant or where the data breach may have occurred.
What to Expect When a Data Breach Occurs
Learning that your account information may have been compromised can be alarming. Important things to know if a breach occurs and your card account data has been compromised:
- The credit union may attempt to contact you and also reserves the right to close your card and reissue a new one in order to help protect your account.
- Notice of a data breach does not mean fraud will occur on your account or that you will become a victim of identity theft.
- If Provident learns of a data breach that may affect our members, we will post a message and link about it on our home page and on this page near the top. Following the link will provide more information and advice on how to proceed.