Security Information

How We Protect You

Keeping your online financial and personal information secure and confidential remains one of our top priorities. We ensure your privacy and security by offering technology and services designed by the brightest minds in the online banking industry.

We do not store member information on publically accessed web servers. All account information is housed on servers that are behind our firewall (protected area). The web server only passes information between your browser and our computers located behind the firewall, and vice-versa.

What kind of security procedures are in place to protect my information when I am managing my money or paying bills through Online Banking?

All Online Banking sessions are authenticated and encrypted. The authentication of an Online Banking session is handled through your User ID and Password combination, which is required at login. The password is the same as that used when conducting your CALL-24 (automated phone banking) transactions.

The encryption is accomplished by establishing a Secure Socket Layer (SSL) connection between the browser and the Web server. You can only access Online Banking with an SSL-compliant browser.

Encryption: The privacy of communications between you (your browser) and our servers is ensured via encryption. Encryption scrambles messages exchanged between your browser and our Online Banking server.


Password Complexity

It is important to verify that only authorized persons log in to Online Banking. This is achieved by verifying your password. When you submit your password, it is compared with the password we have stored in our secure data center. We allow you to enter your password incorrectly a limited number of times; too many incorrect passwords will result in the locking of your Online Banking account until you call us to reinitialize the account. We monitor and record "bad-login" attempts to detect any suspicious activity (i.e. someone trying to guess your password). You play a crucial role in preventing others from logging on to your account.

Never use easy-to-guess passwords, such as: Examples:

  • Birth dates
  • First names
  • Pet names
  • Addresses
  • Phone numbers
  • Social Security numbers

Never reveal your password to another person. You should periodically change your password in the User Option section of Internet Banking.


Secure Architecture

The computers storing your actual account information are not linked directly to the Internet. Transactions initiated through the Internet are received by Online Banking Web servers. These servers route your transaction through firewall servers. Firewall servers act as a traffic cop between segments of our Online Banking network, used to store information, and the public Internet.

What to Expect from Shell FCU

Shell FCU will NEVER call, email or otherwise contact you and ask for your user name, password or other Online Banking credentials.

Shell FCU will NEVER contact you and ask for your credit or debit card number, PIN or 3‐digit security code. Please see below for more information about how our card providers approach customer service calls.


Credit Cards

Our card provider will identify themselves as Card Services calling on behalf of Shell FCU. They will never ask for your card number, expiration date or CVC (security) code.

They will: verify SS# and DOB

They may: refer you to call the credit union

If you are uncomfortable with the call, please hang up and call the Credit Union at (713) 844‐1100 or the 1‐800‐442‐4757 number on the back of your card.


Debit Cards

Our card provider will identify themselves as Card Fraud Detection.

They will: verify the reference number that was left on your voicemail and verify the card number

They will never: ask for your Social Security Number

If you are uncomfortable with the call, please hang up and call the Credit Union at (713) 844‐1100 or Toll Free 1‐800‐388‐5542.


Rights and Responsibilities

With respect to Online Banking and electronic fund transfers, the Federal government has put in place rights and responsibilities for both you and the credit union. These rights and responsibilities are described in the New Account Disclosures you received when you opened your account with Shell FCU. You can also find them online under the Tools & Resources menu. Business account disclosures are found under the Products & Services menu, on the Business Accounts page.

Online Security

As many people know, web pages with "https" addresses indicate online security. You can also verify a secure page by looking for the gold lock located in your browser window.

You can always log in safely from the homepage on this website.

Multifactor Authentication

MFA (Multi-Factor Authentication) is necessary to keep up-to-date with the latest technologies and remain in compliance with federal regulations. It provides an added layer of security and helps further protect members from online fraud and identity theft.

Online Banking’s added layers of security will be a watermark and challenge questions. These security measures are put into place to ensure you are accessing the legitimate Shell FCU site; as well as confirming your identity when logging in from an uncommon PC or conducting transactions out of your normal routine. The watermark will be an image you choose during setup. Each time you log into Online Banking, you will see this image, or watermark, and if you do not, please log out and contact us immediately. This will ensure you are accessing the authentic Shell FCU site.

The challenge questions will assist Shell FCU with verifying your identity. You may be prompted to occasionally answer a challenge question when performing certain transactions or logging in from uncommon computers or locations. As always, Shell FCU will be available to assist should you have any questions or difficulty.

How to Keep Yourself Safe in Cyberspace

In today’s high tech world, we are able to do things more quickly and conveniently electronically whether it is to send a letter via email, pay bills or even go shopping online. With this increase in speed and convenience also comes increased risk. Every day, unscrupulous individuals are busy developing new scams targeting the unsuspecting public. At Shell FCU, the security of member information is a priority. We are strongly committed to the safety and confidentiality of your records. One of the best ways to avoid fraud is to become an educated consumer and we would like to help you in this endeavor. Please take a moment to read this important information on how to keep you safe when conducting business online.


Reduce Your Risk

eStatements can reduce your risk of mail fraud.


Protect Your Identity

Monitor account activity. Monitor your account activity regularly either online or by reviewing your monthly statements and report any unauthorized transactions right away.

Access your risk. We recommend periodically assessing your online banking risk and put into place increased security controls where weaknesses are found; particularly for members with business accounts. Some items to consider when assessing your Online Banking risk are:

  • Who has access to your online business accounts?
  • How and where are user names and passwords stored?
  • How strong are your passwords and how often are they changed? Are they changed before or immediately after terminating an employee who had access to them?
  • Do you have dual controls or other checks and balances with respect to access to online banking transactions?

Online Security Tips

An important part of online safety is knowledge. The more you know, the safer you’ll be.

  1. Set strong passwords. A good password is a combination of upper and lower case letters and numbers and one that is not easily guessed. Do not use Social Security numbers as User ID or Password. Try to use “special character” such as pound (#) and at (@) signs. Change your password frequently. Don't write it down or share it with others.
  2. Protect your answers to security questions. Select questions and provide answers that are easy for you to remember, but hard for anyone else to guess. Remember, with today’s social media networks such as Facebook and Twitter, some of these answers would be easy for a determined fraudster. So avoid using questions that would be easy for them to find. Avoid using the same questions that you used for other websites.
  3. Use secure websites for transactions and shopping. Shop with merchants you know and trust. Make sure Internet purchases are secured with encryption to protect your account information. Look for “secure transaction” symbols like a lock symbol in the lower right‐hand corner of your web browser window, or https://... in the address bar of the website. The “s” indicates “secured” and means the web page uses encryption.
  4. Conduct Online Banking activities on secure computers only. Public computers (at Internet cafes, copy centers, etc.) should be used with caution, due to shared use and possible tampering. Online banking activities and viewing or downloading documents (statements, etc.) should only be conducted on a computer you know to be safe and secure.
  5. Don't reveal personal information via email. Emails and text messages can be masked to look like they are coming from a trusted sender when they are actually from someone else. Play it safe. Do not send your personal information, such as account numbers, Social Security numbers, passwords etc. via email or text.
  6. Don't download that file! Opening files attached to emails can be dangerous, especially when they are from someone you don't know, as they can allow harmful malware or viruses to be downloaded onto your computer. Make sure you have a good antivirus program on your computer that is up‐to‐date, and don't open attachments you aren't expecting. They can be bad news.
  7. Links aren't always what they seem. Never log in from a link that is embedded in an email message. Criminals can use fake email addresses and make fake web pages that mimic the page you would expect. To avoid falling into their trap, type in the URL address directly and then log in.
  8. Log out of sites when you are done. When you are ready to leave a site you have logged into, log out rather than just closing the page.
  9. Close your browser when you’re not using the internet.
  10. Turn it off! Your computer should be completely turned off when you are finished using it; don’t leave it in sleep mode.
  11. Install, run and keep anti‐virus software updated.

Mobile Banking Security Tips

When you use a mobile device (cellular phone, iPhone, iPad touch or other device) for browser or text‐based account access, keep these tips in mind:

  • Use the keypad lock or phone lock function on your mobile device when it is not in use. These functions password‐protect your device so that nobody else can use it or view your information. Also be sure to store your device in a secure location.
  • Frequently delete text messages from your financial institution, especially before loaning out, discarding, donating or selling your mobile device.
  • Never disclose via text message any personal information (account numbers, password, or any combination of sensitive information like your Social Security number or birth date that could be used in ID theft).

Identity Fraud versus Identity Theft

Identity fraud is usually limited to an isolated attempt to steal money from an existing account such as a charge on a stolen credit card.

Identity theft is when a thief uses stolen personal information, such as Social Security number or your member number, to open accounts or initiate several transactions in your name. This may cause financial loss or damaged credit.

Usually identity theft is more extensive than identity fraud. If fraudulent transactions occur on your account, it does not automatically mean your identity was stolen. It may be an isolated incident of theft that can be quickly resolved.

Internet Fraud Information

Shell FCU does not solicit personal/private information from members via email.

If you ever receive a message asking for you to update personal/private information that is either outdated or incomplete and the sender claims to be Shell FCU, please ignore the request. You are most likely being targeted in a phishing scam. Delete the message immediately.

Shell FCU recommends you handle unwanted email scams as follows:

  1. Delete the message immediately. Do Not Open It. Your curiosity could result in a computer virus or worse.
  2. Report the incident to: Internet Crime Complaint Center
  3. If you have been victimized by a spoofed email or Website scam, contact:
    • Shell FCU - So that we can alert other members.
    • Your local law enforcement
    • U.S. Postal Inspector
    • FBI

By paying closer attention to the information we disclose via email and through efforts to report these scams, we can make it much more difficult for this type of criminal activity to succeed.

Report Online Fraud and Suspicious Activity

During normal business hours, call Shell FCU at (713) 844-1100 or (800) 388-5542. After normal business hours, call the numbers below to report Lost or Stolen Account Information.

  • ATM or Debit Cards: (800) 528-2273
  • Credit Cards: (800) 442-4757