Online Security

CEFCU does everything possible to help ensure your financial information remains safe and secure.

How We Work to Protect You

To help ensure your financial information remains safe and secure, CEFCU uses 128-bit secure sockets layer (SSL) encryption, monitors and constantly updates systems, and utilizes multiple security layers and strong business practices. To help you protect your account, CEFCU On-Line® may prompt you to change your password from time to time. Remember, your security phrase and image are there to verify that you are on CEFCU's server, so it is safe to do this.

Internet security requires more than technology alone. Ultimately, when dealing with viruses, spyware, and computer hackers, each of us is responsible for protecting our own computer system.

How You Can Keep Your Computer Safer

Log off CEFCU On-Line to help enhance the security of the site.
When you have completed your transaction, be sure to use the Sign Off button (found under Session Options) rather than waiting for the time out option.

Clear personal information after using online services.
Clearing your cache prevents unauthorized users from viewing account information when using the back button on the browser. Follow these steps to clear your cache.

Always use an up-to-date browser.
To help ensure your CEFCU accounts are safe & secure always use an up-to-date browser. For instructions on how to update your browser, visit the Help section for your browser.

Choose a secure password.
To protect your accounts, change your password periodically. Before selecting a password, consider these suggestions:

  • Select a password between four and 10 characters long.
  • Develop a password with alphanumeric characters — such as digits (0–9) or letters (A–Z) — and no special characters.
  • Choose a password that is easy for you to remember, but difficult for someone else to guess.
  • Do not write down your password.
  • Do not share your password with others. By doing so, you authorize them to access your accounts, for which you assume total liability.

Don't reply to any email requesting your personal information.
Be very suspicious of any email from a business or person requesting your password; Personal Identification Number (PIN); credit, debit, or ATM card number; Social Security number; or other highly sensitive personal information; never reply to an unsolicited email requesting such information.

For more information and other tips, visit the Security Center or the Online Security FAQs.

Frequently Asked Questions

What is a secure connection?

A secure connection is an encrypted exchange of information between a website and a Web browser. Encryption is provided through a document called a certificate, which is provided by a website. When you send information to the website, it is encrypted at your computer and decrypted at the website.

Even with encryption, it is still important you only transact with trustworthy websites because your privacy can still be compromised by the way the website uses or distributes your information.

To help ensure your financial information remains safe and secure, CEFCU uses 128-bit secure sockets layer (SSL) encryption, monitors and constantly updates systems, and utilizes multiple security layers and strong business practices.

What is encryption?

Encryption is a means of making data unreadable to everyone except the recipient of a message. For instance, it is used to make the transmission of credit card numbers secure if you are shopping on the Web.

How can I tell if I have a secure connection?

The symbols of a secure connection vary from browser to browser. For example, in the most current versions of a number of Web browsers — Internet Explorer 7.x, Firefox 2.x, Safari 3.x, Opera 9.x — you will see a lock icon in the Security Status bar, which is located to the right of the Address bar. Check your browser's website for the most current details on security connection symbols.

In addition, you can click the lock icon for website identification information — site owner or organization — and to view the site's certificates.

How does EV SSL compare to SSL?

EV SSL stands for Extended Validation SSL, which sets the security standards higher for websites. These new standards were put in place to create an even stronger defense against fraud.

The new EV SSL Certificate is a "higher security" certificate. It is only issued when the Certificate Authority, through more rigorous validation, can:

  • Establish the legal identity, as well as operational and physical presence of the website owner.
  • Ensure the website owner has exclusive control over the URL.
  • Confirm the identity and authority of the individuals acting for the website owner and receive signed documents pertaining to legal obligations by an authorized officer.

When updated browsers, such as Internet Explorer 7.x and Firefox 2.x, encounter an EV SSL certificate, a special visual indicator displays in the browser window to communicate the presence of an EV SSL certificate. With the updated browsers, sites with an EV SSL certificate will cause the URL address bar to turn green and will toggle between the business and Certificate Authority name.

Why do I see different colors in the Address bar?

In some browsers, when you visit a website that uses a secure connection, the color of the Security Status bar indicates whether the certificate is valid; and it displays the level of validation that was performed by the certifying organization.

Color Indications
Red: The certificate is out of date, invalid, or has an error.
Yellow: The authenticity of the certificate or certification authority that issued it cannot be verified. This might indicate a problem with the certification authority's website.
Green: The certificate uses extended validation, which means communication between your browser and the website is encrypted and the certification authority has confirmed the website is owned or operated by a business legally organized under the jurisdiction shown in the certificate and on the Security Status bar. The certification authority makes no assertion about the business practices of the website.

What should I do if I think a website is trying to mislead me about its identity?

If you believe a site is attempting to mislead you about its identity, contact the certification authority whose name appears in the certificate and in the Security Status bar.

Is a website safe to use if it has secure transactions?

Encrypted connections are not a guarantee a website is safe to use. A secure connection only assures you of the identity of the website, based on the information provided by the certifying organization. Only provide personal information to a website you know and trust.

Why am I being prompted to change my password? Is this safe?

To help you protect your account, CEFCU On-Line® may prompt you to change your password at any time. Remember, your security phrase and image are there to verify that you are on CEFCU's server, so it is safe to do this.

Is there a way I can increase the safety of online transactions?

Just as when you complete financial transactions in a public place, there is no guarantee of safety on the Web. Use only websites you know and trust, and visit our Security Center for tips on protecting your identity.

What does it mean when I have both secure and non-secure (mixed) content?

When a Web page tries to display elements using both secure (HTTPS/SSL) and non-secure (HTTP) Web server connections, you may get this message. This can happen with online stores or financial sites that display images, banners, or scripts coming from a server that is not secured.

What do I do if I'm having trouble using a website with mixed content?

Visit your Web browser's website to get up-to-date instructions on changing your settings to view mixed content.

Back to top

Visit the Security Center

Use these tools and resources to help keep your identity safe. Plus, view security alerts for information on current scams.