Privacy and Security

San Francisco Federal Credit Union has a robust Member Information Security program that ensures adequate security is built into our platforms, which include the latest cutting-edge technology, internal processes and staff manpower. We take extensive measures to protect your personal information, and are constantly monitoring accounts for fraud and identity theft. We ensure ongoing compliance to industry required security frameworks to verify that our internal procedural operations have security built into them.

If you believe you have been a victim of fraud please call us immediately 415-775-5377.

Introduction and Intention

San Francisco Federal Credit Union strives to serve your needs and to protect your identity and any information we collect about you.

Our Privacy Policy:

  • covers your interaction with San Francisco Federal Credit Union, its affiliates, and companies engaged by San Francisco Federal Credit Union and its affiliates to render online services when you visit any mobile or online site or application that we own, including, but not limited to, our website,, and our mobile apps (“Site”);
  • describes the categories of personally identifiable information (“Personal Information”) that we may collect about you when you visit our Site;
  • describes the categories of other persons or entities with whom we may share your Personal Information;
  • discloses whether other parties may collect Personal Information about your online activities over time and across different websites when you use our Site;
  • describes the way you can review and request changes to any of your Personal Information that we collect;
  • describes how we will inform you of important changes to our Privacy Policy;
  • discloses how we respond to web browser “do not track” signals or other opt-out mechanisms;
  • discloses if we engage in the collection of your Personal Information about your online activities over time and across different websites;
  • describes how we safeguard children’s privacy;
  • describes the European Union’s General Data Protection Regulation; and
  • makes clear that no action on your part is needed.

What Information Do We Collect?

We may collect Personal Information when you enter data into an application for new products or services or when you use our products and services. Personal Information may include your name, Member Number, home or other physical address, Social Security Number, telephone number, and email address. We do not collect Personal Information from you when you simply browse our Site. However, our Site may collect non-Personal Information such as your IP address and device identifier.

We take your online privacy seriously and make the safeguarding of your Personal Information a priority. We collect Personal Information only as allowed by law. Use of the internet makes it possible for other parties to collect data about your online activities over time and across different websites, including when you use our Site. Please scroll down to learn more about Mobile and Online Security.

With Whom Do We Share the Information We Collect?

We do not share your Personal Information with affiliates as set forth in our Consumer Privacy Policy. We do not sell your Personal Information. We may use or share your non-Personal Information to enhance your experience on our Site, to help deliver our ads on your web browser, and to measure advertising campaign effectiveness.

Keeping Your Information Accurate

It is important that we have accurate and up-to-date information about you. If you notice that your information is incomplete, inaccurate, or out of date, please contact us at 1-415-775-5377 or visit a branch. You can also review and request changes to certain Personal Information such as your email address, mailing address, and telephone number on our Site.

Policy Updates

We may change our policy from time to time. When we do, we will let you know by appropriate means such as by posting the revised policy on this page with a new “Last Updated” date. Any changes to our policy will become effective when posted unless indicated otherwise. On May 25, 2018, new privacy regulations from the European Union, known as the GDPR, took effect. The regulations are designed to protect privacy rights of residents of EU countries. We comply with the GDPR as applicable.

How You Can Control Your Information

Our Site is designed for optimal viewing with cookies enabled (cookies are small text files that collect internet traffic data). For example, cookies store your preferences for when you visit our Site. If your web browser settings allow cookies, our Site will utilize them. You may disable or remove cookies by accessing your web browser settings. Our Site will still function without cookies, but some features may not work properly. Please note that due to a lack of consistent standards across browsers, our Site may not respond to “do not track” browser settings. We do not monitor your online activities after you leave our Site.

We only use your Personal Information for certain purposes allowed by law (see Section 3 and refer to our Consumer Privacy Policy), which you cannot limit. Additionally, you cannot opt out of our sharing non-Personal Information such as your IP address and device identifier.

You may, however, be able to opt out of certain advertisements. To learn more about a particular advertising network (including how to opt out), click on the industry group network symbol or link located on the advertisement.

Children’s Privacy

We do not knowingly collect Personal Information from individuals under the age of 13 who use our Site without obtaining consent from a parent or legal guardian.

To learn more about the Children’s Online Privacy Protection Act (COPPA), please visit the National Credit Union Administration Regulatory Alert or the Federal Trade Commission.

Do You Need to Take Any Action at This Time?

No, you do not need to take any action regarding any of the above.

Review the below tools and information available to help you recognize fraudulent activity, and steps to take if this occurs.

  • Travel Notification
    Alert us at 1-415-775-5377 when you travel and we’ll monitor your card 24/7.
  • Identity Theft
    Take steps to prevent & deal with identity theft.
  • Privacy Policy
    Learn how we protect your personal information

Phishing is a scam that attempts to trick consumers into providing personal information. A communication claiming a need to verify personal information is sent, often directing consumers to a fake website to verify personal details or prove eligibility for a non-existent prize. These fake websites and email messages can look legitimate, using logos and other elements from actual financial or government institutions.

E-mail Phishing

  • The attempt to acquire confidential information through spam and e-mail spoofing.
  • Usually contain an E-mail with a fake logo and an urgent call to action.
  • San Francisco FCU will never send you an e-mail asking you to verify or send personal information in reply.

Web Phishing

  • The attempt to acquire confidential information through malicious or fake cloned websites.
  • Usually comes in the form of a Website requesting sensitive data.
  • San Francisco FCU will never send you an e-mail asking you to verify or send personal information in reply or via a website.

Phone/SMS Phishing

  • The attempt to acquire confidential information through phone impersonation. The calls or text messages often instruct consumers to urgently call a telephone number.
  • Consumers who fall victim to these call the number and furnish sensitive information to a person they believe is trusted.
  • Security attacks that include text messages are especially important, as often the consumer is tricked into clicking on a link and thereby downloading a Trojan horse, virus or other malware onto their cellular phone or other mobile device.

Social Engineering

  • The attempt to use Psychological manipulation of people into giving confidential information for the purpose of information gathering, fraud, or system access. Also known as Human hacking.
  • Social engineering has many attack vectors including email, phone, in-person conversation, social networking, and even snail-mail or fax.

The Attacker’s Motives

  • Financial gain: For obvious reasons.
  • Political gain: Think of cyber warfare and terrorism. For instance, you may have heard about the alleged state-sponsored attacks coming from China or Russia. Or the hacker groups that have formed and launched attacks in support of ISIS.
  • Personal vendettas: This can include revenge, disgruntled employees and insider attacks. However, this could also be disgruntled members or non-members with the same motives.
  • Malice or curiosity: The classic stereotype of hackers depicted in TV and film. While some may want to prove their SE expertise, some could be amateurs who are curious to test what they are capable of.

Tips To Avoid Falling Victim to Scams

  • Never give out bank account or credit card numbers over the phone if you didn’t initiate the call to a reputable, known business. Scam artists constantly try fresh stories to trick consumers into giving out their private personal and financial information.
  • Do not reply to the unsolicited e-mail or respond by clicking on a link within the unsolicited e-mail message. Make sure you know who or where an e-mail is from before opening any attachments.
  • If entering personal data, be careful and be sure to only do so on Web sites known to be legitimate and secure. Always look for a “locked padlock” in the browser or “http” at the beginning of the Web site’s URL address for proof of security.
  • Check your accounts, view statements, and verify all transactions a few times per month for any unauthorized charges.
  • Regularly update anti-virus software and system security patches.
  • Try to stay away from “free offers,” especially those that ask you for private information bank account or credit card numbers. Keep in mind that such great offers tend to cover up the real purpose of just persuading you to give up your financial information.

For more information about Phishing scams, please visit these sites:

We have integrated Multi-Factor Authentication (MFA) into Online Banking that uses multiple layers of security and verification to confirm Member identity.

In addition we have implemented:

  • Encryption and password protection. When you sign on to Online Banking, we secure the connection using Secure Sockets Layer (SSL) and Transport Layer Security (TLS) technology to encrypt all the information transported on the network. This ensures secure information transfer between you and San Francisco FCU.
  • Extended Validation Certificates (EV). The EV certificate establishes and clearly displays the website’s owner. This lets you know that you’re at a valid San Francisco FCU website, and not a fraudulent look-a-like one.

Security Tips

  • Always keep your password private and safe
  • Avoid using the same password for multiple accounts or different sites
  • Ensure your password is unique, long and strong. Create passwords that are easy to remember, but hard for other people to guess.
  • Use both capital and lower case letters, as well as include a special character (!, &, #, %, etc)
  • Don’t use names of family members or pets
  • Don’t use phone numbers, Social Security numbers or birthdates
  • Don’t use your account number within the password
  • Update your password. Change your password on a regular basis. This helps keep your accounts secure should someone obtain your user ID and password.
  • Use and regularly update firewall, anti-spyware, and anti-virus software to protect your computer against viruses.
  • Ensure your browsers are up-to-date with latest versions.
  • Periodically delete your browser cache and history or opt to disable web caching.
  • Setup Alerts within your Online Banking account to notify you of any suspicious activity.
  • Never share your device, especially with someone you do not know
  • Never store your passwords in un-secure apps
  • Always be sure to log-off from the mobile application when you are not using it
  • If you have lost your mobile device, be sure to change your San Francisco FCU password as soon as possible
  • Only install applications from Google Play or the Apple App Store, and only select applications from trusted sources.
  • Be sure you regularly update your device operating system as well as check the App Store for updates to your installed apps.
  • Add your Visa debit or credit card into mobile payment apps that use tokenization – like Apple Pay®, Android Pay™ or Samsung Pay™. Every time you pay using the mobile payment app instead of using your physical card, you help to shield your card number from fraud.
  • Avoid unusual-looking ATMs
  • When using an ATM, stand directly in front of the ATM and cover your hand when you type in your PIN
  • If you notice that the card slot, pin pad, or any part of the ATM seems have been tampered with or altered, do not use the ATM
  • Notify San Francisco FCU if your card has been captured and not returned – enter the branch or call our Service Center at 415.775.5377

Verified By VISA® Secure purchases by registering your card with merchants who use this service.

For lost/stolen cards please see below for phone numbers:

SFCU Visa Credit CardSFFCU Visa Debt Card
During Business Hours415.775.5377 415.775.5377
After Business Hours415.775.5377 – Option 5 or 800.682.6075 415.775.5377 – Option 6 or 888.241.2510
Outside of U.S.206.352.4950 (collect)909.941.1398 (collect)

According to the Federal Trade Commission’s Web site, identity theft is defined as “The act of stealing your good name to commit fraud.” Identity theft occurs when someone uses your personal information such as your name, Social Security number, credit card number or other identifying information, without your permission to commit fraud or other crimes.

Take the time to review the below points to avoid becoming a victim:

  • Guard your personal information
  • Check your financial statements for any unauthorized charges
  • Review your credit report at least once a year
  • Shred documents that contain your personal information before throwing them away
  • Sign up for Paperless Statements – try not leaving mail sitting in your postal mailbox
  • Protect your electronic devices by using secure sites and making passwords hard to guess
  • Only carry the credit cards and documents that you really need, try not to carry pin numbers, passwords, Passport or Social Security card in your wallet or purse.
  • Keep personal and sensitive information (bank statements, log-in for online banking accounts, debit card PIN numbers or paper checks) away from where others, including your family members, friends, and neighbors could see it.
  • Retrieve your postal mail promptly.
  • Do not respond to emails requesting personal information. San Francisco FCU will never send you an e-mail asking you to verify or send personal information in reply.
  • Before you dispose of a computer or mobile device, be sure to delete any personal information
  • Always ask employers, creditors and businesses how they will use and secure your personal information
  • Always cancel & destroy old/unused credit cards

If you find yourself a victim of identity theft, immediately take the following actions:

  • File a police report. Get a copy of the report to submit to your creditors and others that may require proof of the crime.
  • Contact the fraud departments of each of the three major credit-reporting agencies listed below. Request that they place a “fraud alert” on your file and that no new credit be granted without your approval.
  • File your complaint with the Federal Trade Commission (FTC). The FTC maintains a database of identity theft cases used by law enforcement agencies for investigations. Link to file a complaint: website
  • Contact San Francisco FCU’s Service Center at 415.775.5377 to close your defrauded accounts and open new accounts.

Three Major Credit Reporting Agencies:

Equifax website
To order your report, call: 800-685-1111
To report fraud, call: 800-525-6285
TDD 800-255-0056
P.O. Box 740241
Atlanta, GA 30374-0241

Experian website
To order your report, call: 888-EXPERIAN (397-3742)
To report fraud, call: 888-EXPERIAN (397-3742)
TDD 800-972-0322
P.O. Box 9532
Allen TX 75013

TransUnion website
To order your report, call: 800-888-4213
To report fraud, call: 800-680-7289
TDD 877-553-7803
P.O. Box 6790
Fullerton, CA 92834-6790

For more information about identity theft visit:

We recommend you request and check your credit report once a year. To obtain a copy of your free credit report, visit the Web site at website or call 877.322.8228.

Feel free to also visit these links to the sites of the three major credit reporting agencies:

Equifax website

Experian website

Trans Union website

Scroll to Top