North Georgia Credit Union

ELECTRONIC POLICY

PURPOSE: The purpose of this policy is to set forth the guidelines and conditions under which North Georgia Credit Union will offer Electronic Banking Services to its members. This policy shall outline the responsibilities of North Georgia Credit Union and the individual member. It is the intent of North Georgia Credit Union to comply with all rules and regulations of Third Party Processors, NCUA and the State of Georgia Department of Banking and Finance with respect to Electronic Banking Services.

AUTHORITY: The Board of Directors set the policy governing the Electronic Banking Services. Employees, designated by Management, have the authority to enable Electronic Banking Services within the guidelines established by the Board of Directors.

  1. VISA® Debit/Check Cards:
    A. All primary members that have not caused the Credit Union a loss and are of legal age are eligible to participate in the Visa Check Card Program. Joint owners are eligible for Visa Check Cards if the primary account holder authorizes the card and the joint owner is of legal age.
    B. Visa Check Cards should be considered a privilege given only to members who have proved their ability to responsibly maintain a share draft account. If a member has four (4) or fewer overdrafts in the past three (3) months, employees are authorized to issue a Visa Check Card to the member. If the member has five (5) or more overdrafts in the past three (3) months, management may authorize a Visa Check Card to the member. If management does not approve, the Credit Committee should review the application for the Visa Check Card for approval or denial.
    C. The Credit Union reserves the right to pull a credit check on the member and/or joint owner. If there is no derogatory history, an employee is authorized to issue a Visa Check Card. Questionable reports should be referred to Management and/or the Credit Committee.
    D. When the Credit Committee approves a Visa Check Card, they have the option of issuing on a probationary period. When the probationary period is used, one Visa Check Card overdraft will require the card to be “Hot Carded” and revoked. This period shall last for six (6) months.
    E. Management may decline or revoke a Visa Check Card to a member for any prudent and legal reason. Examples of reasons to deny a Visa Check Card may include, but are not limited to, the following: Delinquent loan(s), kiting, causing a loss to the Credit Union, negative share account or poor credit history.
    F. The following fee schedule shall be placed on Visa Check Cards:

    Annual Fee: None
    Non-sufficient Funds (NSF) Fee: $32.00
    Overdraft Transfer Fee: $32.00
    Transaction Fee: None
    Lost Card: $20.00
    No fee for malfunction or stolen card (2).
    PIN Replacement: $10.00

    G. When the Visa Check Card function is used, purchases are authorized against the most current daily balance (positive balance file). Purchases will be approved as long as the aggregate total of daily purchases does not exceed the amount in the current positive balance file.
    H. Members can obtain Cash Advances on Visa Check Cards from financial institutions that are Visa members. The maximum Cash Advance is $200.00 daily. If a member comes to the Credit Union office, only cash withdrawals will be allowed.
    I. The Visa Check Card can operate in the same manner as an Automated Teller Machine (ATM) Card. The cash withdrawal limit will be $200.00 or the available balance, whichever is less, in any given 24-hour period.
    J. In cases involving divorce, it will be the member’s responsibility to notify the Credit Union to close and/or make changes to the account. In the case of a deceased member’s account, notification from the family is requested and expected.
    K.

    The Credit Union has the right to “hot card” and/or revoke usage of the Visa Check Card if the member abuses the card. Examples of abuse are not limited to, but may include, the following:

    1.The member has a negative balance in their account for any reason.
    2. The member has excessive NSF activity.
    3. The member is more than two (2) months delinquent on their loan.
    4. The member has caused the Credit Union a loss.
    5. The share draft account has been closed.

    L. If a member’s card is suspended for any reason, the Visa Check Card will not be reissued for one (1) year. Only Management and/or the Credit Committee can approve re-issuance of a Visa Check Card. A credit check must be performed to ensure satisfactory credit activity. If the Visa Check Card is reissued after the suspension, there will be a six (6) month probationary period. If the member abuses the card during this period, it will be permanently revoked.
    M. The FALCON neural network will be used to reduce the occurrence of fraudulent transactions. This network helps to identify unusual activity in a cardholder’s account. Equifax will alert the Credit Union when a member has more than eight (8) authorized transactions or an aggregate total $750.00 in authorizations on any given day. If this activity appears unusual, the Credit Union should make an effort to contact the member to ensure that the authorizations are legitimate.
    N. Management is defined as the President/CEO, Vice-President, Operations Officer, or Loan Officer.

  2. Automated Teller Machines
    A. Member Responsibilities – Members may use their Debit/Check Cards to access funds from their share draft accounts as described in Section I of this policy.
    B.

    Credit Union Responsibilities – To ensure safety and soundness for both the credit union and its members, the following procedures have been set for administering a credit union owned Automated Teller Machine (ATM) network:

    1. General Security Procedures
    a. Personal Identification Numbers (PIN’s) will be generated by our Third Party Processor, Certegy. PIN’s will be mailed to members from Certegy in a separate mailing from any other correspondence.
    b. No procedure should ever require the cardholder to disclose the PIN in an oral or written manner.
    c. All credit union owned ATM’s will be designed in a manner that will reasonably prevent others from observing a cardholder entering a PIN
    d.

    PIN’s will be encrypted according to industry-accepted standards.

    e. All ATM’s will be placed in a secure, well-lighted location that provides the safest environment possible for our members to conduct their business.

    2. Tamper Resistant Security Module (TRSM) Management

    a. Prior loading any cryptographic keys, a physical inspection and/or testing of the equipment must be performed immediately prior to key loading. Keys should never be loaded if any suspicious conditions exist.
    b. Equipment must be protected to prevent or detect access by unauthorized personnel from the time of manufacture or removal from service to the time of key loading.
    c. ATM unit must remain locked at all times to ensure physical protection of the TRSM and to protect against the possibility that the TRSM might be stolen or modified.

    3. General Cryptographic Key Management

    a. Cryptographic keys should only exist in one of the following forms: in a TRSM; encrypted under a DEA key; or, managed as two or more full-length components using the principles of dual control and split knowledge. It is extremely important that the principles of dual control and split knowledge are never compromised! These keys are only to be combined within a TRSM. They will be maintained and transported in tamper-evident packaging. The keys will be stored in the credit union vault with a backup set maintained under the same standards at an off-site location.
    b. The President and Operations Officer will be entrusted with split-knowledge of key components. Reasonable measures should be taken to protect each key component so that no person can observe or otherwise obtain the component.
    c. Key components should be generated using a random process so that it is not possible to determine that some keys are more probable than other keys from the set of all possible keys.
    d. In the event that a key is ever compromised, the key and all affected components will be changed immediately. Compromised keys will be destroyed immediately in such a manner as to ensure the key cannot be recreated. A memo will be written to document the erasure and destruction of the compromised key, the key components and cryptograms. If the compromised key is shared with a communicating third party processor (i.e. Certegy), the communicating third party will also be notified of any known or suspected compromise.
    e. Each key should only be used for a single designated purpose. For example, a PIN encrypting key (KP) is not used as a key encrypting key (KK), and a general purpose data encrypting key is not used as a PIN encrypting key.
    f. A log should be maintained to document the retrieval and use of any keys. This log should record the date, time, person(s) involved and the purpose of access.
  3. Internet Banking /Personal Credit Union (PCU)
    A.

    North Georgia Credit Union shall maintain a site on the World Wide Web with a link to its E-Branch (PCU, provided by Users, Inc.). PCU will give registered members online, real-time access to their credit union accounts. All primary members that have not caused the credit union a loss and are of legal age are eligible to participate in the Internet Banking Program. PCU should be considered a privilege given only to members who have proved their ability to responsibly maintain their account(s). The credit union reserves the right to pull a credit check on member applying for service.

    B.

    Within PCU, members will have the ability transfer funds within their accounts (i.e. Savings to Checking, Checking to Loan, etc.), view account balances and view account histories. Secure access is provided via Verisign.

    C.

    From the credit union’s website, members and/or potential members will be able to find valuable information about the credit union’s history, rates, membership eligibility, products and services. Members will also have the ability to apply for loans, membership, debit cards, and access to PCU just to name a few. Any applications that require sensitive personal information are located in a secure environment provided by Thawte.

    D.

    It is the policy of this credit union to adhere to all website and/or internet compliance issues at both the Federal and State level.

    E. Members who use PCU must first agree to the credit union’s Home Banking Disclosure and Agreements.