Skip Navigation Documents in Portable Document Format (PDF) require Adobe Acrobat Reader 5.0 or higher to view, download Adobe® Acrobat Reader.
Man using laptop and mobile phone


Member Fraud Alert: Phishing Attempt

March 17, 2022
Pima Federal Credit Union has been notified about a recent phishing scam. Members have reported receiving a phone call from a person claiming to be a representative from Pima Federal requesting personal information. Likewise, if you receive a text message that appears to be from Pima Federal Fraud Detection, we presently do not use this method of contact to verify fraudulent transactions. Pima Federal will never contact you and request personal identifying information including: online banking credentials, date of birth, social security number, debit card PIN, etc.

If suspicious behavior is suspected on your account, our team may contact you to verify the validity of the transactions in question; however no personal identifying information will be requested of you.

If you receive a call from an unknown source claiming to be a representative from Pima Federal, it’s best not to provide any personal and/or account information by any means. Advise the caller you will be contacting Pima Federal directly and give us a call at (520) 887-5010.

Protecting Yourself at an ATM

July 14, 2020
Precautionary Steps to Take When Using ATMs*
There are several precautions, you as a member can take to increase your personal safety when using ATMs. Your safety at an ATM is about being prepared.
  • Remain aware of your surroundings, particularly at night. If you observe or sense suspicious person or circumstances, do not use the machine at that time.
  • Prepare your transaction before you approach to minimize time spent at the ATM. Get down to business at the ATM. Fumbling for your card in front of the machine makes you vulnerable and takes your attention away from what is happening in the vicinity.
  • If an ATM is hidden from public view (including overgrown shrubbery or landscaping), poorly lit, or ATM lights are not working; don’t use it and go to another ATM.
  • Avoid using ATMs at night or take a companion with you if necessary. Park as close as possible to the ATM walk-up. When you have completed your transaction, leave the ATM as quickly as possible.
  • If anyone or anything seems suspicious, cancel the transaction and leave immediately. Do not accept assistance from strangers when using an ATM.
  • Do not count or visually display cash; instead, pocket it immediately when you complete the transaction, and take your card and receipt. Verify the cash when safe to do so.
  • If anyone follows you after making an ATM transaction, go immediately to a crowded, well-lit area and call the police.
  • If you are involved in a robbery situation while using the ATM, do not resist. Give the money to the suspect immediately. Contact the police when safe to do so.
  • Protect your PIN and the privacy of your transaction by shielding the keypad while standing close to the ATM to prevent others behind you from observing your transaction detail.
  • Always check your ATM receipt against your statements to identify any unauthorized transactions.
  • Immediately report a lost or stolen ATM, debit, or credit card.
A few additional tips when using an ATM located within a drive-thru lane:
  • Keep all doors locked on your vehicle, windows rolled up, and your engine running while using a drive-up ATM.
  • Leave enough room between your vehicle and the vehicle in front of you to exit, should the need arise.
  • Keep a close eye on your rear and side view vehicle mirrors during the transaction. 
*Source: CUNA Mutual Group

Member Communication – COVID-19

March 25, 2020
As we continue to wrestle with the Coronavirus (COVID-19) pandemic, we are also grappling with new methods criminals are using to perpetrate fraud against our members. To help combat these new fraud schemes, we are sharing information to help you protect yourself against some of these new scams.
The Federal Trade Commission (FTC), Division of Consumer and Business Education, release the following tips:
The federal government has discussed several proposals involving sending money by check or direct deposit to American consumers.
  • The government will not ask you to pay anything up front to get this money. No fees. No charges. No nothing.
  • The government will not call to ask for your Social Security number, bank account, or credit card number. Anyone who does is a scammer.
  • These reports of checks aren’t yet a reality. Anyone who tells you they can get you the money now is a scammer.
While the details are still being worked out, the Federal Trade Commission posted a blog entry on several important things consumers should know, no matter what the final decision turns out to be.
The FTC also urges anyone who spots one of these scams to submit a complaint to the FTC. You can click here for the FTC’s up-to-date information on the COVID-19 related scams.
The FTC also has an article on How to Recognize and Avoid Phishing Scams.

Fraudulent Activity Notice

February 5, 2020
Pima Federal received multiple member notifications of fraudulent pin-based ATM transactions. Every indication thus far shows no breach in Pima Federal’s security, or any other credit unions’ for that matter. This type and limited scope of debit card fraud, mixed with the fact that multiple financial institutions have been affected, is indicative of a Tucson-based merchant point of compromise. The most likely method of compromise is by the use of a card skimmer that captures card and PIN information.

Once notified, Pima Federal immediately began working with our card processor to put a strategy into place to mitigate future fraudulent activity. Members affected are being issued provisional credit to ensure no financial impact to them. We are further instructing them to get a new debit card, which can be instantly issued at their nearest branch.
As always, our members’ security is a top priority for us and we will continue to monitor our cyber security measures on a daily basis to ensure they are working properly.
Here are some helpful tips in preventing debit card fraud:
  • Regularly monitor your account statements and immediately report any suspected fraud.
  • Before inserting your card, check any merchant or gas pump terminal carefully for skimming devices. If the card reader appears to have been tampered with, immediately report it to that organization’s management.
  • Sign up for Debit Alerts, such as the service offered by Pima Federal.
  • Be wary of utilizing ATMs not owned or affiliated with a financial institution.
  • Utilize available tools and technology such as the Pima Federal mobile banking app or online banking site to have instant access to account activity and information.
January 30, 2020
It has come to our attention that Tucson credit union members may be receiving fraudulent phone calls that appear to be coming from their credit union, or other local credit unions. These callers may ask for personal, account, or online banking information. Please remember that, in the event we need to call you in regard to your account, we will never ask you to provide confidential information, such as social security number, online banking credentials, account numbers, or date of birth. If you receive any call that appears to be from Pima Federal where the caller requests such information, please do not engage with the caller, hang up, and contact us immediately at 520-887-5010. 

July 11, 2019
As reported earlier this week in the news, a local crime ring has uncovered a new way to access funds affecting the Tucson and Oro Valley communities. In an effort to protect our community from further vulnerability, Pima Federal would like to address the nature of this fraudulent activity. 

It is suspected that these criminals may have obtained consumer information from one of the recent data breaches that had the potential to affect consumers nationwide, such as the Equifax breach. It is important to note that there is no evidence of a security breach at Pima Federal nor was our database compromised in any way.  

This was an isolated incident for our credit union, however there have been reports of other financial institutions being affected. In our case, employees of the credit union were able to detect the suspected fraud early, thwarting any further efforts by this group. Immediately after the fraud was discovered, Pima Federal notified the affected member and quickly reconciled their account to prevent our member from experiencing a financial loss. 
As always, please review your account activity on a regular basis, including revolving credit accounts such as home equity lines of credit, credit cards, and personal lines of credit, in order to detect potential misuse early.
If you ever suspect any potential fraud, please contact us immediately. 
Pima Federal’s top priority is our member’s safety and security.  

Marriott Announces Starwood Hotels Data Breach

PSCU Risk Analytics is currently researching the announced breach of the Starwood Hotels guest information database. 
We are in the very early stages of our investigation. Currently, Marriott (parent company of the Starwood Hotel chain) has indicated exposure of the following:

  • Name, gender and date of birth
  • Mailing and email addresses
  • Phone number
  • Passport number
  • Starwood Preferred Guest account information
  • Arrival and departure information
  • Reservation date and communication preferences
Marriott has stated that payment information was protected by encryption technology, but have not ruled out the possibility of the encryption keys being exposed as well.  

Data Exposure Timeframe

The exact timeframe of the data exposure is yet to be confirmed, however, there are indications the timeframe of exposure started sometime in 2014 and concluded in September 2018. With that suggested timeframe, it is noteworthy to point out a previously disclosed data breach by Starwood of their point-of-sale (POS) terminals, with exposure dates of November 2014 through November 2015. 
Starwood hotel brands include:
  • W Hotels
  • St. Regis
  • Sheraton Hotels & Resorts
  • Westin Hotels & Resorts
  • Element Hotels
  • Aloft Hotels
  • The Luxury Collection
  • Tribute Portfolio
  • Le Méridien Hotels & Resorts
  • Four Points by Sheraton and Design Hotels that participate in the Starwood Preferred Guest program
You can view the press release from Marriott here.
Source: PSCU

Member Alert: Phishing Scam Details

September 10, 2018
Pima Federal Credit Union has been notified about a recent phishing scam. Members have reported receiving a phone call from a person claiming to be a representative from Pima Federal requesting personal information. Please be advised Pima Federal will never contact you and request personal identifying information including: date of birth, social security number, debit card PIN, etc.

If suspicious behavior is suspected on your account, our team may contact you to verify the validity of the transactions in question; however no personal identifying information will be requested of you.

If you receive a call from an unknown source claiming to be a representative from Pima Federal, it’s best not to provide any personal and/or account information over the phone. Advise the caller you will be contacting Pima Federal directly and give us a call at (520) 887-5010.

Let's Protect Each Other!

Our members and the credit union as a whole continue to see fraud related activity and suffer losses, generally with no insurance coverage or safeguards outside of prosecution. The suggestions below are provided to reduce your exposure to becoming a victim of a fraudulent scheme or possible identity theft. 

Member Guide to Fraud and ID Theft

At Pima Federal, part of our mission is to “Protect Our Member-Owned Assets”. If you have experienced identity theft or fraud, here are some resources to help you protect your identity and credit history.

Law Enforcement

Contact the appropriate law enforcement agency for your residence. (Non-emergency phone numbers listed)

  • Tucson Police Department – 520-791-4444 (8am–6pm)
  • Pima County Sheriff – 520-351-4900
  • Marana Police Department – 520-682-4032
  • Oro Valley Police Department – 520-229-4900
  • Springerville Police Department – 928-333-4240
  • Eagar Police Department – 928-333-4127
  • Apache County Sheriff – 928-337-4321


Replace any lost identification

Credit History/Identity Theft

Contact the three credit bureaus to place Fraud “alerts” on your credit report

Remember to visit to get copies of all three credit reports in 30-60 days to review for free.


Change any compromised passwords. For example: computer, home banking, Pima 24/7, personal identification number (PIN) for cards, etc.

If you close your checking account and/or VISA Debit card and open new ones due to fraud or theft, remember to update your new account information with the following entities as necessary:

  • Employer’s Payroll/HR department to change your direct deposit information.
  • All companies that take recurring automatic debits by electronic check, ACH, or debit cards to update your new account information or card number.
    • For example: gym membership, Netflix service, TEP bill, bill pay service, etc.

Courtesy Notice Regarding Equifax Data Breach

As a courtesy to our members, we are providing a briefing on the Equifax Inc. breach and suggestions for increased peace of mind.

On September 7, 2017, Equifax Inc. announced that hackers had breached some of their systems through a website vulnerability, and data had been compromised on roughly 143 million customer records. Equifax indicates the records included Social Security numbers, birth dates, address and driver's license numbers. The unauthorized access occurred from mid-May through July 2017, based on Equifax's investigation. Further information indicates that a smaller number of credit card numbers and dispute documents were also accessed (i.e. fewer than 500,000 combined), which contained personally identifiable information (PII). Those consumers will receive direct mail notices. The investigation is largely complete, yet not concluded. As we learn more information, we'll share it through our website.

In response to the breach, Equifax Inc. has established a website at to assist consumers in learning whether their records were accessed and enroll to receive a free, one-year subscription with TrustID Premier, an identity protection company owned and operated by Equifax.
Subsequent reports have raised questions about the accuracy of the website tool, and the most current information indicates that any person with a credit history should take action as if they were affected.
Pima Federal's primary credit bureau relationship is with Experian, rather than Equifax Inc., yet as with most all financial institutions, credit bureau reporting includes Experian, Trans-Union and Equifax Inc.

Suggestions for increased peace of mind include:
  • Use caution with your current security questions and information; update as needed.
  • Use multi-factor authentication wherever possible.
  • Regularly review your deposit and loan statement information, and check online banking transactions frequently for any unauthorized activity.
  • Be aware if you stop receiving mail and/or timely statement information.
  • Monitor your credit report regularly.
  • Consider adding a lock or freeze on bureau information, along with a PIN. (Consult with the bureau agencies for guidance.) 

Fraudulent Cashier's Checks Continue to Circulate Across the Country

Pima Federal Credit Union continues to warn consumers and businesses about a national scam targeting parties selling items on Craigslist (e.g. “overpayment scam”) and individuals applying for jobs online (e.g. office assistant or personal assistant jobs, car wrap ads, or other similar employment) through Craigslist and most recently, Indeed and ZipRecruiter. The employment scammers send the items primarily by 2-day or 3-day Priority letter through the United States Post Office, delivered to consumers across the country. In the envelope, consumers are receiving fraudulent cashier's checks (blue, usually marbled in appearance, though variations are also circulating), allegedly from Pima Federal.

The fraudulent cashier's checks are for amounts generally between $300 and $8,660, with most under $5,000, (e.g. $3,850 and $4,980.50 are common amounts, with other amounts reported) and come with instructions either by a letter or by text to deposit the check to your account then send excess funds to specific individuals (not usually the remitter of the fraudulent check) using Western Union or pre-paid cards (e.g. iTunes or other “untraceable” cards).

The Craigslist scam involves texting to confirm the "payment" was received and the check hold was released. Instructions will be provided to send the overpayment by “wire” (or text the pre-paid card code) back to the scammer. Payment is made with a fraudulent cashier's check.

If the consumer follows the instructions, they become victims when the fraudulent cashier's checks are returned as "altered / fictitious."

Consumers can protect themselves by asking their financial institution to place an extended hold on the check (i.e. doubtful collectability), and/or contact our Contact Center at (520) 887-5010 to verify whether the check is fraudulent.

We may ask you to provide your daytime contact number, a photo copy of the check, the instructions, and copy of the envelope mailing label by scanning the information to Pima Federal’s e-Services group to assist in the investigation. Information you provide to Pima Federal may be forwarded to law enforcement.  Law enforcement may ask for any original documents you may have.

Protecting consumers from becoming potential victims of this scam is important to Pima Federal.

Staying Safe and Secure with Your Mobile Device

We love that our members are using mobile banking features more and more, where taking care of financial needs are often only a few steps, clicks and swipes away! In order to keep your account information safe, here are a few mobile device security tips:

  • Password protect your mobile device and set your device to auto lock.
  • When not in use, store your mobile device in a secure location.
  • Be cautious when using unsecured, public Wi-Fi.
  • Keep your mobile operating system and mobile software up-to-date to ensure the highest level of security.
  • Install a security app on your mobile device.
  • Avoid storing passwords and other sensitive information on your mobile device where it could be discovered if lost or stolen.
  • If you lose your mobile device, immediately contact your carrier to block or suspend your device.

DocuSign Data Breach - Information for our Members' Peace of Mind

On May 17, 2017, DocuSign confirmed a data breach occurred at one of their computer systems. The data stolen was isolated to DocuSign established account customers and their user email addresses. According to DocuSign, the breach did not extend to individuals who were simply providing electronic signatures. Unless you had a DocuSign account established as a customer of DocuSign directly, your data was not compromised by a document you signed at Pima Federal. DocuSign has a Trust Center and provides information on personal safeguards.

Your safety and security are top of mind at Pima Federal.

Top Priorities for 2017

At Pima Federal, keeping our members and member assets safe is one of our highest priorities in this ever-increasing digital age. Security is top of mind, and fraud is on the rise internationally. That said, we want to ensure our members have easy access to pertinent security information.
To protect against fraud and stay abreast of fraudulent schemes, the FBI has added a comprehensive section you can easily access called "Scams and Safety".

One of our favorite security resources published by the FBI is the Fraud Alert Poster.  The document is a great way to quickly check the alerts we all need to protect ourselves from and stay safe.

We continue to see scams in the area of online dating, Craigslist classified ads, and online job opportunities that prove to be fraudulent. Please research before you transact, and use your intuition and best judgment to protect yourself and your family from predatory behaviors.  With tax season coming up, we want you to know that the Internal Revenue Service (IRS) has been targeted for fraudulent scams.

The IRS has recently issued a series of alerts regarding an increased surge in telephone, email and text scams demanding money or personal information from taxpayers. It is important to know that the IRS only utilizes the U.S. Postal Service mail to communicate with taxpayers. If you receive another form of communication stating that they are from the IRS, you are hearing from a scammer.

The scammers will state they are with the IRS and provide a fake identification number. The scammers can become very aggressive in demanding immediate payment to a prepaid debit card or for a wire transfer. They may threaten you with a lawsuit or being arrested if you do not submit an immediate payment. None of these actions will happen when you ignore the demands. Some of the most recent scams include demands for:

  • Payment of taxes related to the Affordable Care Act
  • Payment of taxes targeting students and parents for school related taxes
  • Telephone calls to immigrants threatening deportation unless they immediately pay non-existent taxes
  • Telephone calls indicating the person has your tax returns and need to verify information
  • Phishing emails that appear to be official IRS letters asking to disclose information

With knowledge and a bit of savvy, you can successfully protect yourself and your assets.
If in doubt, Pima Federal's Risk Management Department is available for you by calling our Contact Center at (520) 887-5010 and asking to speak with a member of the Risk Management Team. 

If you receive a call from an unknown source, it's best not to provide any personal and/or account information over the phone. Legitimate companies generally do not solicit personal information by phone. Check independent sources (e.g. check the business out on the Internet, call the number back or research the number that just called you). The Better Business Bureau has detailed, searchable scam information available at BBB Scam Tracker.
Do not provide your debit, credit card, PIN number to any other individual, including family members. A joint card may be issued to a joint account holder. Online dating scams often involve a financial request (e.g. to deposit a check for someone else, and send them the money, or portray a family / medical emergency), and if you don't know the person (i.e. have never met in person) or haven't known the individual long, the transaction can put you and your account at risk. In addition, many online dating fraudsters ask for your account information or online banking credentials when they convey a financial request.
If it sounds "too good to be true," it likely is. Be cautious of employment ads for secret shoppers, ads for administrative assistants, and nanny employment. The fraudsters often use text messages for communication and can sound quite convincing. They will generally provide overpayment, and then ask for some funds back. Contact the company directly (i.e. look up the phone number from a Google search) to verify the check was issued, valid and authorized. Once you negotiate the check, you are responsible for it.
Keep a watchful eye on your account activity through our mobile app, our Online Home Banking or our "24/7" Automated Phone System. Check on your accounts frequently to ensure the activity is authorized. Sign up for alerts and notify card issuers when you travel.

If ever you are a victim to a fraudulent scheme, you can report it to BBB Scam Tracker us to help warn others. Report online related fraud to the FBI Complaint Department. Additional resources for scams and identity theft can be found at the Federal Trade Commission site.

Together We Are Better - Trends in Fraud and Recent Scams (September 11, 2015)

In the past few months there has been a significant rise in fraudulent and fictitious items being presented to our members. It's alarming and we want to ensure our members are informed.

A number of recent cases have involved internet dating in particular, where an individual(s) attempts to gain the member's trust, and then asks for a "favor" by conducting a financial transaction for them. Once an account number is provided, the scam begins, and multiple requests usually follow. The common thread is the moving of money through the account.

In other cases, members have received e-mails for mystery-shopper type programs, or used online classified advertising services and in some cases, checks have arrived by mail somewhat out of the blue.

The common thread for these transactions is that members are presented with checks or deposits into their account, and are then provided "directions" to move the money elsewhere, sometimes in cash to another financial institution, or wire the monies overseas. The amount of the check is often in the thousands of dollars and usually between $2,500 and $5,000, or more.

In other rare cases, fraudulent federal tax refunds are placed in member accounts, and the member is asked to withdraw the money in cash and provide it to another financial institution, or wire the monies overseas.
In nearly all cases, the original funds are not legitimate. The check ends up as a returned item on the member's account, and/ or the automated deposit turns out to be ill-gotten funds, and our members are left with potential losses and potential legal issues with the authorities as a result.

We can help protect our members by bringing awareness in a number of ways. First, the old adage is true: if it sounds too good to be true, it probably is. Use common sense and intuition to protect yourself and the cooperative. A little bit of research can go a long way, including:

If an unknown check is received, calling the bank or credit union in which the check is drawn upon may provide valuable insight into whether the account is valid, whether there is a stop payment or other pertinent information to make a decision about whether to deposit the check.

If the check is deposited, asking for an EXTENDED hold protects against spending money that may end up returned (overdrawing the member's account).

We recommend that you consider calling the payor to determine if the check is legitimate.
A little bit of research goes a long way in protecting against a loss and any legal issue(s) that might arise from your acceptance of the monies.

The Risk Management and the Retail Support and Development Teams are available to help you if you encounter situations where you believe you are placed under undue risk, and may feel uncomfortable talking about it with others. Local authorities (police, sheriff) are available to assist you as well. We are here to help. Together we are better. Together we are stronger.

ALEXANDRIA, Va. (March 17, 2015)

The National Credit Union Administration has received reports of an online phishing scam that uses a website with a logo and a design similar to the agency’s own site in an attempt to convince unwary customers to provide information or send money.

Consumers have received emails from the National Credit Union website, which apparently originates in Australia and claims to offer services in the United States, Europe and the Commonwealth of Independent States. This website is not affiliated in any way with the National Credit Union Administration, a federal agency, and the emails are not from NCUA.

The emails attempt to persuade individuals to provide personal information, such as Social Security numbers, account numbers and login information, or transfer large amounts of money. Consumers should neither provide information to this website nor attempt to conduct any financial transactions through it. NCUA would not request personal or financial information in this manner. See NCUA’s Privacy Policy for more information.
Consumers receiving such emails should call NCUA’s Fraud Hotline toll-free at 800-827-9650 or 703-518-6550 in the Washington, D.C., area. Consumers should also contact the Internet Crime Complaint Center, a partnership between the FBI and the National White Collar Crime Center. NCUA also offers information about avoiding frauds and scams on its website.

CUNA tips can help CU members in wake of Anthem Breach
Source: Cuna News Now 02/10/2015

The breach to befall Indianapolis-based Anthem Inc., the second largest health insurer in the United States, may be one of the most harmful yet.

Anthem announced last week that hackers had infiltrated its servers and nabbed names, addresses, Social Security numbers, birthdays, emails and employment information of up to 80 million current and former customers ( The New York Times Feb. 6).

While the hackers were unable to obtain medical record data, experts say the cybercriminals can still easily commit medical identity theft and fraud.

Given the size of the breach, credit union members and consumers may be wondering what steps they can take to protect themselves if they're an Anthem customer.

Michelle Dosher, CUNA market research and consumer education managing editor, said customers should be on the lookout for scammers mimicking emails purportedly sent from Anthem asking for personal information.
"If you receive an email from a company regarding a security breach, don't automatically open it," Dosher told News Now . "First, go to the company's website or call to make sure the information online matches the email you received."

Or, if you've already opened the email, Dosher said make sure not to click any links until the information has been verified with the company online or by phone. Emails from fake Anthem accounts have already been sent by scammers to consumers, according to The New York Times.

To protect against medical fraud, consumers also could consider making copies of their own medical files so they have accurate versions of their histories before hackers have the opportunity to make any changes, according to Pam Dixon, World Privacy Forum executive director ( The New York Times ).

If you have a smartphone it is important to view your device as a mini computer (after all, that’s what it is). We recommend protecting your device with a password. Use caution when downloading apps and be sure you are researching them before you download. Also, do not send text messages that contain personal information. This will help protect you, should your device become lost or stolen.

Public WiFi
The danger with using public WiFi to work remotely or login to your online banking account is that it can also give hackers a green light to spy on you and take note of sensitive information including passwords. Consider this scenario: A hacker creates a hotspot named Hotel WiFi in a hotel lobby using a USB antenna and laptop. You connect to it and log into your email or other account. Counting on you to do this, the hacker creates this fake network, which is masquerading as a legitimate one. A type of rogue WiFi network is an evil twin, which is designed to look official. But when people login, hackers steal your passwords and other sensitive information. They can also use these networks to trick you into downloading malware.