Skip to content

Debit or Credit Card Security Breach Information 

First Capital takes member security very seriously.  If VISA notifies us of a security breach and we learn your debit or credit card number could be at risk, we will issue you a new card.  However, it may take up to seven days to reach you!  We ask that you continue to use your current card until your new card arrives.  Your compromised card will automatically close within 8 days of a letter being sent.  If we detect any fraudulent activity during this timeframe, we may need to close your card earlier than expected.  

Protecting Yourself

Always use caution when providing personal information on the Internet or in email and text messages. Even if you receive an email or text from someone who you know or do business with, be certain before providing any personal information. If you are not certain, do not reply to the message you received. Instead, open a new e-mail message and "reply" using the e-mail address you have on file for the person. This will ensure you are communicating with the right person. On the Internet make sure the website address includes "https" which indicates the communications are encrypted (secure) before sharing personal information.

Fraudsters are looking for the following types of information that can be used to steal your identity:

  • Account Numbers
  • Passwords
  • Personal Identification Numbers (PIN)
  • Social Security Numbers (SSN)
  • Credit Card Number
  • Debit Card Number
  • CSV Number (3-digit code on the back of cards on the signature line)

Remember, First Capital will never ask you for personal information via email or text message.

Smart Online Shopping — How to find a safe vendor

One of the risks to conducting e-commerce (shopping online) is choosing a vendor (or financial institution) that won't collect your personal information and sell it to some third party. Here at First Capital we will never sell your personal information.

Use Well-Known Merchants. Well-known companies are more likely to be honest, have good security procedures, and have the resources to find and stop identity theft.

Use Businesses that Have Physical Locations. Businesses that don't have real offices or are run out of someone's basement may mean they are fly-by-night businesses.

Use Businesses that are Registered. In almost every area of the world, there is some form of registration for businesses to operate. Companies that have registered have shown some level of effort to identify themselves personally with the organization and are less likely to engage in outright fraud.

Develop a Relationship First. If possible, make the first couple of purchases from the merchant in small dollar amounts.

Use Businesses that have Established a Good Reputation. Businesses that spend the time and effort to build a good reputation are not likely to defraud you. Reputation takes years to build and moments to lose. Search the name of the person or business to see what others say about them.

Register for an Alert Service. First Capital offers various email alerts associated with activities on your account. For more information, log in to Online Banking and click on Alerts.

Some credit card companies and other vendors offer protection services that monitor your card activity and/or credit reports and will notify you if there is suspicious activity.

Phishing Schemes

Phishing is a form of social engineering, characterized by attempts to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person or business in an apparently official electronic communication, such as an email or an instant message. The term phishing arises from the use of increasingly sophisticated lures to "fish" for users' financial information and passwords.

How to spot a phony e-mail

Some of the phony or bogus e-mails can look very official. Fraudsters are getting very good at stealing logos and graphics from a company site to make their own phony or spoof website. However, you can usually still spot the fakes by the following characteristics:

  • Verify your Account – Phishing e-mails normally ask you to go to a website. to "verify" personal information, such as an account number, credit card number, password, PIN, etc.
  • Warnings or Urgency – You will often see a sense of urgency or warnings in a phishing email, such as your account will expire in 48 hours if you don't enter the requested information.
  • "Dear Valued Customer" – Usually, you will not see your name or anything identifying you (such as the last 4 digits of an account) in a phishing email. They usually always have a generic heading.
  • "Click Here" – Fraudulent e-mails usually have a link taking you to a phony or spoofed website. If you do see a web address, it may be an IP address or suspicious looking domain names — including meaningless number or text before or after a legitimate website. address.

If you get an email with any of these characteristics, be extremely leery. It is most likely a phishing email. If you receive an email similar to those described above and it is representing itself as being sent from First Capital, please forward it immediately to: [email protected].

Smishing Schemes

Credit unions across the country are now reporting their members are receiving unsolicited text messages. It's an attempt at Smishing, the latest form of phishing. In Smishing, an email tries to lure a recipient into giving personal information via SMS, the communications protocol used to send text messages to a wireless device. The recent scam is targeting credit union and other financial institution members.

In smishing, the members receive a text message via cell phone warning that their bank account has been closed due to suspicious activity. It then tells them they need to call a certain phone number to reactivate the account.

Unsuspecting callers who dial the number provided in the text message will be taken to an automated voice mail box that prompts them to key in their credit card or debit card number, expiration date, and PIN to verify their information.

If you receive a text similar to those described above and it is representing itself from First Capital, please forward it immediately to: [email protected].

Report Phishing Attempts

If you suspect that you have received a fraudulent or suspicious e-mail representing itself as being sent from First Capital, please forward it immediately to: [email protected].

When you report a fraudulent or suspicious e-mail, we will work aggressively to shut down the site and pursue criminal prosecution of the perpetrators.


Do NOT change, edit or retype the subject line of the e-mail you are forwarding. This inhibits our ability to properly investigate its origin. After forwarding the e-mail, immediately delete it from your inbox.

Other Fraud Links

Stop. Think. Connect

STOP. THINK. CONNECT.™ is the global cybersecurity awareness campaign to help all digital citizens stay safer and more secure online.

Do Not Call List

Unwanted telemarketing calls can be a nuisance and an intrusion to your privacy at home. Pennsylvania has joined a number of other states in passing a "Do Not Call" law. As a result, Pennsylvanians now have the option to eliminate many of these calls by placing their names on a statewide "Do Not Call" list

Catching Phish: Take a Quiz

Test your knowledge of phishing scams - Government Made Easy

The U.S. government's official web portal, makes it easy for the public to get U.S. government information and services on the web.

Federal Trade Commission (FTC)

Federal Trade Commission consumer information

Social Security Administration

Social Security Administration, Office of the Inspector General, Fraud Hotline provides an avenue for reporting fraud, waste, and abuse within SSA's programs and operations.

APWG is the global industry, law enforcement, and government coalition focused on unifying the global response to cyber crime through development of data resources, data standards and model response systems and protocols for private and public sectors

The Internet Crime Complaint Center

The IC3 is a partnership between the FBI, the National White Collar Crime Center, and the Bureau of Justice Assistance, whose mission is to serve as a vehicle to receive, develop, and refer criminal complaints related to cyber crime.