HEB Federal Credit Union

NetBranch Enrollment

Enrolling in NetBranch is easy - here's how:

  • In the User ID box, enter your HEBFCU member number.
  • In the Password box, enter your ABBY PIN if you have used one; if not, enter the last four digits of your Social Security number and select the login button.

If you need assistance, please contact us at 210.938.7850.


CheckMate Debit and ATM System Maintenance Scheduled

Monday, August 21st we will perform an upgrade to our CheckMate Debit and ATM card system. From 2:30 am - 8:00 am there may be restrictions to ATM cash withdrawals as well as limitations on purchases with your cards. Balance inquiries and transfers will be disabled at the ATM. Please plan to withdraw cash in advance and/or carry your checkbook and credit card for large purchases.

Petya/Petrwrap Malicious Activity Alert

June 29, 2017  -  NCR-Digital Insight, our digital services provider, is aware of the current ransomware outbreak being identified in the news associated with the Petya/Petrwrap malware family. Similar to the recent “WannaCry” cyberattack, this threat will encrypt the files on a computer, rendering them inaccessible unless a ransom is paid. It is unclear how the ransomware is spreading, but it is believed to be currently spreading via the same path as WannaCry – circulating itself to any additional computers it can reach via the network.

The NCR-Digital Insight Information Security team has taken a number of steps to proactively prepare and mitigate the risk of this specific attack and is currently working with security vendors to ensure that all internal systems and customer-related data are protected.

As always, each of us should be aware of email phishing and non-reputable web sites:

  • Be suspicious of emails from sources you do not know or recognize.
  • Do not click on links or open attachments from unknown senders.
  • Be suspicious if the message promises something "too good to be true."
  • Be wary of any email requesting personal or financial information.
  • Beware if the message uses time-based constraints (i.e. "click the link within 24 hours or else".)
  • Read the message content carefully and look for misspelled words and poor grammar. This is typically a sign of a phishing email.
  • NEVER enter your password or personal data into a site or window you've arrived at by following a link in an email. Even if it's a site you trust like your financial institution, it's better to go directly to the site by using your bookmark or typing the site's address directly into your browser.
  • Do not download software from web sites that are not reputable.

Our network security technology currently detects Petrwrap, and NCR-Digital Insight is confirming that it also detects all variants.

  • At this time our anti-virus vendor has an updated signature file that detects all current versions of the Petya/Petrwrap family malware, and this update is currently being distributed.
  • Our email security provider has not seen an indication that this is spreading via email, but if it is, our email security filtering system would strip any malicious emails if found, and we are working with our provider to identify any additional protections we can implement.

For more information on the Petya/Petrwrap cyber threat see https://www.wired.com/story/petya-ransomware-outbreak-eternal-blue.

Yahoo Data Security Breach

If you are a Yahoo user, you should have received notification from Yahoo of a data security breach that could involve your Yahoo account information. More information is available on the Yahoo web site.

In addition to the security recommendations from Yahoo listed below, you can further protect yourself by changing your password on NetBranch. After logging in, click on “My Settings” in the top right-hand corner of the page. NetBranch passwords should be:

  • Minimum of 6 characters (8 is more secure)
  • A mix of letters, numbers or symbols

Yahoo is encouraging all users to:

  • Change your Yahoo password and/or security questions
  • Change your password and security questions and answers for any other accounts on which you use the same or similar information used for your Yahoo account
  • Review all accounts for suspicious activity
  • Be cautious of any unsolicited communications that ask for your personal information or refer you to a web page asking for personal information
  • Avoid clicking on links or downloading attachments from suspicious emails

As a reminder, it is always good practice to update all online account passwords every few months and to use a different password for each account. Passwords are more secure when they are at least 8 characters long and include a mix of letters, numbers and symbols.

NCUA Warns of Text Phishing Scam

The National Credit Union Administration has received consumer calls about a suspicious text message claiming to come from the agency.

The message reads: “National Credit Union Administration Alert for (recipient's phone number). Contact 844-234-5445.”

This is not a communication from NCUA. The agency does not seek personal information through the internet or on the telephone. This message has been received by HEBFCU members.

Please contact NCUA's Consumer Assistance Center at 1-800-755-1030 between 8 a.m. and 5 p.m. Eastern if you receive one of these messages. NCUA also recommends contacting your credit union and local law enforcement. Read more information here.

HEBFCU Ranks #9 in America

H-E-B Federal Credit Union has been included in the 2016 Top 200 Healthiest Credit Unions in America by Deposit Accounts, an online bank account comparison service. HEBFCU was evaluated with over 6,000 other credit unions and took ninth place.

Two more San Antonio credit unions were included in the Top 200; Synergy Federal Credit Union took 44th place and Randolph Brooks Federal Credit Union took 184th place. An additional 21 Texas credit unions made the Top 200 list.

Deposit Accounts uses a proprietary formula to assess the financial health of all federally insured banks and credit unions in the US. Some of the key components of the formula include capitalization, deposit growth and loan-to-reserve ratios.

Deposit Accounts was created in 2005 by Ken Tumin as the Bank Deals Blog. Almost ten years and more than 10,000 articles later, the site has grown to become one of the largest consumer destinations in the United States maintaining a dedicated focus on depository banking products.

More information can be viewed at https://www.depositaccounts.com/banks/health.aspx#healthiest.

NetBranch Updates Provide New Services

New services are now available on NetBranch.

  • Track CheckMate debit card purchases in real time; look for "Pending" transactions on your Account History Page
  • Use nicknames to distinguish your accounts easily; log into NetBranch Online and click on "My Settings" in the top right corner, then select "Rename and Hide Accounts"

New services and functionality are added continuously to ensure NetBranch brings you the best online and mobile experience.

Data Protected from SQL Injection

We take security threats very seriously and prioritize the security of your account information and credentials. You may have heard about the recent theft of 1.2 billion user name and password credentials by a Russian crime ring. Our online banking vendor has strong security measures in place to prevent our vulnerability to this attack. Although the list of impacted companies is not yet publically available, it is highly unlikely our online banking was affected. We are monitoring the situation closely and will provide updates if there is additional information to share.

Security Update: Microsoft Reports Vulnerability

Microsoft has issued a security patch to address the Zero-Day vulnerability that exists in versions 6 through 11 of Internet Explorer. It is recommended that IE users download the security patch immediately. For more information, follow this link to read Microsoft's Security Bulletin.

Security Update: Heartbleed Bug

We are keeping a close eye on the "Heartbleed" bug you may have heard about. The vendor we use for Online Banking has completed an assessment and has confirned no vulnerabilities were found. Rest assured that we will continue doing everything we can to help ensure that your information is safe.

Monitor Accounts for Fraud in Michaels Data Breach

The Michaels data compromise is, unfortunately, the latest in a long line of breaches, and likely will not be the last. Whether you used a debit or credit card at Michaels May 8, 2013 – January 27, 2014 or not, this is a timely reminder to be diligent about monitoring your accounts.

Our card processor will be monitoring accounts for potential fraud and we urge you to watch your transactions as well. To control fraud that could occur with your accounts, here is what you should do:

  • - Monitor your account frequently using NetBranch online banking, Mobile and Text banking, or ABBY automated telephone banking.
  • - Notify us immediately if you see a transaction you don’t recognize by calling 800.765.3256 or 210.938.7850.
  • - Sign up for email Alerts & Notifications in NetBranch under the Additional Services tab. More alerts are available within FinanceWorks.

Be sure you have current contact information on file with the credit union. We’ll be monitoring your accounts as well, and can call or email you if we discover unusual activity.

Most importantly, don’t let your guard down, even if you don’t have any issues after a few weeks or months. Often when information is stolen, it is sold on the black market to groups that may hold it for months or years before using it to commit fraud.

A New Look for H-E-B ATMs

Your go-to ATM may now be located in a new space within H-E-B and may have a new look. If you see a blue topper with “BBVA Compass,” check for the H-E-B logo on the front bottom panel of the ATM. Machines with the H-E-B logo will still provide free cash withdrawals to HEBFCU Members.

If you’ve been charged an ATM withdrawal fee in error, contact the Credit Union at 210.938.7850.

BBB Issues Scam Alert for Credit Cards

The Better Business Bureau has issued an Alert for consumers to watch for small, unexplained charges that may appear on credit card statements. With this new con, scammers are expecting that many consumers don’t check statements carefully and will overlook a small charge.

Recent victims were charged $9.84, but scammers may change the amount as word gets out and awareness grows. Review all charges on your credit card statements carefully and contact your financial institution or credit card issuer if you find unauthorized charges.

If you have an unauthorized charge it is likely that your credit card information has been compromised and scammers will continue to make fraudulent charges. Contact the issuer and request a new card to prevent continuing fraud.

For more information on scams from the BBB, check out BBB Scam Stopper.

NCUA Warns of Telephone Fraud

Consumers Targeted by Vishing Scam Should Call NCUA's Hotline

The National Credit Union Administration today warned consumers to beware of a new telephone fraud, known as a “vishing” scheme, that is using the agency’s name in an attempt to obtain personal financial information.

Nationally, some credit union members have been contacted by an automated phone call claiming to be from NCUA and notifying consumers their debit cards have been compromised. The call then asks the receiver to follow prompts, which request personal information, including sensitive financial data and personal identification information.

Anyone contacted by this so-called “vishing” scheme should immediately contact NCUA’s Consumer Assistance Center Hotline at 800-755-1030 or by email at phishing@ncua.gov to report the scam. Operators answer calls Monday through Friday between 8 a.m. and 5 p.m. Eastern.

Online Scam Utilizes Fake Chat Boxes

There is a new online scam that utilizes fake chat boxes, according to the Texas Credit Union League. Reported in the Nov. 5 edition of the TCUL’s LoneStar Leaguer eNewsletter, this scam targets unsuspecting Internet users.

Here’s how it works… the unsuspecting Internet user is on his financial institution’s Web site when a message flashes up that says, “We are running a security check.” Then, a live chat box pops up with a message that “a representative will be with you shortly.” As promised, the “representative” begins a live online chat session with the user asking for confidential account information

The scammers reportedly target those whose computers previously have been infected with malware, which the victims have downloaded unknowingly via fake Web links or attachments. After the malware is downloaded, it lies dormant until the victim opens up an online banking site.

To avoid becoming a victim of this scam, consumers must be proactive by updating security software. This helps prevent malware from being embedded in a computer. Consumers should also realize that financial institutions, including H-E-B Federal Credit Union, never ask for their personal identifiable information because they already have it.

If you encounter this scam, the Association of Certified Fraud Examiners suggests that you turn off your computer and call your financial institution. It is also a good idea to run a security check for other viruses and malware.


This was previously reported in the Nov. 2 edition of the Texas Credit Union League’s InfoSight eNewletter.

GoToMyCard.com Adds Multi-Factor Authentication

Gotomycard.com (GTMC) has added another layer of security for MasterCard cardholders when accessing their accounts online.

Multi-Factor Authentication (MFA) provides an extra layer of protection to GTMC by letting you register challenge questions and answers to ensure that you are accessing the correct GTMC site and confirm that you are accessing your credit card.

This extra layer of security is being added to GTMC to protect your financial information and help deter online threats.


Your savings federally insured to at least $250,000 and backed by the full faith and credit of the United States Government. National Credit Union Administration, a U.S. Government Agency.
Funds Availability |  Third Party Links Guidelines |  Privacy Statement |  Security   Equal Housing Lender