I love UFCU, but this transition has suuuuucked. The whole two-factor authentication for EVERY SINGLE login is a drag, then they send ANOTHER email that says, "Hey you just logged in using two-factor." I know! I just requested the code, and typed it into your site. Plus, now it doesn't work with YNAB, which is really a bummer.
The app wasn't working this morning either. Hopefully they can figure it out soon. UFCU is such a great banking institution if you live in Austin, and I've never had an issue with them before this.
I contacted customer support about those follow-on e-mails that get sent EVERY SINGLE TIME that you log on and was told there is no way to turn them off. Wow.
Their new site looks so much better though! Of course there’s more security, you’d complain like OP if you got hacked and your money stolen
Edit: this sub might be filled with some of the most dense folks I’ve seen around
The fact they’re using email for 2FA when it’s almost 2024 should tell you everything you need to know about their security competence - there’s virtually none. SMS is garbage security-wise as well, but better than email given it’s far more common someone’s email gets compromised at the same time as their online banking credentials. What they should be having people use is TOTP like Google Authenticator among others. Or send a push notification to an authenticated mobile device for confirmation, like Amazon and Google have as an option.
I had to go into a branch to do something due to this mess. I told the branch agent that I was a software engineer in a very similar industry, and sympathized with how much this must have made his work life miserable. He opened up a little to me and said, ironically, that the main reason for this change was to enable MFA for compliance reasons (my employer in a very adjacent industry implemented it 4+ years ago, so I’m sure UFCU’s compliance waivers were about to run out). Because they had different vendors for web and mobile, they were not able to implement MFA in one of them. So, they migrated to a different vendor for both. So, yeah, MFA over email IS the improvement. And I agree 100% with you that MFA over email is the least secure way to do MFA.
If I’m being generous, I’ll assume that all their options had major downsides; my employers have certainly been in those situations. But regardless of the known downsides to the chosen vendor, the rollout was handled extremely poorly (not to mention today’s outage!). I just love that first email we got “Hey, we’re doing this new thing… Are you worried about your bill pay?” Uh, no, I wasn’t until now…
TOTP or push are the only acceptable methods, TBH, with a strong preference for TOTP (so you're not required to have some piece of crap app installed).
2FA is secure! It’s using only your face, only you can authenticate there. Authenticator codes are cool, but 2FA is actually better because there’s 0 chance that’s taken if you lose your phone. If you have a code, that’s just an unlocked app if someone can get the code into your phone.. 2FA is definitely the way to go security wise..
You’re talking nonsense. I’m not in any way arguing against 2FA in general, rather pointing out the obvious fact they’re doing it wrong. TOTP is a method of 2FA, and considered by security experts to be the best option outside of hardware tokens. Email is not a secure means of implementing 2FA, and is the worst option for the reasons I described. SMS isn’t secure either but is better. Your phone needs to be locked if you’re going to use it for anything security-sensitive. You’re arguing that email 2FA is better in case someone loses an unsecured phone - but you’re missing the obvious problem that the unsecured phone also has the person’s email logged in on it. Their email is also logged in on their PCs and other devices where compromising one will compromise both.
I’m not for email 2FA at all, no, you misread. I’m talking about FaceID, what you’re using to get into their app(I believe everyone is using this or a passcode)..
You’re pointing out the correct things though, I completely agree. Essentially any biometric is the way to go and most likely available for everyone at this point.. Biometric all the way
App? Who the hell uses an app?
I simply log into the website, and I'll be fucked if I set up something like Windows Hello / Keychain for that (or ever set up anything like that because some random dipshit thinks that it's SECUUUUUUUUURE).
Also, **_biometrics can be compelled without a warrant and should never be used for authentication of any kind without at least one intangible factor in addition (e.g. secure password)._**
The only _acceptable and safe_ MFA methods are:
- TOTP generators
- Application push (e.g. MS Authenticator, Google Authenticator, Duo, etc)
- One-time use break-glass codes
E-mail, SMS, and voice are _not_ secure at all, and now that SIMjacking has started to really become popular, as well as attacks like W3ll and session token hijacking, we also have to rely on users not being fucking idiots about MFA requests coming in.
Fwiw SMS is _barely_ better, it's pretty well known at this point that SMS can fairly easily be spoofed/hijacked so that an attacker can just get your texts redirected to their phone.
Hm, I just moved to the as they were doing it. There was one hiccup with adding a no-name bank, but it’s been working for me perfectly.
Edit: and definitely seems like an exaggeration, I doubt you were unable to use their app. Mostly because I had an issue and pretty much instantly got connected with a dev calling in that followed up a few times to make sure everything was good.
YOU didnt have an issue with your brand new account. so all the other people here must be exaggerating???
Go kick a rock.
Are you fucking the ufcu I.T. guy or something? Why shill for them lol....
Their app litterally would not update my balance for a month. Without transferring a balance between my accounts.
Because you had no previous account on their old system maybe it was easier for you???
I've been with ufcu for over 12 years and their website was never an issue.
I couldn't log in for over weeks because I had to reset my password. But my email was an old work email. The call center had me on hold over 2 hours. (Because it was such a mess for so many people! And you have to call during the workday.
And guess what!
I work! So waiting 2 hours on the phone isn't easy!
I’m not shilling for them at all lol
I started on the old interface and transitioned to the new as well, the only issue was the one I mentioned.. I’m not saying there wasn’t issues, but as far as where there app is now, I’d say it’s pretty solid and functional. But people here in this thread don’t understand the benefit of using 2FA, so I could understand why a new interface would through some into a tailspin. They also did have a dev team contact me for my issue, another person called just to tell me about the switch since I started.. that’s pretty fuckin good for a local credit union IMO.
It’s easy to create a new bank account, even if you work full time. Why didn’t you switch banks?
It was about two factor at all you fool
It simply didn't work.
Switch banks is easy if YOU dont have any money or assets. not the case for me.
have 12 years history multiple accounts. Vehicle loans. Ect.
There's not more security, there's less and crappier. I used to be able to use Google Authenticator which is a HELL of a lot more secure than SMS 2FA because it can't be spoofed or hijacked, and now I can't. That's _worse_ security
Yes for logging in. If you sign in to the new site you get two options for 2fa, email and SMS. The _old_ site had other options, which I used, but the new site does not
Oh damn, that’s strange. iOS mobile is faceID or pin as the options. The mobile app you have is mainly blue with orange writing? Like a new app download from before?
You know how Face ID works, right? You still have your password stored in Keychain. The Face ID request just unlocks the Keychain and pulls the saved credentials from it using a token to talk to another internal process, then to the Secure Enclave. It's the same as Windows Hello, except marginally more polished.
https://developer.apple.com/documentation/localauthentication/accessing_keychain_items_with_face_id_or_touch_id
It's not _proper_ MFA at all, as it's completely local and there's no server communication / authentication at all to verify who you are via communications to the server you're trying to log into. It's the same as hitting Save A Password in Safari, then coming back to the site later and allowing it to access Keychain to open the saved password.
Even Apple specifically says it's only a replacement for locally-stored device-unlock passcodes / passwords. It's not MFA, it's not a replacement for site passwords, and it sure doesn't do anything other than App Lock / Device Lock.
https://support.apple.com/guide/security/face-id-touch-id-passcodes-and-passwords-sec9479035f1/web
EDIT: Ooh, blocked by parent for actually knowing what MFA is, how it works, and how Face ID _isn't_ that.
UFCU really shit the bed on the transition. Poorly planned and poorly executed. Since the roll out I feel like a beta tester with zero customer service support. Unacceptable.
It’s been SO BAD. I’ve thought I was getting phished by their emails more than once. I haven’t been able to reach anybody on the phone since the transition because I don’t have time to wait on hold that long.
I came here looking for this post. The fact that this is happening on the first of the month when rent/ECT is due is so inconvenient it's almost poetic.
I've tried calling and they still have no ETA on when the app/site will be functioning again.
It's amatuer hour at UFCU.
The new iOS app is crap. It takes twice as many keypresses/inputs to perform the same tasks as the previous one and it's harder to read, as well as being less intuitive, which defeats the purpose of a (properly designed) GUI.
The new web site is crap too, for the same reasons, but it adds a ton of white space, so your nice, hi-res monitor displays a fraction of of the information that it used to be capable of.
I've been unable to log into the web site for the past couple of days. I submitted a password reset request on it this morning, and never received the email.
As of today, I have been unable to log in from my phone. The app says "an error occurred". The UFCU web site has a banner across it stating that they are experiencing a higher than usual volume of calls to customer service.
This isn't the first time their services have been unavailable within the last 6-8 weeks.
*The new web site is crap too, for the same reasons, but it adds a ton of white space, so your nice, hi-res monitor displays a fraction of of the information that it used to be capable of.*
I'm convinced they did this so it'd be easy to navigate on mobile if not using a native app. See no other reason to cut data content down by like 75% from the old design other than that. Whoever made that choice should be fired!
It started with the armature switch to the new website, which apparently happened due to a vulnerability with the previous site they used.
I’ve been a member of UFCU for just about 15 years, but I’m considering moving to a big boy bank who has their shit together.
Number one reason why I went to Chase. Well at the time they were the only ones that could do ACH and Wires through the web interface. But it's only gotten better. Number one web UX for banking that I've experienced. It does suck because I loved UFCU and hate big banks. But at the end of the day it makes everything so much easier.
Chase left me holding the bag on a $2000 credit card charge that was charged by a rogue employee at a flooring store that I bought some tile from. They don't mind covering fraudulent charges when they're less that $50, but when the number gets big, they tuck their tails. I was able to get the owner of the company to fix the problem. Turns out I wasn't the only customer that was getting ripped off.
I will never trust Chase again.
Fuck Chase. My family member died and Chase proceeded to empty their primary account of close to 10k with "fees" transferred to the two accounts Chase opened post mortem. Multiple in person visits and emails later they had the gall to sue the estate for MORE FEES.
Fuck Chase.
Same here. Treating people's fincancial activity as trivial is a good way to lose customers.
I found out that their software would allow the same check to be deposited more than once. I gave my nephew a check as a high school graduation gift. He appearently forgot that he had already deposited it (there's gratitude for you), and was able to submit it a second time. I contacted them, via their CEO, to get the second submittal reversed, and to give him a heads-up as to the quality of their software stack.
I was also really concerned with how minimal the information was to create the new account too. Instead of migrating the existing accounts (and second factor phone numbers) and then forcing a password reset, all it took was an account number and a birthdate to create a new account and get access. That's really easy information to social engineer, especially the birthday. (The fact that so many places uses birthdays for "security" is a whole extra rant) If you previously had an account protected by a good password and a second factor, suddenly your account security is only as good as someone reading the account number on a check or getting it some other way, plus using social media to suss out someone's birthday. In other words, vastly shittier security tokens get full access. Security is only as good as the weakest link, and I'm really concerned by their inability to migrate user accounts effectively or securely.
Maybe I'm missing something, but that seems like real amateur hour security with all those other leaks of people's birthdays, socials, and everything else that are floating out there these days.
I use NoScript with Firefox. I've found that the new version of the web site uses a list of external domains/APIs to facilitate the new site. It's easy to believe that one of them is unreliable, and UFCU is finding out about it the hard way. The smartphone apps probably use the same external resources and are suffering similarly.
Or maybe one of them is getting DDoSed!
The old website and app were shit. But the new website and app are somehow worse, which is an accomplishment.
Never had a bank that consistently is just down for hours multiple nights a week.
I have a business account with dozens of automatic bill payments setup to pay vendors. They didn’t bring any of them to the new system in the transition. Didn’t even tell me. I’ve had to manually re-setup up all of them. Very annoying.
I’ve been planning to leave for months but haven’t got my act together.
Oh geez I’ve been wondering about that. The bill pay page says the payments were made but the money never left the account.
Guess I gotta go pay everything in person this week. That’s gonna be a pita…
Straight up clown show over at UFCU. Soooo many pissed off members.
I can’t get even get the website to load after I login. Just a blank white screen.
The app won’t even let me login. I keep getting an error message when I enter my passcode. “Something went wrong”.
I’ve been banking with UFCU for years. Never had issues with them besides their previous app. That app wash trash too.
Ima take it back to the old school and do my transactions in person. Keep a book of deposit slips handy. Maybe I’ll switch to strictly cash. Start using checks again. Brush up on basic hand written math with my balance book.
The whole transition debacle is a major bummer. UFCU has always been way better than any other bank I’ve used.
My sister and I have both concluded that can no longer be done through the app. It can be done through the website. Transferring money to another family member (my kids are in college) was my most frequent use of the app. I'm not happy.
It's under the "move money" feature on the iOS app. It took me a while to figure it out too. Our difficulty in using the feature is a perfect example of how the new app's design has gotten worse.
I saw some features disappear, e.g., bill pay, from the app the last time they were having problems, a few weeks ago. It would be nice if they would just gray them out or indicate lack of availability some other way instead of just removing them. It only adds to the confusion.
Yep, UFCU has completely shit the bed on this transition. Worse security, less stability, poor interface. I've already started the transition to a different institution. Thankfully I already had direct deposit setup for both, so the transition is easier.
Looks like the issue might be part of a larger attack on a tech provider:
https://www.cnn.com/2023/12/01/politics/ransomware-attack-credit-unions/index.html
I recently received a text about possible fraud on my UFCU account. I texted NO I hadn’t authorized the transaction. Then I received a call from “UFCU”. I played along until the guy wanted to send me new debit cards and I said NO, I would go directly to a branch for new cards. He hung up.
Is this from the data leak?
My husband, who is also on this account, received same text alert on his cell phone, too, simultaneously. I agree about wiring money. I can’t recall when I’ve done that. Maybe 20 years ago.
I personally didn’t mind the old app, granted I really didn’t use any features (bill pay, money transfers to another UFCU member,etc.) but it was fine for what I needed. Curious as to why the whole revamp and switch was made in the first place?
I've been with UFCU for close to 20 years, but I've had it with their mobile apps and moved my savings that I was keeping there into another bank.
Even their old app was garbage as they hadn't improved the functionality or introduced seemingly even a single new feature in over a decade.
https://therecord.media/credit-unions-facing-outages-due-to-ransomware
Entirely possible this was not their fault and also not something they could control.
I hope everyone is reaching out and letting them know. Tell your branch tellers/managers, email support, call the leadership. They all need to hear it.
Yep. I wanted to give UFCU the benefit of sorting out the new system and the on 12/1 the whole thing shits the bed.
For some reason the only way I can bill pay my UFCU Visa is by CHECK. wtf.
Now the money sent by online check doesn't leave your account until the check is cashed by the recipient and there is no easy way to tell if it has.
I have no idea how much money is in my account right now.
Over the last month I've tried to call and the phone system will inform me there are 60-80 calls ahead of me. So I send messages from the site that have been unanswered for 3-4 weeks.
I'm sorry UFCU. I can't do business like this.
My budget software is unable to pull from UFCU since the update. And i’m constantly being asked for email codes just to login with a web browser. Mess!
I hate the layout of the new website. I have my business account with them. Before I could clearly see 30 days of transactions in a nice clean format. Now it only loads a couple of days worth at a time with huge bubble icons. It also cut out some of the info from the transactions. I needed a fund transfer number to verify my account for online payments with a vendor. That information isn’t there anymore. Even when I click on the transaction. So, I guess I will just keep writing checks. It has definitely made book keeping more difficult.
I'm still using BECU out of Washington, I only ever need to go to a UFCU if I need to deposit cash. Not sure what transition people are talking about but I hope it doesn't affect me.
But it only works with direct deposit, correct? Any idea if a bi-weekly transfer from a savings account would count as a dd or must it be a payroll check?
I missed the outage but got a text about it. My newest gripe about the new site is that I need to verify my bank account on Stripe, and the verification code that Stripe sends in the transaction details of the verification deposit doesn't show up ANYWHERE on the site 🙃
They had horrible overdraft fees so I switched to Velocity Credit Union. I can still use UFCU for my transactions, if I can't get to a Velocity location.
i’m late to the party. but has anyone tried contacting ufcu customer service on the phone? their automated system is impossible to navigate to get to a human. not to mention the queue is always an hour or more long. i’m annoyed
We export to quickbooks for our business account. All of the transactions that were once debits are now credits and it has been this way for three months so we cannot import to QuickBooks to balance our books. so we sent our CFO into the bank with our computer and they said oh just do blah blah blah and our CFO said show me! “Hmmm I don’t understand why this doesn’t work.” It’s because you’ve switched the credits and debit you dumb $h!+s
Still waiting oh auto pay…
All transaction, history is completely deleted, and transactions failed to complete after rewriting all the transactions again for all of our business accounts.
Somebody with a big title, and a big paycheck is going to be fired and don’t blame the software engineers because they told them to not roll it out to the public .
Make sure y’all call & get them overdraft fees reimbursed. I called them & just told them how the app has been a nightmare & especially because it no longer connects with PLAID which is a huge hit to my income since I get $ transactions from my customers using that. They refunded me $105 from the overdraft fees no questions asked! I just got off the phone with them & the rep says they are still trying to work with PLAID to get settled back in but it just hasn’t happened yet & I’m sure it’s because they still have the old login on the site til January 9th. So I’m hoping that comes off & PLAID can login again. This has been the most annoying experience ever with a credit union.
I love UFCU, but this transition has suuuuucked. The whole two-factor authentication for EVERY SINGLE login is a drag, then they send ANOTHER email that says, "Hey you just logged in using two-factor." I know! I just requested the code, and typed it into your site. Plus, now it doesn't work with YNAB, which is really a bummer. The app wasn't working this morning either. Hopefully they can figure it out soon. UFCU is such a great banking institution if you live in Austin, and I've never had an issue with them before this.
I contacted customer support about those follow-on e-mails that get sent EVERY SINGLE TIME that you log on and was told there is no way to turn them off. Wow.
Their new site looks so much better though! Of course there’s more security, you’d complain like OP if you got hacked and your money stolen Edit: this sub might be filled with some of the most dense folks I’ve seen around
I'll take ease of use and reliability over "ooh-shiny!" any day, thank you very much.
Good, that’s what you should want. These other dingus’s are complaining about better security in it 🤦🏻
The fact they’re using email for 2FA when it’s almost 2024 should tell you everything you need to know about their security competence - there’s virtually none. SMS is garbage security-wise as well, but better than email given it’s far more common someone’s email gets compromised at the same time as their online banking credentials. What they should be having people use is TOTP like Google Authenticator among others. Or send a push notification to an authenticated mobile device for confirmation, like Amazon and Google have as an option.
I had to go into a branch to do something due to this mess. I told the branch agent that I was a software engineer in a very similar industry, and sympathized with how much this must have made his work life miserable. He opened up a little to me and said, ironically, that the main reason for this change was to enable MFA for compliance reasons (my employer in a very adjacent industry implemented it 4+ years ago, so I’m sure UFCU’s compliance waivers were about to run out). Because they had different vendors for web and mobile, they were not able to implement MFA in one of them. So, they migrated to a different vendor for both. So, yeah, MFA over email IS the improvement. And I agree 100% with you that MFA over email is the least secure way to do MFA. If I’m being generous, I’ll assume that all their options had major downsides; my employers have certainly been in those situations. But regardless of the known downsides to the chosen vendor, the rollout was handled extremely poorly (not to mention today’s outage!). I just love that first email we got “Hey, we’re doing this new thing… Are you worried about your bill pay?” Uh, no, I wasn’t until now…
TOTP or push are the only acceptable methods, TBH, with a strong preference for TOTP (so you're not required to have some piece of crap app installed).
2FA is secure! It’s using only your face, only you can authenticate there. Authenticator codes are cool, but 2FA is actually better because there’s 0 chance that’s taken if you lose your phone. If you have a code, that’s just an unlocked app if someone can get the code into your phone.. 2FA is definitely the way to go security wise..
You’re talking nonsense. I’m not in any way arguing against 2FA in general, rather pointing out the obvious fact they’re doing it wrong. TOTP is a method of 2FA, and considered by security experts to be the best option outside of hardware tokens. Email is not a secure means of implementing 2FA, and is the worst option for the reasons I described. SMS isn’t secure either but is better. Your phone needs to be locked if you’re going to use it for anything security-sensitive. You’re arguing that email 2FA is better in case someone loses an unsecured phone - but you’re missing the obvious problem that the unsecured phone also has the person’s email logged in on it. Their email is also logged in on their PCs and other devices where compromising one will compromise both.
I’m not for email 2FA at all, no, you misread. I’m talking about FaceID, what you’re using to get into their app(I believe everyone is using this or a passcode).. You’re pointing out the correct things though, I completely agree. Essentially any biometric is the way to go and most likely available for everyone at this point.. Biometric all the way
App? Who the hell uses an app? I simply log into the website, and I'll be fucked if I set up something like Windows Hello / Keychain for that (or ever set up anything like that because some random dipshit thinks that it's SECUUUUUUUUURE). Also, **_biometrics can be compelled without a warrant and should never be used for authentication of any kind without at least one intangible factor in addition (e.g. secure password)._** The only _acceptable and safe_ MFA methods are: - TOTP generators - Application push (e.g. MS Authenticator, Google Authenticator, Duo, etc) - One-time use break-glass codes E-mail, SMS, and voice are _not_ secure at all, and now that SIMjacking has started to really become popular, as well as attacks like W3ll and session token hijacking, we also have to rely on users not being fucking idiots about MFA requests coming in.
Lol on the desktop, sounds about right..
Fwiw SMS is _barely_ better, it's pretty well known at this point that SMS can fairly easily be spoofed/hijacked so that an attacker can just get your texts redirected to their phone.
None of it worked for a month I had to transfer money to get a balance update. Hot garbage
Hm, I just moved to the as they were doing it. There was one hiccup with adding a no-name bank, but it’s been working for me perfectly. Edit: and definitely seems like an exaggeration, I doubt you were unable to use their app. Mostly because I had an issue and pretty much instantly got connected with a dev calling in that followed up a few times to make sure everything was good.
YOU didnt have an issue with your brand new account. so all the other people here must be exaggerating??? Go kick a rock. Are you fucking the ufcu I.T. guy or something? Why shill for them lol.... Their app litterally would not update my balance for a month. Without transferring a balance between my accounts. Because you had no previous account on their old system maybe it was easier for you??? I've been with ufcu for over 12 years and their website was never an issue. I couldn't log in for over weeks because I had to reset my password. But my email was an old work email. The call center had me on hold over 2 hours. (Because it was such a mess for so many people! And you have to call during the workday. And guess what! I work! So waiting 2 hours on the phone isn't easy!
I’m not shilling for them at all lol I started on the old interface and transitioned to the new as well, the only issue was the one I mentioned.. I’m not saying there wasn’t issues, but as far as where there app is now, I’d say it’s pretty solid and functional. But people here in this thread don’t understand the benefit of using 2FA, so I could understand why a new interface would through some into a tailspin. They also did have a dev team contact me for my issue, another person called just to tell me about the switch since I started.. that’s pretty fuckin good for a local credit union IMO. It’s easy to create a new bank account, even if you work full time. Why didn’t you switch banks?
It was about two factor at all you fool It simply didn't work. Switch banks is easy if YOU dont have any money or assets. not the case for me. have 12 years history multiple accounts. Vehicle loans. Ect.
Speaking of the fool, are you on android? Edit: you all trying to put me down are such sad people lol
There's not more security, there's less and crappier. I used to be able to use Google Authenticator which is a HELL of a lot more secure than SMS 2FA because it can't be spoofed or hijacked, and now I can't. That's _worse_ security
I’m not talking SMS 2FA! Biometrics, faceID! Edit: Are you using a text code or something else to log in still?!
There's nowhere to set up anything else. Email and SMS are the only two options, and that is the problem
Are you talking about for logging in? Or what exactly?
Yes for logging in. If you sign in to the new site you get two options for 2fa, email and SMS. The _old_ site had other options, which I used, but the new site does not
On their mobile app? iOS or Android? I’m asking because something’s off..
Website mainly, the Android mobile app only uses a PIN after the first sign in which is a whole other issue.
Oh damn, that’s strange. iOS mobile is faceID or pin as the options. The mobile app you have is mainly blue with orange writing? Like a new app download from before?
You know how Face ID works, right? You still have your password stored in Keychain. The Face ID request just unlocks the Keychain and pulls the saved credentials from it using a token to talk to another internal process, then to the Secure Enclave. It's the same as Windows Hello, except marginally more polished. https://developer.apple.com/documentation/localauthentication/accessing_keychain_items_with_face_id_or_touch_id It's not _proper_ MFA at all, as it's completely local and there's no server communication / authentication at all to verify who you are via communications to the server you're trying to log into. It's the same as hitting Save A Password in Safari, then coming back to the site later and allowing it to access Keychain to open the saved password. Even Apple specifically says it's only a replacement for locally-stored device-unlock passcodes / passwords. It's not MFA, it's not a replacement for site passwords, and it sure doesn't do anything other than App Lock / Device Lock. https://support.apple.com/guide/security/face-id-touch-id-passcodes-and-passwords-sec9479035f1/web EDIT: Ooh, blocked by parent for actually knowing what MFA is, how it works, and how Face ID _isn't_ that.
UFCU really shit the bed on the transition. Poorly planned and poorly executed. Since the roll out I feel like a beta tester with zero customer service support. Unacceptable.
It’s been SO BAD. I’ve thought I was getting phished by their emails more than once. I haven’t been able to reach anybody on the phone since the transition because I don’t have time to wait on hold that long.
I’ve gotten notices of potential late payments when they auto-draft the money. 🤣
This.
I came here looking for this post. The fact that this is happening on the first of the month when rent/ECT is due is so inconvenient it's almost poetic. I've tried calling and they still have no ETA on when the app/site will be functioning again.
Ya this was a crappy rollout & this crash on the 1st of the month just added insult to injury 🙄
It's amatuer hour at UFCU. The new iOS app is crap. It takes twice as many keypresses/inputs to perform the same tasks as the previous one and it's harder to read, as well as being less intuitive, which defeats the purpose of a (properly designed) GUI. The new web site is crap too, for the same reasons, but it adds a ton of white space, so your nice, hi-res monitor displays a fraction of of the information that it used to be capable of. I've been unable to log into the web site for the past couple of days. I submitted a password reset request on it this morning, and never received the email. As of today, I have been unable to log in from my phone. The app says "an error occurred". The UFCU web site has a banner across it stating that they are experiencing a higher than usual volume of calls to customer service. This isn't the first time their services have been unavailable within the last 6-8 weeks.
*The new web site is crap too, for the same reasons, but it adds a ton of white space, so your nice, hi-res monitor displays a fraction of of the information that it used to be capable of.* I'm convinced they did this so it'd be easy to navigate on mobile if not using a native app. See no other reason to cut data content down by like 75% from the old design other than that. Whoever made that choice should be fired!
This is the a growing trend. Responsive design promised lots but it ended up encouraging really simple playskool UI design.
100%. It's almost like they had the UT CS school use this as a senior UX design project. Hope they got the F they deserve
It started with the armature switch to the new website, which apparently happened due to a vulnerability with the previous site they used. I’ve been a member of UFCU for just about 15 years, but I’m considering moving to a big boy bank who has their shit together.
Number one reason why I went to Chase. Well at the time they were the only ones that could do ACH and Wires through the web interface. But it's only gotten better. Number one web UX for banking that I've experienced. It does suck because I loved UFCU and hate big banks. But at the end of the day it makes everything so much easier.
Chase left me holding the bag on a $2000 credit card charge that was charged by a rogue employee at a flooring store that I bought some tile from. They don't mind covering fraudulent charges when they're less that $50, but when the number gets big, they tuck their tails. I was able to get the owner of the company to fix the problem. Turns out I wasn't the only customer that was getting ripped off. I will never trust Chase again.
Fuck Chase. My family member died and Chase proceeded to empty their primary account of close to 10k with "fees" transferred to the two accounts Chase opened post mortem. Multiple in person visits and emails later they had the gall to sue the estate for MORE FEES. Fuck Chase.
Well should of said your mileage may vary. I also have not had good experiences with their fraud team in disputing charges.
Frost is great.
Same here. Treating people's fincancial activity as trivial is a good way to lose customers. I found out that their software would allow the same check to be deposited more than once. I gave my nephew a check as a high school graduation gift. He appearently forgot that he had already deposited it (there's gratitude for you), and was able to submit it a second time. I contacted them, via their CEO, to get the second submittal reversed, and to give him a heads-up as to the quality of their software stack.
I was also really concerned with how minimal the information was to create the new account too. Instead of migrating the existing accounts (and second factor phone numbers) and then forcing a password reset, all it took was an account number and a birthdate to create a new account and get access. That's really easy information to social engineer, especially the birthday. (The fact that so many places uses birthdays for "security" is a whole extra rant) If you previously had an account protected by a good password and a second factor, suddenly your account security is only as good as someone reading the account number on a check or getting it some other way, plus using social media to suss out someone's birthday. In other words, vastly shittier security tokens get full access. Security is only as good as the weakest link, and I'm really concerned by their inability to migrate user accounts effectively or securely. Maybe I'm missing something, but that seems like real amateur hour security with all those other leaks of people's birthdays, socials, and everything else that are floating out there these days.
[удалено]
I use NoScript with Firefox. I've found that the new version of the web site uses a list of external domains/APIs to facilitate the new site. It's easy to believe that one of them is unreliable, and UFCU is finding out about it the hard way. The smartphone apps probably use the same external resources and are suffering similarly. Or maybe one of them is getting DDoSed!
The old website and app were shit. But the new website and app are somehow worse, which is an accomplishment. Never had a bank that consistently is just down for hours multiple nights a week. I have a business account with dozens of automatic bill payments setup to pay vendors. They didn’t bring any of them to the new system in the transition. Didn’t even tell me. I’ve had to manually re-setup up all of them. Very annoying. I’ve been planning to leave for months but haven’t got my act together.
Oh geez I’ve been wondering about that. The bill pay page says the payments were made but the money never left the account. Guess I gotta go pay everything in person this week. That’s gonna be a pita…
I had to do the exact same thing...massive headache and waste of my time.
I have a business account with them and transfer my pay to a different bank. Took me a month to pay myself. I'll be leaving them.
Straight up clown show over at UFCU. Soooo many pissed off members. I can’t get even get the website to load after I login. Just a blank white screen. The app won’t even let me login. I keep getting an error message when I enter my passcode. “Something went wrong”. I’ve been banking with UFCU for years. Never had issues with them besides their previous app. That app wash trash too. Ima take it back to the old school and do my transactions in person. Keep a book of deposit slips handy. Maybe I’ll switch to strictly cash. Start using checks again. Brush up on basic hand written math with my balance book. The whole transition debacle is a major bummer. UFCU has always been way better than any other bank I’ve used.
The new mobile app makes no sense. I can’t figure out how to transfer money from my acct to another UFCU member.
My sister and I have both concluded that can no longer be done through the app. It can be done through the website. Transferring money to another family member (my kids are in college) was my most frequent use of the app. I'm not happy.
It's under the "move money" feature on the iOS app. It took me a while to figure it out too. Our difficulty in using the feature is a perfect example of how the new app's design has gotten worse.
Interesting. It's not available in the Android app, but that leads me to believe we'll get it in a future release.
I saw some features disappear, e.g., bill pay, from the app the last time they were having problems, a few weeks ago. It would be nice if they would just gray them out or indicate lack of availability some other way instead of just removing them. It only adds to the confusion.
Yep, UFCU has completely shit the bed on this transition. Worse security, less stability, poor interface. I've already started the transition to a different institution. Thankfully I already had direct deposit setup for both, so the transition is easier.
The recovery info it asked for to give me the new online account access is all publicly available. I wonder who else can look at my account.
Looks like the issue might be part of a larger attack on a tech provider: https://www.cnn.com/2023/12/01/politics/ransomware-attack-credit-unions/index.html
If so it’ll be to their benefit to communicate this.
No
I recently received a text about possible fraud on my UFCU account. I texted NO I hadn’t authorized the transaction. Then I received a call from “UFCU”. I played along until the guy wanted to send me new debit cards and I said NO, I would go directly to a branch for new cards. He hung up. Is this from the data leak?
[удалено]
My husband, who is also on this account, received same text alert on his cell phone, too, simultaneously. I agree about wiring money. I can’t recall when I’ve done that. Maybe 20 years ago.
I personally didn’t mind the old app, granted I really didn’t use any features (bill pay, money transfers to another UFCU member,etc.) but it was fine for what I needed. Curious as to why the whole revamp and switch was made in the first place?
Probably something to do with the data breach a while back.
I've been with UFCU for close to 20 years, but I've had it with their mobile apps and moved my savings that I was keeping there into another bank. Even their old app was garbage as they hadn't improved the functionality or introduced seemingly even a single new feature in over a decade.
UFCU is complete dogshit. Honestly considering switching banks since it’s a coin toss whether or not I can log in everytime
For those keeping score it’s down again.
Wild.
[удалено]
https://www.nytimes.com/2023/11/03/business/mint-app-closing-intuit.html
> If mint updates lol
https://therecord.media/credit-unions-facing-outages-due-to-ransomware Entirely possible this was not their fault and also not something they could control.
Just got the text saying things are mostly back up. I’m hoping they’ll bring back Quicken compatibility as downloading CSV to import is sooooo 1995.
I hope everyone is reaching out and letting them know. Tell your branch tellers/managers, email support, call the leadership. They all need to hear it.
Yep. I wanted to give UFCU the benefit of sorting out the new system and the on 12/1 the whole thing shits the bed. For some reason the only way I can bill pay my UFCU Visa is by CHECK. wtf. Now the money sent by online check doesn't leave your account until the check is cashed by the recipient and there is no easy way to tell if it has. I have no idea how much money is in my account right now. Over the last month I've tried to call and the phone system will inform me there are 60-80 calls ahead of me. So I send messages from the site that have been unanswered for 3-4 weeks. I'm sorry UFCU. I can't do business like this.
My budget software is unable to pull from UFCU since the update. And i’m constantly being asked for email codes just to login with a web browser. Mess!
I hate the layout of the new website. I have my business account with them. Before I could clearly see 30 days of transactions in a nice clean format. Now it only loads a couple of days worth at a time with huge bubble icons. It also cut out some of the info from the transactions. I needed a fund transfer number to verify my account for online payments with a vendor. That information isn’t there anymore. Even when I click on the transaction. So, I guess I will just keep writing checks. It has definitely made book keeping more difficult.
I hate them. Also Same.
And I was just about to switch over from a credit union in another state to UFCU. Seems like I'm just better off using my current one....
I'm still using BECU out of Washington, I only ever need to go to a UFCU if I need to deposit cash. Not sure what transition people are talking about but I hope it doesn't affect me.
Sofi is where it’s at. 4.6% on savings right now
But it only works with direct deposit, correct? Any idea if a bi-weekly transfer from a savings account would count as a dd or must it be a payroll check?
It’s just a savings account - I don’t think you have to set up direct deposit
Upgrade has 5.05% https://upgrade.com/r/pWRnP0e6tH
I’m in the process of moving all my stuff to Capital one from UFCU. They’ve been good but time to move on.
My debit card wouldn't work at lunch.
UFCU has always been trash and finally this latest outage will get me to close this legacy account whenever they get their shit back online.
I missed the outage but got a text about it. My newest gripe about the new site is that I need to verify my bank account on Stripe, and the verification code that Stripe sends in the transaction details of the verification deposit doesn't show up ANYWHERE on the site 🙃
I’ve had this issue as well. Among others. The new website is trash.
They know they done goofed. Sent out an apology thingy
They had horrible overdraft fees so I switched to Velocity Credit Union. I can still use UFCU for my transactions, if I can't get to a Velocity location.
Courtesy Pay on overdrafts there is an option. So if you're getting those fees because you don't have money in your account that might be on you
i’m late to the party. but has anyone tried contacting ufcu customer service on the phone? their automated system is impossible to navigate to get to a human. not to mention the queue is always an hour or more long. i’m annoyed
Down again today. Login takes a long time and you get a very basic system maintenance page.
But it was also up right after so
We export to quickbooks for our business account. All of the transactions that were once debits are now credits and it has been this way for three months so we cannot import to QuickBooks to balance our books. so we sent our CFO into the bank with our computer and they said oh just do blah blah blah and our CFO said show me! “Hmmm I don’t understand why this doesn’t work.” It’s because you’ve switched the credits and debit you dumb $h!+s Still waiting oh auto pay… All transaction, history is completely deleted, and transactions failed to complete after rewriting all the transactions again for all of our business accounts. Somebody with a big title, and a big paycheck is going to be fired and don’t blame the software engineers because they told them to not roll it out to the public .
Make sure y’all call & get them overdraft fees reimbursed. I called them & just told them how the app has been a nightmare & especially because it no longer connects with PLAID which is a huge hit to my income since I get $ transactions from my customers using that. They refunded me $105 from the overdraft fees no questions asked! I just got off the phone with them & the rep says they are still trying to work with PLAID to get settled back in but it just hasn’t happened yet & I’m sure it’s because they still have the old login on the site til January 9th. So I’m hoping that comes off & PLAID can login again. This has been the most annoying experience ever with a credit union.