What We Are Doing To Protect Your Security
We have put a number of measures in place to ensure our digital banking is safe and secure and that your information is protected.
- Automatic session time-outs occur if there hasn't been any activity on your computer for 20 minutes. This means your session ends and you'll have to log back in, reducing the chance of someone accessing your account if you're away from the computer.
- Authentication - You are required to log in with a unique user ID and password to see and access your accounts. This keeps anyone but you and the people you authorize from accessing your accounts.
- Strong passwords – Your password is required to meet a minimum standard of complexity, which makes it difficult to guess and your account difficult to hack.
- Two-factor authentication – Certain actions, like changing your password, will require you to enter a one-time password, which will be sent to your email or phone. This confirms that you authorized the action. For added protection, these one-time passwords expire after a certain period of time.
- Lockouts – If an incorrect password is entered multiple times, your digital banking is locked out and can’t be accessed until you reset it, which also requires a one-time password.
- “Access Camera” permission is used by the app to deposit a cheque via mobile deposit capture, store a custom profile picture and background.
- “Access Location” permission is used by the app to accurately locate the nearest ATM or branch in the “Find Us” feature.
- “Call Permission” is used to automatically call the user’s preferred branch by tapping on the phone number in the “Find Us” feature.
- “Contact List” permission is used to set up new Interac e-Transfer® contacts and send an Interac e-Transfer®. Only the device contact information a user confirms is readable by Interac.
- “Internal Storage” permission is required to view, share and download PDF files from the mobile app to a user’s device.
- “App Activities” uses mobile app interaction data for analytics on usage and crash information for the current app version. We also monitor application stability using the crash logs to make ongoing improvements. Data collected on app activities, information and performance is completely anonymous and aggregated – individual users are not identifiable.
Your Security - Protecting Yourself
Your Security - Protecting Yourself
- Select a password that is easy for you to remember but difficult for others to guess.
- Do not use a part of your PIN (Personal Identification Number) or existing passwords you use on other sites.
- Keep your password confidential and do not share it with anyone.
- Do not write your password down or store it in a file on your computer.
- Never disclose your password in a voice message or email, and do not disclose it over the phone.
- Ensure no one observes you typing in your password.
- Change your password on a regular basis. We suggest every 90–120 days.
- Do not reuse passwords.
- Never leave your computer or device unattended while using our digital banking services.
- Always exit the site using the Logout button and close your browser if you step away from your computer or device. Your browser may retain information you entered in the login screen and elsewhere until you exit the browser.
- Secure or erase files stored on your computer or device by your browser so others cannot read them. Most browsers store information in non-protected (unencrypted) files in the browser's cache to improve performance. These files remain there until erased. They can be erased using your browser’s features to empty the cache. See your browser’s ‘Help’ section for more information about how to clear your browser’s cache.
- Install and use a quality anti-virus program. Be sure to update your anti-virus program often. It is recommended you configure your anti-virus program to check for and automatically install updated definitions daily. Scan all downloaded files, programs, and attachments, and only accept files and programs from a trusted source.
- Install and use a personal firewall on your computer to ensure others cannot access your computer through the Internet.
- Install new security patches as soon as your operating system and Internet browser manufacturers make them available.
- Install an anti-spyware program and check your computer or device regularly.
Your computer's operating system needs to be up-to-date in order to defend itself from viruses and malicious software (malware). If a virus compromises part of your operating system, it leaves holes in your computer’s security and compromises the safety of all the information stored on your computer.
It is much harder for viruses to infect an updated operating system and software. Software companies issue security patches regularly to protect against new viruses and malware. You should always download the latest security patch as soon as it becomes available.
Your operating system notifies you when updates are available to download. You can also upgrade your operating system to the latest version available from the manufacturer; however, you should ensure your computer can support an upgrade.
To get rid of a virus that has infected your computer, you may have to completely re-install your operating system. Back up your files regularly to an external hard drive or online account, so you'll have them if you ever have a problem with your operating system.
Regardless of which browser you use, stay safe online by using the latest version available. The latest versions of web browsers have security features that can identify and block harmful or fake websites and pop-ups, and warn you if a site is flagged as unsafe. Some browsers also have a 'Private Browsing' feature, which conceals your browsing history from others.
A firewall protects your computer and home network from harmful websites and hackers. It sits between your computer and the Internet, scanning information that is being transmitted and blocking unauthorized intrusions. Firewalls also stop your computer from being used by hackers to send malicious software to other computers.
Most computers now come with a firewall as part of the standard operating system. However, you can increase your computer’s protection by installing additional firewalls and ensuring they are kept up-to-date.
Smartphones let you surf, shop or bank wherever you are. Make sure your information stays secure while you're on the move by following these smartphone-safe browsing tips:
- Activate your phone's password feature, which locks the screen and prevents anyone but you from accessing your phone. Set up the password feature on your phone with a code that only you know, or use the fingerprint or face unlock features, if they are available for your phone.
- Don't connect to unknown networks through Wi-Fi hotspots to make financial transactions. Use a virtual private network (VPN) or your phone or device’s data plan instead.
- Beware of smishing– that's phishing on phones through text messages. Never download media or images, or click on text-message links that come from people or phone numbers you don’t recognize. Never provide personal details or account information using email, social media chat functions, or text messages, as these are not secure. If you are unsure if a message came from us, please contact us by phone, or use the secure messaging within the digital banking app or site.
- Download apps exclusively from the official source for your smartphone's platform, such as the Android, Apple or BlackBerry stores. Look at the permissions apps request before downloading them. If there is no clear reason why the app should have the access it requests, consider not downloading it. (For example, there is no reason a free game app should have access to view call logs or make and receive calls.)
- Install anti-virus software for your smartphone when available and update it frequently.
- Install location finding applications, which work with your phone's built-in GPS. These applications allow you to locate and/or remotely erase data in your phone if it is lost or stolen.
- Update your smartphone's operating system as soon as newer versions are available.
- Back up your smartphone regularly. Most mobile devices can be set to automatically back up to an online account at regular intervals.
We advise against using publicly available computers to access digital banking. Even benign programs, like popular desktop search programs, can pose a security risk. Certain programs, such as Google Desktop, cache items that you have viewed so you - or potentially, an unwelcome third party - can easily search and find those pages later again.
If you come across a program like this when you are using a public computer, adjust the search program preferences so it does not store secure pages you wish to view. If you forgot to adjust the preferences before banking online, you can remove the stored items via the Google Desktop results page by clicking on the Remove Items link.
To ensure a safe and secure Internet session, only visit reputable sites. We recommend you clear your browser history, run a virus scan, and restart your browser before logging in to digital banking.
Free public Wi-Fi offered by places like restaurants and coffee shops can be vulnerable to interference from hackers. These networks can even be set up by hackers to pretend to be free Wi-Fi networks, but are really used to steal information from anyone who connects to them, including login credentials. We advise against using these networks to access digital banking.
- Protect your personal information. Be aware of current online ploys that try to get you to provide personal and/or financial information. Do not respond to unsolicited emails or phone calls that ask for confidential information.
- If you don't know the source of an email or if it looks suspicious, do not open it. Never click on a link or attachment in an email that you suspect may be fake. Even if an email looks real, we advise that you open your browser and type in the address of our site yourself instead of clicking a link in the email. That way, you can always be sure you’re going directly to our real website.
- Remember to log off. Ensure that you always properly log off and close your browser. This will prevent others from being able to view this information later.
- Safeguard your PINs and passwords. Never share your passwords with anyone, for any reason. Use passwords that are difficult to guess. Change your passwords frequently.
- Be wary of pop-up windows, especially those that request financial or identification information. Avoid clicking any "action" buttons in a suspicious pop-up window.
A common way for Internet scammers to obtain your personal information is through a method called phishing. Phishing is when fraudsters send emails or SMS text messages which appear to be from your financial institution. You are asked to log in to your online banking to verify account information. The message instructs you to click on a link that takes you to a copy of your digital banking site – one that’s hard to tell apart from the real site – where you'll be asked to enter your credentials. The fake site will capture your credentials, which fraudsters can then use to log in to your digital banking.
Phishing scams may also seek personal details, such as your address, social security number or mother's maiden name. The details obtained can then be used for identity theft.
Phishing emails may include:
- Warnings about account closures
- Requests to update your information
- Offers to register for a new service
- Offers for pre-approved credit cards
- Free virus-protection programs
Phishing emails also often have some telling signs, including:
- Poor spelling or grammar
- Alarmist content, warning that your account will be closed if you don't provide your banking or personal details immediately
- Notices that you've won a prize and are required to pay a fee in order to claim it
Never provide personal details or any account details in an email. If you receive a message that you are unsure about, please contact us by phone, in person, or through secure messaging in digital banking.
Another way for hackers to get their hands on your personals details is by pharming them. Pharming occurs when hackers compromise your computer to redirect you to fake websites. With pharming, you get sent to a fake website even when you type the correct address directly into your browser. Once there, you are asked to enter your digital banking credentials or account information, which hackers take and use for criminal activity.
How to avoid Phishing and Pharming scams
We will never send you emails or communications asking you to verify or provide your online banking details. Never use a link provided in an email to access your digital banking. Do not open emails, texts, or attachments from unknown sources. Scan emails and attachments with your anti-virus software before opening them.
Always type your financial institution's website address directly into your browser and remember to look for confirmation that you are browsing securely. The letter "s" in 'https' indicates you are navigating in a secure site. Look for the 'https' when online shopping, too.
Don't feel panicked when phishing emails caution of immediate account closures if your banking details cannot be verified. Don't believe emails warning that your account has been compromised or that you'll miss out on a great deal if you fail to act immediately. If you are concerned, call or visit one of our branches.
Malicious software (malware), spyware, worms and Trojans are the same class of destructive viruses, just with different names. They can steal your personal information, take over your computer, and use it to attack other people's computers. Your computer can become infected through email attachments, downloading infected content, or visiting harmful websites.
Spyware is exactly what it sounds like – tracking software that is downloaded to your computer without your knowledge when you visit certain Internet sites. Secretly, it gathers information about you and your browsing habits. This information can include passwords and personal data. It can also interfere with user controls and disable legitimate anti-virus programs.
The best way to protect your computer against spyware is smart browsing. Stay away from sites that look unsafe and avoid streaming or downloading content from untrustworthy sources. Many anti-virus products offer targeted spyware solutions that inspect your operating system, installed programs, downloads, and files.
One of the most common viruses to watch out for is known as scareware. These scams pop up on your screen and display alarmist warnings, telling you a virus has invaded your computer. Scareware prompts you to download (and often pay for) fake anti-virus software to remove the non-existent viruses. Scareware is a scam that tries to trick you into paying money in exchange for nothing.
You can protect against scareware by keeping your anti-virus software up-to-date and by being judicious about what you choose to download to your computer. You should also be familiar with the look of your legitimate anti-virus program, so you won't be fooled if one of these pop-ups appears.
These days, everyone is on the go and it's not uncommon to access Wi-Fi at coffee shops, hotels, restaurants or airports. Using wireless networks to access information is convenient, but not risk-free. Be smart when you surf. Protect yourself from threats by:
- Not using a shared computer to access your digital banking. We strongly recommend not using shared or public devices to access digital banking.
- Managing your digital banking only from secure networks. We recommend that you don't use unsecured public networks for anything sensitive.
- Connecting only to password-protected networks. If there are several networks available, ask employees of the organization which network they operate.
- Never leaving your computer or device unattended, especially if you are logged into your digital banking.
- Using different passwords and security questions. If someone obtains your login credentials for one site, such as a social networking site, you don't want them to be able to access your other ones.
- Ensuring you log out before you close your browsers.
Online shopping is the epitome of convenience. There are no lines and no crowds, but it can also be a haven for fraudsters. Consider the following tips when shopping online to ensure your information stays secure:
- Make sure that you are shopping at a trusted retailer when you enter your credit card details online.
- Use a reputable escrow service such as PayPal where possible.
- Provide retailers with only the necessary details to complete the transaction. These include your credit card number, expiry date, the security code on the back of the credit card and the card's billing address. Never provide your social insurance number, account details or your mother's maiden name. For shopping sites that require you to register with a username and password, we recommend you do not use your digital banking password.
- Use your credit cards only on websites that use secure browsing technology on the screens where you enter your card information. Ensure the web address begins with 'https' (as opposed to 'http') and has a closed padlock icon in the address bar.
- Ensure that smaller retailers requesting credit card details have reputable contact details and a physical address, and that you feel comfortable with providing them your card information.
Recognize it. Report it. Stop it.
Our Credit Union does our best to safeguard your interests, but you should also take precautions to protect your identity and your money.
Safety precautions for Digital Banking
- We will never ask you to provide your personal passwords, personal information numbers, sensitive personal information, or login information in an email.
- Type our web address into your browser yourself instead of clicking on a link in an email or electronic message to navigate to our website.
- When banking online, check the address of any pages that ask you to enter personal account information. Any legitimate digital banking site will begin with ‘https’ in the toolbar at the top of the page to indicate that the page is secure.
- Look for the padlock found in the address bar. If the page is legitimate, by clicking on the padlock, you can view the security certificate details for the site. A fraudulent site will not have these details, or will not have the correct details.
- Review your account activity on a regular basis to check for any transactions or activity that you don’t recognize.
- Don’t send personal identification information over the internet. Hackers can easily retrieve sensitive data that is sent over an unsecured internet connection.
- Try not to use your SIN as a form of identification. Use other identification whenever possible.
- Be careful about what you throw out or recycle. An identity thief will pick through your garbage or recycling bins. Be sure to shred receipts, tax returns, financial statements or anything with personal or financial information
If you think you have been a victim of identity theft
- If you suspect your account has been compromised, please report it to us immediately
- This will allow us to take appropriate steps to help prevent fraud.
- Contact local police and file a report about the fraud.
- Contact Canada’s credit reporting agencies – Equifax and TransUnion - and have a fraud alert put on your credit file. This could help prevent someone else from taking out a loan or credit card in your name.
The Canadian Anti-Fraud Centre also has a website full of tips to identify, prevent, and report all types of fraud.