It is important that your financial and personal information is protected while banking online.  Your credit union has numerous security practices and measures to protect you; but there are steps you should take as well. 
Any computer can become infected with malicious software (malware).  The malware can attempt to collect your internet transaction to steal passwords, PIN numbers, banking/account information, and personal identity information.

NOTE: This information is strictly intended to assist you in your efforts to protect yourself from cyber (computer) crime.  It does not replace the requirements under any existing user agreement(s).

Member Responsibilities

• Limit the computers used for online banking to ones that you can be reasonably certain have current virus/spyware (malware) and firewall protection, and that is set to automatically install updates;
• Review your account statements/transactions and report any unauthorized transactions to your credit union immediately;
• Protect passwords and PIN numbers; never share them.  Passwords and PINs should be memorized and not written down;
• Use only operating systems that are current and supported by the vendor (example: Windows XP is no longer supported by Microsoft-therefore should not be used);
• NEVER use public computers to conduct online banking transactions.

Summary of Best Practices

• If a scam artist or suspected scam artist contacts you or if you’ve been defrauded, in addition to contacting your credit union immediately, law enforcement also recommends you call The Canadian Anti-Fraud Centre at 1-888-495-8501.  The Canadian Anti-Fraud Centre will gather evidence and alert law enforcement in Canada and abroad.  Reporting scams can prevent others from becoming victims and will help reduce fraud;
• If you are a victim of fraud, report the fraud to police and file a report.  Ask for a copy of the report  as you may need it;
• Apply any recommended security updates in a timely manner;
• Don’t give personal information or account numbers to anyone until you have confirmed their identity and never provide this information over the phone or computer;
• When setting up passwords or PIN numbers, be sure not to use the same password or PIN for multiple access points and ensure they cannot be easily guessed;
• Change passwords and PINs frequently;
• Be wary of online offers from websites you are not familiar with;
• Never leave your computer unattended while it is logged on to online banking;
• Always exit online banking using the “log out” button and close the browser;
• If something sounds “too good to be true” visit your credit union and/or call The Canadian Anti-Fraud Centre for advice.

Be Present

You should never leave your computer unattended while using online banking services. Always exit online banking using the logout button and close your browser if you step away from your computer. (Your browser may retain information you entered in the login screen and elsewhere until you exit the browser.) Be vigilant about who is around you.

Public or Shared Computers?

• Never use public computers (for example, at libraries and Internet cafes) for secure or confidential transactions.
• Don’t allow caching. Prevent the browser from storing in memory the pages that you view (called “caching”) by checking the box for “enhanced security” located on most secure login screens, especially if you are using a shared computer.
• Disable automatic password-save features in the browsers and software you use to access the internet.

Is the Computer and Site Secure?

• Protect your computer with a firewall, anti-spyware and anti-virus software. Update the anti-virus software frequently (daily if possible). Install new security patches as soon as your operating system and Internet browser manufacturers make them available.
• Find the security certificate. Click on the padlock in the lower right corner of your screen. If the page is truly legitimate, clicking on the padlock will show you the security certificate details for the site. A fraudulent site will not provide such details.
• Look for HTTPS://. Check the address of any pages that ask for personal account information. Does the address begin with “https” or “http”? Legitimate banking websites that ask members to enter account information will have “https” in the address to indicate that the page is secure.
• Clear any tracking cookies for extra security. Easy-to-follow directions can be located online.

Are You Banking Securely?

• Close your browser and restart it before online banking. If you’ve set up your browser correctly, doing this will erase any questionable sites you’ve visited from the browser’s short term memory.
• Make it difficult for others to guess your Personal Access Code (PAC), by using, where possible, a combination of letters and numbers in your password. See below for additional PAC safety tips.
• Ensure you are on the right site. Type in the credit union’s web address yourself. Don’t follow unclear links, especially from suspect emails.

Personal Access Code (PAC)

Only individuals who provide an authentic Personal Access Code (PAC) can access your account information. Your PAC is your key for online access, and is for your use alone. It is your responsibility to ensure that your PAC is protected, and to observe the following security practices:

• Select a PAC that is easy for you to remember but difficult for others to guess.
• Do not use another password or part of your ATM PIN (password).
• Keep your PAC confidential and do not share it with anyone.
• Do not write your PAC down or store it in a file on your computer.
• Never disclose your PAC in a voice or email, and do not disclose it over the phone.
• Ensure no one observes you typing in your PAC.
• Change your PAC on a regular basis. We suggest every 90-120 days.

To learn more about browser security, please visit the Microsoft, Mozilla or Symantec websites. To ensure a safe and secure Internet session, only visit reputable sites.