Security is everyone's responsibility
Concerned about online account services and security?
You can rest assured that FirstOntario Credit Union has your information security at the top of mind when it comes to accessing your accounts online. There are a couple of steps you can take however to ensure even greater security when accessing online account services.
- Make sure your computer, tablet and smartphone have up to date antivirus software
- Avoid accessing your accounts online when using unsecure public WIFI services
The internet has changed the way financial institutions do business. Online account services provides convenient access to your financial information and the ability to perform transactions from home, work or other locations.
It is important to be aware that when you communicate via the Internet, other people and software can also communicate with your computer. An inadequately protected computer can be accessed by unknown parties or a virus in a very short period of time.
What We Are Doing To Protect Your Security
We take many precautions to protect our online account services environment and ensure your information is safe.
Our online services offer you the best security currently available in a commercial environment so your personal and financial information is protected while in transit between your computer and our server. This is done through the use of industry standard security techniques such as encryption. Encryption ensures that information cannot be read in transit or changed by scrambling the data using a complex mathematical formula.
Some browsers can create a more secure channel. We use only the strongest channel available - referred to as 128-bit SSL (Secure Socket Layer). If you have a browser that only supports ‘weaker’ encryption such as 40-bit or 56-bit SSL, you will need to upgrade your browser before using our site. The longer and more complex the ‘key’ is, the stronger the encryption. The 40 and 128 refer to the length of the key. Since 128 digits are longer than 40, it is more secure.
We also ensure that only individuals who provide an authentic Personal Access Code (PAC) can access your financial information. To help you protect your information, your online account session will end automatically if there has been no activity for 15 minutes.
About Increased Authentication
Increased Authentication provides an additional layer of security to the login process. Upon registering, it requires that you set up three security questions with answers for each. Then, whenever you log into Online or Mobile Banking, you may be asked to answer one of your three questions for security purposes.
Access to our databases is strictly managed and systems are in place to ensure security is not breached, including the physical security of our computer hardware and communications.
For more information on the specific policies and practices that we use to safeguard your personal and financial information, please view our Privacy Statement.
Alerts can help you stay informed. As a Member you have the option to choose from a variety of alerts that can be personalized to meet your needs.
The following alerts can be received by email and/or text message anytime, anywhere:
- New Payee Added – You will receive an email and/or text confirmation that the payee was successfully added.
- Personal Access Code (PAC) Changed – You will receive an email and/or text confirmation that your personal access code (PAC) has been changed.
- Online Account Services Locked Out – You will receive an email and/or text confirmation that your online account has been locked.
It is easy to choose alerts. Simply go into your online account services and you will be prompted on how to set up the alerts you want.
Protecting Your Computer
We have provided a secure channel for our Members to communicate with us. Once the information has reached your computer, it's up to you to protect it. To protect your information, you should:
- Never leave your computer unattended while using our online account services.
- Always exit the site using the Logout button and closing your browser if you step away from your computer. Your browser may retain information you entered in the login screen and elsewhere until you exit the browser.
- Secure or erase files stored on your computer by your browser so others cannot read them. Most browsers store information in non-protected (unencrypted) files in the browser's cache to improve performance. These files remain there until erased. They can be erased using standard computer utilities or by using your browser feature to ‘empty’ the cache.
- Disable automatic password-save features in the browsers and software you use to access the Internet.
- Install and use a quality anti-virus program. As new viruses are created each and every day, be sure to update your anti-virus program often. It is recommended you update anti-virus definitions weekly. Scan all download files, programs, disks and attachments and only accept files and programs from a trusted source.
- Install and use a personal firewall on your computer to ensure others cannot access your computer through the internet.
- Install new security patches as soon as your operating system and Internet browser manufacturers make them available.
- Install an anti-spyware program and check your computer regularly.
Protect Your Information Online
- Don’t send personal information in email or instant messages. It is too easy for someone to intercept and read your information. Remember, it is out of your control once you send it.
- Limit personal information you post on the Web and restrict who can access it. Facebook is great for connecting with friends, but don’t post anything —like your birthday or full name—that could be used to steal your identity.
- Unless you know and trust the sender, don’t open files, download programs or click links in emails or instant messaging. Phishing scams often use these techniques to try to steal your identity.
- Dedicate one credit card solely for online purchases. Monitor your statements for any suspicious activity.
- Keep your web browser updated to ensure you have the latest security features installed. Like any other software, web browsers need to be kept up-to-date to protect against security vulnerabilities. They are also equipped with encryption capabilities that help keep your data safe as it travels the Internet. Check the online help feature or get more information about security features on the manufacturer’s website.
- Avoid storing sensitive information like credit card numbers or your Social Security Number on your computer. If your computer is compromised, you’ll be less exposed.
- Before disposing of an old computer, use a utility program to “wipe” your hard drive. Deleting files isn’t enough to ensure all the sensitive information on your old hard drive stays safe. If you need help, there are services that will do this for you.
- Download, install and update firewall, anti-virus and anti-spyware security software regularly from a reputable vendor. This will help protect your computer from intruders looking for your personal information.
- Be smart about your passwords. Use strong passwords that include a combination of upper and lower case letters, numbers and symbols. Don’t enable a login screen to save your password and remember to log off when you leave a secured site. This will prevent unauthorized users from getting into your accounts.
Protecting Your Information When Using a Public Computer
You should be extra vigilant when using publicly available computers. Even if you adopt the tips above to protect your information, you need to bear in mind that even benign programs, like popular desktop search programs, can pose a security risk. Certain programs, such as Google Desktop, cache items that you have viewed so you - or potentially, an unwelcome third party - can easily search and find those pages later again.
- To learn more about browser security, please visit Microsoft website.
- To ensure a safe and secure Internet session, only visit reputable sites.
- If you visit any questionable website beforehand, we recommend you close your browser and restart it before proceeding to use our online account services.
What Do You Need To Do To Protect Your Password (PAC)?
Protecting your Personal Access Code (PAC)
In order for us to ensure that only you are accessing your accounts, we need a unique way of knowing that it's you. Just as the key to your home protects unwanted entry, the online account services ‘key’—your Personal Access Code (PAC)—ensures that only you can access your accounts.
It is your responsibility to ensure that your ‘key’ to online account services is protected. Please observe the following security practices:
- Select a PAC that is easy for you to remember but difficult for others to guess.
- Do not select a part of your PIN (your ATM ‘key’) or another password.
- Keep your PAC confidential and do not share it with anyone.
- Do not write your PAC down or store it in a file on your computer.
- Never disclose your PAC in a voice mail or email, and do not disclose it over the phone.
- Ensure no one observes you typing in your PAC.
- Change your PAC on a regular basis. We suggest every 90–120 days.
Protect Your PIN, Protect Your Money
Canadians use their bank cards millions of times each day for purchases and cash withdrawals from Automated Teller Machines (ATMs). In fact, Canadians are one of the biggest users of debit and ATMs in the world. With INTERAC® shared services; cardholders have convenient access to their cash 24 hours a day, seven days a week.
What is the "Protect Your PIN" icon?
The "Protect Your PIN" icon features a stylized PIN pad being shielded by hands combined with a "Protect Your PIN" tagline. This icon was developed to increase cardholder’s awareness around PIN protection. The Association and its members want to reinforce the importance of PIN security as something cardholders do every time they use the INTERAC® shared services.
However, any debit card fraud is of concern. Interac Association and its members are working to combat these incidents on several fronts. As part of this, the Association has identified the need to increase the awareness of PIN security among cardholders to help prevent debit card fraud in Canada.
Why do I have to protect my PIN?
Your debit card and PIN are the keys to your account(s). They are both required to complete a transaction so you should keep them in a safe place and never lend them to anyone. Even if criminals get access to your card, they need the PIN to get access to your money - so remember to protect your PIN.
*Please note: All fraud related reports connected to a financial loss will be thoroughly investigated by FirstOntario. Any confirmed failure to protect your password or PAC/PIN information will result in non-reimbursement of funds.
Fraud: Recognize It. Report It. Stop It.
What is electronic identity theft?
Electronic identity theft can occur when you respond to a fraudulent email that asks for your personal financial information. Armed with this information, a person may be able to access your accounts or establish credit, pay for items or borrow money using your name. You can help protect yourself from electronic identity theft by following some simple precautions.
- The easiest way to tell if an email is fraudulent is to bear in mind that we will never ask you for your personal passwords, personal information numbers or login information in an email. Legitimate financial institutions do not include links to their websites in email communications to customers.
- When accessing your accounts online, check the address of any pages that ask you to enter personal account information. In the toolbar at the top of the page, any legitimate website belonging to a financial institution will begin with ‘https’ to indicate that the page is secure.
- Look for the padlock found in the lower or upper right corner of your screen. If the page is legitimate, by clicking on the padlock, you can view the security certificate details for the site. A fraudulent site will not have these details.
- Type in our web address (https://www.firstontario.com) yourself to ensure you are transacting with our server only.
- Check your account and credit card statements regularly to ensure that all transactions are legitimate.
Contact FirstOntario Credit Union immediately if you suspect someone has gained knowledge of your password (PAC)/PIN, or if you suspect any loss, theft or unauthorized use of your account.
What is Phishing?
Phishing is a technique used to gain personal information for purposes of identity theft by using fraudulent email messages that appear to come from legitimate sources. The message may look quite authentic, featuring corporate logos and formats similar to the ones used for legitimate messages.
- Never reveal information, such as passwords, to anyone making contact with you.
- Do not forward any credit card details and/or account numbers through email.
- Do use anti-virus and anti-spyware software, as well as a firewall, and update them all regularly.
- Do not reply to any email asking to verify your personal data. You will find that legitimate vendors and merchants do not send such requests via email.
- Never send personal or financial information to anyone via email.
- Ensure that all of your software is up to date- for instance, if you use Microsoft Windows, run Windows Update every day when you first connect to the internet. If you use other operating systems or browsers then check daily for patches or updates. Security loop-holes are regularly discovered in software.
- Make sure you're on a secure web server when submitting credit card or other sensitive information via your web browser.
- Check the beginning of the web address in your browser’s address bar - it should be "https://" rather than just http://.
- Delete requests for your password
- Be suspicious of any requests for financial information
- Don't click links in unexpected email.
- Type the organization's main URL into your web browser's address bar and navigate from there
- Call the organization using a telephone number from a reliable source (ie: telephone directory or legitimate, printed, letterhead)
- Do not fill out forms embedded in email messages
- Use modern versions of browsers such as Chrome, Firefox, or Internet Explorer and configure them to automatically update.
- Regularly log in to your online accounts and check your transactions, grades, etc. (Avoid using public computers for financial and other sensitive communication. Password sniffing software or hardware may be installed on public computers)
What is telephone fraud?
In Canada, the police and the Canadian Anti-Fraud Centre (Phonebusters) have received many complaints regarding telephone scams over the years.
"If it sounds too good to be true, then it probably is"
Use of the telephone for the sale of a wide range of services or products can be an effective, legitimate marketing tool for any number of Canadian businesses. However, the legitimacy of well-known companies has provided an excellent opportunity for criminals.
Criminals use the same techniques as legitimate companies, but hide behind the anonymity of the telephone and attempt to defraud thousands and thousands of Canadians each year.
- The key to not becoming a victim is to just hang up.
- Be suspicious of any unsolicited calls where someone claims you have a computer security problem.
- DO NOT believe that everyone calling with an exciting promotion or investment opportunity is trustworthy, especially if you do not know the caller or the company.
- DO NOT invest or purchase a product or service without carefully checking out the investment, product, service, and the company.
- DO NOT be afraid to request further documentation from the caller so you can verify the validity of the company.
- DO NOT be fooled by the promise of a valuable prize in return for a low cost purchase.
- DO NOT be pressured to send money to take advantage of a "special offer or deal."
- DO NOT be hurried into sending money to claim a prize that is available for only a "few hours"
- DO NOT disclose information about your finances, accounts or credit cards (not even the credit card expiry date).
- DO NOT be afraid to hang-up the phone.
- DO contact the Canadian Anti-fraud Centre if you are contacted by someone who promises you great prizes, but you are required to send money in advance for shipping, handling, taxes, etc.
- DO contact the Canadian Anti fraud-Centre if you are contacted by someone who says that you have won a prize, but you have to purchase a product to qualify.
- Mobile phones present the same security tasks as computers do.
- To avoid viruses, do not install illegal software or open attachments sent to you in email.
- Make sure you password protect your screen lock to prevent the phone being used or your personal information viewed if the device is stolen or lost.
- Be careful what you discuss when using a mobile device.
- Disabled the Bluetooth component on your device until you need it.
What is Malware?
Malware (or malicious software) is software which gets onto your PC and causes viruses, worms or Trojans to run without you even knowing. You will never know that you have malware on your PC until you begin to experience system degradations or system crashes. Basically, Malware is a computer program that invades your system when you open email attachments, visit websites, when opening instant messaging sessions or during file-sharing sessions.
Ensure your virus and malware protection is updated on a regular basis.
What is Spyware?
Spyware, sometimes called a spybot, is a program which installs itself on your PC (usually without your permission) in order to monitor (spy) all your activities on your PC and online. Spyware works by running a program behind the scenes on your PC. You are unlikely to know that you're being monitored. Some types of spyware will run to cause a nuisance on your machine by launching advertising pop-ups or changing the browser homepage. Other items which come under the spyware spectrum include tracking cookies, which collect information from thousands of sites to see who visits what and when, along with other items which bury themselves deep into the PC memory and track other data.
- Keep all of your software up to date
- Adjust Internet Explorer security settings
- Use a firewall
- Explore and download more safely
- Download and install antispyware protection
What is Spam?
Spam is any unsolicited communication received electronically. Typically, we think of email but instant messaging can also be a source of spam. Spam can be an entry point for spyware or malware. Spam is the mass mailing of a single email to thousands or millions of recipients. The spam perpetrator, known as the spammer, obtains a list of valid email addresses from one of several sources, then fires out as many emails as the spammer wants, hoping to get a percentage of profitable responses. The spammer can send out thousands of emails in a very short period with really no expense other than the bandwidth necessary to mail out all those emails or just the cost of the internet connection itself.
- Stop posting your email address on a public forum or website
- Avoid certain sites and software programs
- Use spam blocking tools
- Do not reply to spam email
"Key logging" is a way for hackers to get information from your computer. A hacker can install software or a physical device onto your computer. Both enable a hacker to track everything you type on your keyboard. This includes passwords, email, websites visited, credit card information — anything you type.
- You must be vigilant in your efforts to secure your computers and information resources. Please be alert to attempts to gain access to computer information.
- Keep all of your software up to date
- Adjust Internet Explorer security settings
- Use a firewall
- Explore and download more safely
- Download and install antispyware protection
In the News
In Toronto, Hamilton and Niagara Region, law enforcement officials arrested multiple suspects who were accused of being part of an international crime effort to steal money from ATMs.
What is skimming?
According to the ATM Industry Association, card skimming, which can also occur on other types of point-of-sale devices, is defined as 'the unauthorized capture of magnetic stripe information by modifying the hardware or software of a payment device, or through the use of a separate card reader.' Crooks often also capture PIN data and then create dummy cards in order to drain a victim's account. The funds are often not taken until several months later.
The effects of this crime have implications for both consumers, who lose their money, and businesses, who often suffer a blow to their image, or even their reputation for security, if one of their machines is affected. ATM security experts urge customers using machines, and businesses maintaining them, to develop secure habits.
- FirstOntario Credit Union recommends using an ATM you are familiar with so you know what it should look like and check it to make sure that it is solid and sturdy. Criminals often place fake readers that look like real ones over the slot where the card is placed or swiped. This captures the card information. But if you have your eye out for them, they are sometimes easy to spot.
- Look for fake readers placed over card slots "put your hands on it and see if you can wiggle it”.
- Cover your PIN, another way skimmers get PIN info is by installing small, hidden cameras somewhere inside the machine. They can be in the wall, or even hiding inside marketing materials, like pamphlets which appear to be innocently sitting off to the side.
- A good habit to get into is covering your PIN with your hand, even when you are alone. This may prevent a camera from detecting it and may also stop another type of scam: shoulder surfing, which is done by a person who lurks nearby that is part of the scam who records your PIN for later use.
- Avoid overly helpful people, crooks get PIN numbers by hanging out near or inside an ATM and offering help when the unit fails to "work." The scam involves capturing the card and the victim is perplexed as to why the machine is having problems. A helpful bystander will offer to help and ask for the person's PIN. Of course, once they have it, the card is as good as theirs.
- Monitor accounts regularly
- Failing all else, if you are hit by a skimming scam, your best defense is awareness of your own financial accounts. Regular monitoring will keep you on top of any suspicious activity that may occur as the result of a compromised account. Reporting fraudulent activity as quickly as possible gives you the best possible chance to recover your losses.
Summary of Possible Signs That You May Have a Security Problem Caused by Any of These Threats
- Lots of pop-up windows in the web browser
- Cascading windows that cannot be closed
- Slow PC and gets worse over time
- Takes up large amounts of hard disk space
- Reduced internet speed
- Cannot acess the Internet
- PC restarts on its own
- Web browser freezes up
- Home page changed in web browser and cannot be reset
- Changes in your web browser such as unfamiliar links in Favourites, different default search engine and new buttons on toolbar
- New shortcuts appear on the desktop, the task bar, or even the system tray that the user did not put there
- Firewall and anti-virus software mysteriously turned off
Firewall alerts the user to an unknown program or process trying to access the Internet, or one trying to access the PC. If you experience any of the above, call your PC technician and have them run a diagnostic scan on your computer device.
http://www.Antifraudcentre-centreantifraude.ca/ - Canadian Anti-Fraud Centre
http://www.vaonline.org/fraud.html - Victim Assistance Online
FirstOntario Credit Union has provided this information as high level guidance only. If you require additional details, please utilize the many resources available on the internet by searching the term you are looking to further understand.
All reports related to fraud that is connected to a financial loss will be thoroughly investigated by FirstOntario.