Security
Your online security is our top priority
We have put a number of measures in place to ensure our digital banking is safe and secure and that your information is protected. Learn what we do to protect you and your online banking information, and how you can protect yourself. If you're looking for more information regarding our privacy policy, please visit our privacy page.
The following list of permissions and activities are required by our mobile app to operate. These include:
- “Access Camera” permission is used by the app to deposit a cheque via mobile deposit capture, store a custom profile picture and background.
- “Access Location” permission is used by the app to accurately locate the nearest ATM or branch in the “Find Us” feature.
- “Call Permission” is used to automatically call the user’s preferred branch by tapping on the phone number in the “Find Us” feature.
- “Contact List” permission is used to set up new Interac e-Transfer® contacts and send an Interac e-Transfer®. Only the device contact information a user confirms is readable by Interac.
- “Internal Storage” permission is required to view, share, and download PDF files from the mobile app to a user’s device.
- “App Activities” uses mobile app interaction data for analytics on usage and crash information for the current app version. We also monitor application stability using the crash logs to make ongoing improvements. Data collected on app activities, information and performance is completely anonymous and aggregated – individual users are not identifiable.
BVCU uses encryption and firewalls as part of our cybersecurity program for protecting our members.
A series of firewalls prevent unauthorized access to our internal systems. As data comes to us over the internet from your device, it goes through a series of safety checkpoints so that only authorized messages and transactions enter our computer systems.
We physically secure our internal servers, telecommunications systems and service centres so that your personal and financial information is protected physically as well as digitally.
The password that you use for online and mobile banking, as well as the Personal Identification Number (PIN) for your debit card, are inaccessible to us and we will never ask you to reveal them. Our online banking system uses two-factor authentication, a security feature that sends unique one-time passcodes for certain security sensitive activities. Examples would be adding bill payees, updating your contact information and resetting your password.
Protect your password
Just as you play a vital role in ensuring the security of your home and your possessions, you share in the responsibility for protecting your personal information.
Just as you play a vital role in ensuring the security of your home and your possessions, you share in the responsibility for protecting your personal information.
- Select a password that is easy for you to remember but difficult for others to guess.
- Do not use a part of your PIN (Personal Identification Number) or existing passwords you use on other sites.
- Keep your password confidential and do not share it with anyone.
- Do not write your password down or store it in a file on your computer.
- Never disclose your password in a voice message or email, and do not disclose it over the phone.
- Ensure no one observes you typing in your password.
- Change your password on a regular basis. We suggest every 90–120 days.
- Do not reuse passwords.
Protect your computer or device
- Never leave your computer or device unattended while using our digital banking services.
- Always exit the site using the Logout button and close your browser if you step away from your computer or device. Your browser may retain information you entered in the login screen and elsewhere until you exit the browser.
- Secure or erase files stored on your computer or device by your browser so others cannot read them. Most browsers store information in non-protected (unencrypted) files in the browser's cache to improve performance. These files remain there until erased. They can be erased using by using your browser’s features to empty the cache. See your browser’s ‘Help’ section for more information about how to clear your browser’s cache.
- Install and use a quality anti-virus program. Be sure to update your anti-virus program often. It is recommended you configure your anti-virus program to check for and automatically install updated definitions daily. Scan all downloaded files, programs, and attachments, and only accept files and programs from a trusted source.
- Install and use a personal firewall on your computer to ensure others cannot access your computer through the Internet.
- Install new security patches as soon as your operating system and Internet browser manufacturers make them available.
- Install an anti-spyware program and check your computer or device regularly.
Operating systems
Your computer's operating system needs to be up-to-date in order to defend itself from viruses and malicious software (malware). If a virus compromises part of your operating system, it leaves holes in your computer’s security and compromises the safety of all the information stored on your computer.
It is much harder for viruses to infect an updated operating system and software. Software companies issue security patches regularly to protect against new viruses and malware. You should always download the latest security patch as soon as it becomes available.
Your operating system notifies you when updates are available to download. You can also upgrade your operating system to the latest version available from the manufacturer; however, you should ensure your computer can support an upgrade.
To get rid of a virus that has infected your computer, you may have to completely re-install your operating system. Back up your files regularly to an external hard drive or online account, so you'll have them if you ever have a problem with your operating system.
Browsers
Regardless of which browser you use, stay safe online by using the latest version available. The latest versions of web browsers have security features that can identify and block harmful or fake websites and pop-ups, and warn you if a site is flagged as unsafe. Some browsers also have a 'Private Browsing' feature, which conceals your browsing history from others.
Firewalls
A firewall protects your computer and home network from harmful websites and hackers. It sits between your computer and the Internet, scanning information that is being transmitted and blocking unauthorized intrusions. Firewalls also stop your computer from being used by hackers to send malicious software to other computers.
Most computers now come with a firewall as part of the standard operating system. However, you can increase your computer’s protection by installing additional firewalls and ensuring they are kept up-to-date.
Protecting your smartphone
Smartphones let you surf, shop or bank wherever you are. Make sure your information stays secure while you're on the move by following these smartphone-safe browsing tips:
- Activate your phone's password feature, which locks the screen and prevents anyone but you from accessing your phone. Set up the password feature on your phone with a code that only you know, or use the fingerprint or face unlock features, if they are available for your phone.
- Don't connect to unknown networks through Wi-Fi hotspots to make financial transactions. Use a virtual private network (VPN) or your phone or device’s data plan instead.
- Beware of smishing – that's phishing on phones through text messages. Never download media or images, or click on text-message links that come from people or phone numbers you don’t recognize. Never provide personal details or account information using email, social media chat functions, or text messages, as these are not secure. If you are unsure if a message came from us, please contact us by phone, or use the secure messaging within the digital banking app or site.
- Download apps exclusively from the official source for your smartphone's platform, such as the Android, Apple or BlackBerry stores. Look at the permissions apps request before downloading them. If there is no clear reason why the app should have the access it requests, consider not downloading it. (For example, there is no reason a free game app should have access to view call logs or make and receive calls.)
- Install anti-virus software for your smartphone when available and update it frequently.
- Install location finding applications, which work with your phone's built-in GPS. These applications allow you to locate and/or remotely erase data in your phone if it is lost or stolen.
- Update your smartphone's operating system as soon as newer versions are available.
- Back up your smartphone regularly. Most mobile devices can be set to automatically back up to an online account at regular intervals.
Protecting your information when using a public computer
We advise against using publicly available computers to access digital banking. Even benign programs, like popular desktop search programs, can pose a security risk. Certain programs, such as Google Desktop, cache items that you have viewed so you - or potentially, an unwelcome third party - can easily search and find those pages later again.
If you come across a program like this when you are using a public computer, adjust the search program preferences so it does not store secure pages you wish to view. If you forgot to adjust the preferences before banking online, you can remove the stored items via the Google Desktop results page by clicking on the Remove Items link.
To ensure a safe and secure Internet session, only visit reputable sites. We recommend you clear your browser history, run a virus scan, and restart your browser before logging in to digital banking.
Free public Wi-Fi offered by places like restaurants and coffee shops can be vulnerable to interference from hackers. These networks can even be set up by hackers to pretend to be free Wi-Fi networks, but are really used to steal information from anyone who connects to them, including login credentials. We advise against using these networks to access digital banking.
Tips for safe computing
- Protect your personal information. Be aware of current online ploys that try to get you to provide personal and/or financial information. Do not respond to unsolicited emails or phone calls that ask for confidential information.
- If you don't know the source of an email or if it looks suspicious, do not open it. Never click on a link or attachment in an email that you suspect may be fake. Even if an email looks real, we advise that you open your browser and type in the address of our site yourself instead of clicking a link in the email. That way, you can always be sure you’re going directly to our real website.
- Remember to log off. Ensure that you always properly log off and close your browser. This will prevent others from being able to view this information later.
- Safeguard your PINs and passwords. Never share your passwords with anyone, for any reason. Use passwords that are difficult to guess. Change your passwords frequently.
- Be wary of pop-up windows, especially those that request financial or identification information. Avoid clicking any "action" buttons in a suspicious pop-up window.
Phishing
A common way for Internet scammers to obtain your personal information is through a method called phishing. Phishing is when fraudsters send emails or SMS text messages which appear to be from your financial institution. You are asked to log in to your online banking to verify account information. The message instructs you to click on a link that takes you to a copy of your digital banking site – one that’s hard to tell apart from the real site – where you'll be asked to enter your credentials. The fake site will capture your credentials, which fraudsters can then use to log in to your digital banking.
A common way for Internet scammers to obtain your personal information is through a method called phishing. Phishing is when fraudsters send emails or SMS text messages which appear to be from your financial institution. You are asked to log in to your online banking to verify account information. The message instructs you to click on a link that takes you to a copy of your digital banking site – one that’s hard to tell apart from the real site – where you'll be asked to enter your credentials. The fake site will capture your credentials, which fraudsters can then use to log in to your digital banking.
Phishing scams may also seek personal details, such as your address, social security number or mother's maiden name. The details obtained can then be used for identity theft. Phishing emails may include:
- Warnings about account closures
- Requests to update your information
- Offers to register for a new service
- Offers for pre-approved credit cards
- Free virus-protection programs
Phishing emails also often have some telling signs, including:
- Poor spelling or grammar
- Alarmist content, warning that your account will be closed if you don't provide your banking or personal details immediately
- Notices that you've won a prize and are required to pay a fee in order to claim it
Never provide personal details or any account details in an email. If you receive a message that you are unsure about, please contact us by phone, in person, or through secure messaging in digital banking.
Pharming
Another way for hackers to get their hands on your personals details is by pharming them. Pharming occurs when hackers compromise your computer to redirect you to fake websites. With pharming, you get sent to a fake website even when you type the correct address directly into your browser. Once there, you are asked to enter your digital banking credentials or account information, which hackers take and use for criminal activity.
How to avoid Phishing and Pharming scams
We will never send you emails or communications asking you to verify or provide your online banking details. Never use a link provided in an email to access your digital banking. Do not open emails, texts, or attachments from unknown sources. Scan emails and attachments with your anti-virus software before opening them.
Always type your financial institution's website address directly into your browser and remember to look for confirmation that you are browsing securely. The letter "s" in 'https' indicates you are navigating in a secure site. Look for the 'https' when online shopping, too.
Don't feel panicked when phishing emails caution of immediate account closures if your banking details cannot be verified. Don't believe emails warning that your account has been compromised or that you'll miss out on a great deal if you fail to act immediately. If you are concerned, call or visit one of our branches.
Malware
Malicious software (malware), spyware, worms and Trojans are the same class of destructive viruses, just with different names. They can steal your personal information, take over your computer, and use it to attack other people's computers. Your computer can become infected through email attachments, downloading infected content, or visiting harmful websites.
Spyware
Spyware is exactly what it sounds like – tracking software that is downloaded to your computer without your knowledge when you visit certain Internet sites. Secretly, it gathers information about you and your browsing habits. This information can include passwords and personal data. It can also interfere with user controls and disable legitimate anti-virus programs.
The best way to protect your computer against spyware is smart browsing. Stay away from sites that look unsafe and avoid streaming or downloading content from untrustworthy sources. Many anti-virus products offer targeted spyware solutions that inspect your operating system, installed programs, downloads, and files.
Scareware
One of the most common viruses to watch out for is known as scareware. These scams pop up on your screen and display alarmist warnings, telling you a virus has invaded your computer. Scareware prompts you to download (and often pay for) fake anti-virus software to remove the non-existent viruses. Scareware is a scam that tries to trick you into paying money in exchange for nothing.
You can protect against scareware by keeping your anti-virus software up-to-date and by being judicious about what you choose to download to your computer. You should also be familiar with the look of your legitimate anti-virus program, so you won't be fooled if one of these pop-ups appears.
Wi-Fi
These days, everyone is on the go and it's not uncommon to access Wi-Fi at coffee shops, hotels, restaurants or airports. Using wireless networks to access information is convenient, but not risk-free. Be smart when you surf. Protect yourself from threats by:
These days, everyone is on the go and it's not uncommon to access Wi-Fi at coffee shops, hotels, restaurants or airports. Using wireless networks to access information is convenient, but not risk-free. Be smart when you surf. Protect yourself from threats by:
- Not using a shared computer to access your digital banking. We strongly recommend not using shared or public devices to access digital banking.
- Managing your digital banking only from secure networks. We recommend that you don't use unsecured public networks for anything sensitive.
- Connecting only to password-protected networks. If there are several networks available, ask employees of the organization which network they operate.
- Never leaving your computer or device unattended, especially if you are logged into your digital banking.
- Using different passwords and security questions. If someone obtains your login credentials for one site, such as a social networking site, you don't want them to be able to access your other ones.
- Ensuring you log out before you close your browsers.
Shopping online
Online shopping is the epitome of convenience. There are no lines and no crowds, but it can also be a haven for fraudsters. Consider the following tips when shopping online to ensure your information stays secure:
Online shopping is the epitome of convenience. There are no lines and no crowds, but it can also be a haven for fraudsters. Consider the following tips when shopping online to ensure your information stays secure:
- Make sure that you are shopping at a trusted retailer when you enter your credit card details online.
- Use a reputable escrow service such as PayPal where possible.
- Provide retailers with only the necessary details to complete the transaction. These include your credit card number, expiry date, the security code on the back of the credit card and the card's billing address. Never provide your social insurance number, account details or your mother's maiden name. For shopping sites that require you to register with a username and password, we recommend you do not use your digital banking password.
- Use your credit cards only on websites that use secure browsing technology on the screens where you enter your card information. Ensure the web address begins with 'https' (as opposed to 'http') and has a closed padlock icon in the address bar.
- Ensure that smaller retailers requesting credit card details have reputable contact details and a physical address, and that you feel comfortable with providing them your card information.
What are cookies?
Cookies are small text files containing a string of characters that can be placed on your computer or mobile device that uniquely identify your browser or device.
Cookies are small text files containing a string of characters that can be placed on your computer or mobile device that uniquely identify your browser or device.
What are cookies used for?
Cookies allow a site or services to know if your computer or device has visited that site or service before. Cookies can then be used to help understand how the site or service is being used, help you navigate between pages efficiently, help remember your preferences, and generally improve your browsing experience. Cookies can also help ensure marketing you see online is more relevant to you and your interests.
What types of cookies does BVCU use?
There are generally four categories of cookies: “Strictly Necessary,” “Performance,” “Functionality,” and “Targeting.” BVCU routinely uses the first three categories of cookies on our website. You can find out more about each cookie category below.
- Strictly Necessary Cookies. These cookies are essential, as they enable you to move around the website and use its features, such as accessing logged in or secure areas.
- Performance Cookies. These cookies collect information about how you have used the Service, for example, information related to the unique username you have provided, so that less strain is placed on our backend infrastructure. These cookies may also be used to allow us to know that you have logged in so that we can serve you fresher content than a user who has never logged in. We also use cookies to track aggregate Service usage and experiment with new features and changes on the Service. The information collected is used to improve how the Service works.
- Functionality Cookies. These cookies allow us to remember how you’re logged in, whether you chose to no longer see advertisements, whether you made an edit to an article on the Service while logged out, when you logged in or out, the state or history of Service tools you’ve used. These cookies also allow us to tailor the Service to provide enhanced features and content for you and to remember how you’ve customized the Service in other ways, such as customizing the toolbars we offer in the right column of every page. The information these cookies collect may be anonymous, and they are not used to track your browsing activity on other sites or services.
- Targeting Cookies. Our third party partners may use these types of cookies to deliver advertising that is relevant to your interests. These cookies can remember that your device has visited a site or service, and may also be able to track your device’s browsing activity on other sites or services other than their own. This information may be shared with organizations outside their organization, such as advertisers and/or advertising networks to deliver the advertising, and to help measure the effectiveness of an advertising campaign, or other business partners for the purpose of providing aggregate Service usage statistics and aggregate Service testing.
How Long will Cookies Stay on My Device?
The length of time a cookie will stay on your computer or mobile device depends on whether it is a “persistent” or “session” cookie. Session cookies will only stay on your device until you close your browser. Persistent cookies stay on your computer or mobile device until they expire or are deleted. All cookies placed on your device are session cookies except for the following:
The length of time a cookie will stay on your computer or mobile device depends on whether it is a “persistent” or “session” cookie. Session cookies will only stay on your device until you close your browser. Persistent cookies stay on your computer or mobile device until they expire or are deleted. All cookies placed on your device are session cookies except for the following:
- First and Third Party Cookies: First-party cookies are cookies that belong to BVCU, whereas third-party cookies are cookies that another party places on your device through our website. Third-party cookies may be placed on your device by an entity providing a service for BVCU, for example to help us understand how our service is being used. Third-party cookies may also be placed on your device by our business partners so that they can use them to advertise products and services to you elsewhere on the Internet.
Controlling and Deleting Cookies
You can easily adjust your browser settings to notify you when you receive a cookie so you can choose whether or not to accept it; disable your browser from receiving cookies; or delete cookies through your browser. Please consult the Help Function of your browser for more information. Be aware however that some features and services on our website may not work properly because we may not be able to recognize and associate you with your account. In addition, the offers we provide when you visit us may not be as relevant to you or tailored to your interests.
You can easily adjust your browser settings to notify you when you receive a cookie so you can choose whether or not to accept it; disable your browser from receiving cookies; or delete cookies through your browser. Please consult the Help Function of your browser for more information. Be aware however that some features and services on our website may not work properly because we may not be able to recognize and associate you with your account. In addition, the offers we provide when you visit us may not be as relevant to you or tailored to your interests.
Recognize it. Report it. Stop it. BVCU does our best to safeguard your interests, but you should also take precautions to protect your identity and your money.
Safety precautions for Digital Banking
- We will never ask you to provide your personal passwords, personal information numbers, sensitive personal information, or login information in an email.
- Type our web address into your browser yourself instead of clicking on a link in an email or electronic message to navigate to our website.
- When banking online, check the address of any pages that ask you to enter personal account information. Any legitimate digital banking site will begin with ‘https’ in the toolbar at the top of the page to indicate that the page is secure.
- Look for the padlock found in the address bar. If the page is legitimate, by clicking on the padlock, you can view the security certificate details for the site. A fraudulent site will not have these details, or will not have the correct details.
- Review your account activity on a regular basis to check for any transactions or activity that you don’t recognize.
- Don’t send personal identification information over the internet. Hackers can easily retrieve sensitive data that is sent over an unsecured internet connection.
- Try not to use your SIN as a form of identification. Use other identification whenever possible.
- Be careful about what you throw out or recycle. An identity thief will pick through your garbage or recycling bins. Be sure to shred receipts, tax returns, financial statements or anything with personal or financial information.
If you believe that you are a victim of fraud, take these steps:
STEP 1
Contact Bow Valley Credit Union immediately to report that you are or believe to be a victim of fraud. Additionally, notify any other financial institutions and credit card companies that may be at risk.
Bow Valley Contact Centre: 1-800-207-0068
STEP 2
Change the passwords on all online accounts and additional password protected websites and programs using a secure computer. If you are a victim of online banking fraud your information may have been obtained through a computer virus and used to fraudulently access online banking. If you cannot be certain your computer is secure, BVCU will temporary freeze your online banking access until all additional steps are taken.
STEP 3
If you have disclosed personal information to fraudsters, or are a victim of identity theft, we would strongly recommend that you place fraud alerts on your credit reports.
Equifax: 1-800-465-7166
Transunion: 1-877-525-3823
For each of the above credit bureaus:
- Obtain a copy of your report (victims of identity theft can receive copies of their credit reports for free) and ask that no further credit be granted without your approval.
- Make sure your account is flagged with a “fraud alert” for the maximum time allowable.
- Send these requests in writing and keep copies for yourself.
- Review the reports carefully and look for inquiries you didn’t initiate, accounts you didn’t open and unexplained debts.
STEP 4
Contact the proper authorities. File a report with your local police department. Keep a copy of the police report and provide the report number and officer name to BVCU, credit card companies, and any additional financial institutions affected.
Report the fraud to the Canadian Anti-Fraud Centre:
Toll Free: 1-888-495-8501
Email: info@antifraudcentre.ca
STEP 5
Keep copies of all documentation and communication. Stay educated! The more educated you are about fraud, the lower the risk you have of becoming a victim.