Staying Safe on the Internet
Increased Security - Enhanced PAC
As fraudsters evolve, it’s important that we keep digital security top of mind. One of the simplest ways to improve the security of our members’ web/digital banking is to implement longer Personal Access Code (PAC) requirements.
On or after March 12, 2019 you will be prompted to change your PAC to an Extended PAC format the first time you login.
Personal Access Codes must be between 9 and 30 characters and must have a mix of: - Upper and lower case alphabetical characters - Numeric characters - One or more of the following special characters: ` - ‘ . , # @ : ? ! ( ) $ \ /
eTransfer Security Tips
- ​Register for auto deposit. Having funds automatically deposited into your account removes the risk of a criminal intercepting the deposit email.
- Select questions and answers that are not easy for a third party to guess and cannot easily be found on social media. If the notification is intercepted, it will be harder for a criminal to answer and steal the funds.
- Do not put the answer to the security question in the message box.
- Be cautious of Phishing links and ensure that you are only transacting with trusted websites, vendors and people.
- Immediately notify your financial institution if you sense anything suspicious about your transaction.
Online banking makes managing your finances easy and convenient. However, there are measures you should take, and best practices you should follow, whenever you go online to access your accounts. Because your online security is our priority, we have compiled suggestions and tips for safe browsing to help you avoid falling victim to Internet threats.
If you notice any suspicious activities on your account, or have any concerns, please email fraud@gfcu.com
We have created a secure channel to communicate with our customers, but you need to do your part by maintaining your computer up-to-date and virus-free.
Operating Systems
Your computer's operating system needs to be up-to-date in order to defend itself from viruses and malicious software (malware). If one part of your operating system develops a virus, it leaves holes in your PC's security defences and compromises the safety of the information contained in your computer.
Keeping your software up-to-date is one of the most important ways of staying safe online because it is much harder for viruses to infect an updated operating system and software. Hackers are targeting operating systems with new viruses all the time and software companies combat these efforts with security patches. You should always download the latest security patch as soon as it becomes available.
Your operating system lets you know when updates are available by notifying you there are new security features to download. You can also upgrade your operating system to the latest version available from the manufacturer; however, you should ensure your computer has sufficient hardware capacity to support an upgrade.
Remember to back up your data. To fully eliminate a virus that has infected your machine, the re-installation of your operating system may be required. Protect yourself against the permanent loss of important data by frequently backing up your files on an external hard drive so you'll have the data should you ever have a problem with your operating system.
Browsers
Web browsers are the gateways to the Internet. Similar to having an up-to-date operating system, upgraded browsers provide more features, stability and security. Whether you use Internet Explorer, Firefox, Safari, Chrome or something else, stay safe online by using the latest version available.
The latest versions of web browsers have security features that can identify and block harmful and fake websites and pop-ups, and warn you if a site is flagged as unsafe. Some browsers also have a 'Private Browsing' feature, which conceals your browsing history from others.
Firewalls
A firewall protects your computer and home network from harmful websites and hackers. It sits between your computer and the Internet, scanning information that is being transmitted. It allows for safe browsing, while blocking unauthorized intrusions. Even though you may think you have no information of value on your PC, firewalls also stop your computer from being used by hackers to send malicious software to other computers.
Most computers now come with a firewall as part of the standard operating system. However, you can get the maximum protection for your computer by installing additional firewalls and ensuring they are kept up-to-date.
Protecting Your Smartphone
Browsing the web has never been easier – it's all at your fingertips. Smartphones let you surf, shop or bank wherever you are. Make sure your information stays secure while you're on the move by following these smartphone-safe browsing tips:
- Activate your phone's password feature, which locks the screen and prevents anyone but you from accessing your phone. Set up the password feature on your phone with a code that only you know.
- Don't connect to unknown networks through Wi-Fi hotspots to make financial transactions.
- Beware of smishing – that's phishing on phones through text messages. Never download media or images, or click on text-message links that come from unrecognizable people or phone numbers. Never provide personal details or any account details using any form of electronic messaging because this is not a secure form of communication. If you are unsure, please contact us.
- Download apps exclusively from the official source for your smartphone's platform, such as the Android, Apple or BlackBerry stores.
- Install anti-virus software for your smartphone when available and update it frequently.
- Install location finding applications, which work with your phone's built-in GPS. These applications allow you to locate and/or remotely erase (or "wipe") data in your phone if it is lost or stolen.
- Update your smartphone's operating system as soon as newer versions are available.
When visiting a branch, you can feel confident that your money is safe and secure, with the premises adorned by vaults, locked doors, security and surveillance. We are keeping you just as safe when you bank online but once your information reaches your computer, you have a responsibility to protect it.
Personal Access Codes (PAC)
Online credentials can be numerous as they are needed for email accounts, social networking sites, online newspapers and shopping websites. That's a lot of usernames and passwords – and it can be tempting to use the same combination for everything. But this makes it far too easy for hackers because once they have one password, they can access all your sites. Login credentials are the keys to your accounts so don't leave those keys around for anyone to find. For online banking, the key is your Personal Access Code (PAC). We recommend you:- Choose a PAC that is easy for you to remember but difficult for others to guess. Avoid using current phone numbers, dates of birth, or social insurance numbers.
- Be smart and don't save a list of your credentials on your PC. If you have to write them down, keep these details locked away somewhere only you can access or consider using password-management software, which secures and encrypts usernames and passwords and allows you to use a single master password.
- Do not share your PAC with anyone, especially online. Employees of our financial institution will never call, email, write or ask you to provide your online banking credentials. Ever.
- Don't authorize browsers to memorize your credentials. Saving these on your computer allows anyone using your PC to gain access to your login-protected sites.
- Consider changing your PAC every 90 days for optimum security.
Personal Details
When you move, it is important to notify us of your change of address. If your mailing information isn't up-to-date, statements or letters that contain personal information will continue to be sent to your former address.
e-Statements
You may prefer to eliminate paper statements altogether, avoiding any possibility of mail theft. Eliminate paper documents, go electronic and be secure while doing it. Our e-Statements are a digital archive of your monthly banking activity than can be downloaded as a PDF from our secure online banking site.
Logging In and Out
When you are finished with your banking session, always log out by clicking the "Log Out" button, as opposed to simply closing the browser window. To help protect your information, your online banking session will end automatically if there has been no activity for 20 minutes or if your visit lasts longer than 60 minutes. If your session has timed out, no further transactions can be made until you log in again. This time-out feature helps protect your accounts from unauthorized access if your PC is left unattended or if you have forgotten to log out.
Clearing Cookies and Cache
When you spend time on the Internet, your browser stores information, such as the websites you visit, the images and files you view, and your personal information, including passwords and login details. This data is held on your computer's hard drive and is known as 'cache.' Even though you may have logged out and closed your browser, this information may remain accessible. You can protect your data by clearing your browsing history regularly. This can be done in a few easy steps:
Internet Explorer Users
Click on the 'Tools' tab (or use the 'Ctrl-Shift-Delete' shortcut)
- Select 'Delete Browsing History'
- Choose the options you wish to erase and click 'Delete'
Firefox Users
Click on the 'History' tab (or use the 'Ctrl-Shift-Delete' shortcut)
- Select 'Show All History' and/or
- Choose the time frame you wish to erase and click 'Delete'
Safari Users
Click on the 'History' tab
- Select 'Show all History'
- Choose the period you wish to erase and click 'Clear History'
Chrome Users
Delete all your data:
- In the top-right corner of Chrome, click the Chrome menu.
- Select More tools > Clear browsing data.
- In the dialog that appears, select the checkboxes for the types of information that you want to remove.
- Use the menu at the top to select the amount of data that you want to delete. Select beginning of time to delete everything.
- Click Clear browsing data.
Delete specific items from your browsing data:
Instead of deleting entire categories of your browsing data, you can pick specific items to delete.
Private Browsing
Some web browsers have a feature that allows you to browse the Internet without the browser storing information, such as the sites you visit, the images you see and videos you watch. This feature is sometimes used by people who share the same computer. Private browsing is a temporary option and must be selected in order for it to be activated. Private browsing, however, does not give you immunity to spyware or make you anonymous. It is still possible for your Internet service provider, employer or the websites you visit to track your online activity.
Monitoring Your Accounts
Frequently reviewing your paper and/or electronic account statements and/or registering for our transaction alert system ensures that you spot any incorrect or fraudulent transactions as soon as they occur. If your card has been skimmed (when the card's magnetic stripe and PIN are fraudulently copied by embedded devices at ATMs or point-of-sale devices) or unauthorized transactions have been made, you will want to catch this as soon as possible. Every time you receive an account statement, verify you made all the transactions or let us notify you whenever there has been movement in your accounts (with the transaction alert system).
Transaction Alert System
With this feature, you select what types of account activity you want to be notified about, and we'll alert you through text message or email. These alerts allow you to monitor your accounts effortlessly and detect suspicious activity immediately.
While our alert messages provide balances and account activity, they will never ask for, or contain, your personal details, account numbers, login credentials or any other type of confidential information. Also, our notifications will never include any links or instructions to click or download anything.
epost ™
Receive, manage and pay your bills through Canada Post's free online service. To sign up, create an account and scroll through the list of partners to find which bills you can receive with epost. More than 100 organizations are supported as "Mailers," including telecommunications and credit card companies and government agencies. You can also store your bills and statements securely on epost for up to seven years.
Our online banking system is safeguarded with the best security available in a commercial environment, ensuring that your information is protected while data is transmitted between your computer and our banking server.
Encryption
Internet encryption protects your information while it is in transit between your computer and our systems. Encryption ensures that data cannot be read or altered because the information is scrambled. Our online banking website uses a 128-bit SSL, encrypting both request and response transactions, through a secure connection. To establish a secure connection, verify that the prefix of our website address in your browser reads 'https' (and not simply 'http').
Controlled Access to Your Accounts
Your accounts can only be accessed by providing the correct login credentials and Personal Access Code (PAC), which only you know. Our employees never know these details and will never ask you to provide them with this information.
Enhanced Security Login Process
The first time you log in to your online banking account, you will be asked to choose from a list of security questions and answers. Be sure to pick questions with answers that are not easy to guess. Use ones that only you know. You can register your home or personal computer so that you will not have to answer a security question every time you log in. However, when you log in to your account from another machine, we will ask one of the security questions to confirm your identity.
For security reasons, we track the number of login attempts used to access your online banking. After a number of incorrect attempts to provide the correct PAC or answers to security questions, your online access will be immediately disabled. To regain access, please call our customer service representatives.
Online Banking - Challenge Question Change
As part of an initiative to improve member/customer experience and improve your online security, gfcu has upgraded to MemberDirect Adaptive Authentication. This change empowers the Risk Engine to determine when to ask your members/customers their challenge questions, versus the former method which simply asked every single time.Counter-intuitively, reducing how frequently we challenge members/customers actually improves security. Malicious actors trying to login to someone’s account will need the challenge question answers, thus most malware work by removing the cookie used in the “always ask” approach, and then simply record your challenge answers as you answer them. By moving to a smarter decision process on when to challenge, it will be harder for malicious actors to trigger a challenge event and thus harder for them to capture the answers.