By taking the proper steps to protect yourself, you can prevent most fraudsters from accessing your personal information and your accounts. We highly recommend that you follow these security practices when selecting a Personal Access Code (PAC):

• Do not use sequential numbers (e.g. 12345, 54321)
• Do not use duplicate numbers (e.g. 11223344)
• Do not use personal information/known numbers, such as your birth date, address, phone number, social insurance number, debit card, accounts, etc.)
• Do not share your PAC with anyone, especially online – not even to the police, Kawartha Credit Union employees or your Internet service provider.
• Do not write down your PAC or store it in a file on your computer.
• Never disclose your PAC in a voicemail or email, or over the phone - especially a cell phone.
• Do not permit anyone to observe you entering your PAC. Use your hands or your body to shield your password when entering them in a public place.
• Don’t use a PAC you use for any other service/account.
• Change your PAC every month.

Important: fraudsters may contact you posing as a Kawartha Credit Union (or other financial institution) employee. They will try to get you to tell them your personal information and your password. When in doubt, tell them you will call them back. Please remember that Kawartha Credit Union will never ask you for your online banking credentials. To verify your identity, we will ask you a series of security questions.

We have provided a secure channel for our members to communicate with us. Once the information has reached your computer, it is your responsibility to protect it.

To protect your information, you should:

• Never leave your computer unattended while using our online banking services.
• Always exit the site using the Logout button and close your browser if you step away from your computer. Your browser may retain information you entered in the login screen and elsewhere until you exit the browser.
• Prevent the browser from caching (storing) the pages that you view by using the Enhanced Security feature located on the login screen. We strongly recommend that you use this feature if you are accessing the online banking section of the website from a shared computer, such as at a friend's house or through a publicly-accessible computer, such as at a library or airport.
• Secure or erase files stored on your computer by your browser so others cannot read them. Most browsers store information in non-protected (unencrypted) files in the browser's cache to improve performance. These files remain there until erased. They can be erased using standard computer utilities or by using your browser feature to ‘empty’ the cache.
• Disable automatic password-save features in the browsers and software you use to access the Internet.
• Install and use a quality anti-virus program. As new viruses are created each and every day, be sure to update your anti-virus program often. It is recommended you update anti-virus definitions weekly. Scan all download files, programs, disks and attachments and only accept files and programs from a trusted source.
• Install and use a personal firewall on your computer to ensure others cannot access your computer through the Internet.
• Install new security patches as soon as your operating system and Internet browser manufacturers make them available.
• Install an anti-spyware program and check your computer regularly.

You should be extra vigilant when using publicly available computers. Even if you use the tips above to protect your information, you need to bear in mind that even benign programs, like popular desktop search programs, can pose a security risk. Certain programs, such as Google Desktop, remember items that you have viewed so you - or potentially an unwelcome third party - can easily search and find those pages later again.

If you come across a program like this when you are using a public computer, using the Enhanced Security feature located on the login screen will not stop these types of programs from caching the pages you view. You can adjust the search program preferences so it does not store secure pages you wish to view. If you forgot to adjust the preferences before banking online, you can remove the stored items via the Google Desktop results page by clicking on the Remove items link.

To ensure a safe and secure Internet session, only visit reputable sites. If you visit any questionable web site beforehand, we recommend you close your browser and restart it before proceeding to use our online banking services.

Just as you need to protect your wallet, you also need to protect your mobile phone from being compromised. Here are some important steps you should take to protect your phone:

Apps and your security

• Only download Kawartha’s Android or iPhone app from Google Play or Apple App stores, and use them only on your Android or iPhone device. Kawartha does not support, or vouch for the security or functionality of apps downloaded from any other sources. It is important to know that you would be liable for any losses you experience, using devices or apps not authorized by Kawartha.
• Mobile web can be used on any smartphone. Bookmark kawarthacu.com/m to be sure you are using Kawartha’s mobile web.
• Use a secure connection. Only use secure wi-fi when accessing your Kawartha accounts. For other apps be careful of using public wi-fi sites. Type the website address into the url bar and look for web addresses with https:// which means the site takes extra measures to help secure your information.
• Use your mobile phone security features. Features such as setting a password make your phone less vulnerable if it’s lost or stolen.
• Do not accept or download any applications from unknown sources.
• Think twice before downloading an app. Before you download apps on your devices, review the privacy policy and understand what data an app can access.
• Guard your personal information. Protect your phone just as you would your computer. Secure your mobile device by using a strong passcode and be cautious about the sites you visit and the information you release.

What to do if your mobile phone is lost or stolen

• Deactivate your phone with your mobile carrier.
• Disable the “QuickView” feature on your phone. Log in to online banking, go to Account Services, click on Mobile Banking App and remove the lost or stolen registered device.
• Change your PAC and Personal Access Questions. Log in to online banking, go to Profile and Preferences and select Change Personal Access Code, change your PAC then go to Change Personal Access Questions and follow the directions.

Good practice for your mobile phone

• When in doubt, don’t respond. Fraudulent texting (aka smishing or phishing on phones through texts), calling and voicemails are on the rise. Just like email, requests for personal information or a call for immediate action are almost always a scam.
• Install operating system upgrades provided by your wireless carrier.
• Exercise caution when opening MMS (picture messaging) attachments. They may be carrying malware. Don’t open an MMS attachment unless you know what it is, or it is something you are expecting to receive.
• Stay current. Keep pace with new ways to stay safe online. Check trusted websites for the latest information, and share with friends, family and colleagues.
• Protect against viruses and online hazards. Find out what software your phone provider offers to protect your phone.
• Keep your Bluetooth connection switched off unless you want to share information with others.
  

Electronic identity theft can occur when you respond to a fraudulent email or mobile text message that asks for your personal banking information. Armed with this information, a person may be able to access your accounts or establish credit, pay for items or borrow money using your name. You can help protect yourself from electronic identity theft by following some simple precautions.

Safety precautions for online banking

• The easiest way to tell if an email is fraudulent is to bear in mind that we will never ask you for your personal passwords, personal information numbers or login information in an email. Legitimate financial institutions do not include links to their web sites in email communications to customers.
• When banking online, check the address of any pages that ask you to enter personal account information. In the toolbar at the top of the page any legitimate Internet banking web site will begin with ‘https’ to indicate that the page is secure.
• Look for the padlock found in the lower right corner of your screen. If the page is legitimate, by clicking on the padlock, you can view the security certificate details for the site. A fraudulent site will not have these details.
• Type in our web address yourself to ensure you are transacting with our server.
• Check your bank and credit card statements regularly to ensure that all transactions are legitimate.
• Never send a photo image of your cheque to another person through email, text message, or other online forum. 

Contact Kawartha Credit Union immediately if you suspect someone has gained knowledge of your PAC/PIN, or if you suspect any loss, theft or unauthorized use of your account.