Protect Your Desktop Device

• Install and use a quality antivirus program and update the program regularly
• Install and use a quality antispyware program and ensure it is updated regularly
• Install and use a quality firewall program and ensure it is updated regularly
• Never leave your computer unattended while using online banking – you should log off and close the browser prior to leaving your station
• Install patches and updates to your operating system and applications as they become available from the manufacturers
• Avoid use a public computer to conduct financial transactions as this substantially increases your risk of account compromise
• Always log out of an online transaction session and close the browser
• Clear the cache of your browser (this will help ensure that no one else can view any confidential information you may have entered)
• Change your password for any secure site, including your online banking password, on a regular basis
• Disable automatic password save features in your internet browser and software which is used to access your internet service provider
• Make sure that you regularly check your Envision Financial account and report any suspicious transactions to your branch immediately

Protect Your Mobile Device

• When purchasing a Smartphone, know the features of the device, including the default settings. Turn off features you aren't using to minimize risk.
• Depending on the type of phone, the operating system may have encryption available. This can be used to protect your personal data in the case of loss or theft.
• With the growth of the application market for mobile devices, you should look at the reviews of the developer/company who published the application.
• Review and understand the permissions you are giving when you download applications.
• Passcode protect your mobile device. This is the first layer of physical security to protect the contents of the device. It's also a good idea to enable the screen lock feature after a few minutes of inactivity.
• Obtain malware protection for your mobile device. Look for applications that specialize in antivirus or file integrity that helps protect your device from rogue applications and malware.
• Be aware of applications that enable Geo-location. The application will track your location anywhere. This application can be used for marketing, but can also be used by malicious actors raising concerns of assisting a possible stalker and/or burglaries.
• It's not a good idea to "jailbreak" your phone to remove certain restrictions imposed by the device manufacturer or cell phone carrier. Doing this can increase your risk of exposing personal information to fraudsters.
• Avoid allowing your device to connect to unknown wireless networks. These networks could be rogue access points that capture information passed between your device and a legitimate server.
• If you decide to sell your device or trade it in, make sure you wipe the device (reset it to factory default) to avoid leaving personal data on the device.
• Smartphones require updates to run applications and firmware. If you neglect running these updates, you increase your risk of having your device hacked or compromised.
• Avoid clicking on or otherwise downloading software or links from unknown sources.
• Use the same precautions on your mobile phone as you would on your computer when using the Internet.

   

• Lock and secure your cheques; never leave them in a vehicle or area where they can be easily obtained.
• Frequently check the number order of your cheque book; thieves may steal cheques from the middle or back of your cheque book in an attempt to conceal the theft.
• When writing cheques use non-erasable ink and don’t leave blank spaces.
• Don’t leave the payee blank and avoid making a cheque payable to “cash.”
• Frequently check your account and report any discrepancies immediately.
• If you suspect your cheques may be lost or stolen contact us immediately.

It is important that you protect the confidentiality of your passwords, namely your Personal Identification Number (PIN) and/or your Personal Access Code (PAC). Think of your PIN and your PAC as "keys". Instead of unlocking the door to your house or car, they serve to unlock the gateway to your financial and personal information.Here are some helpful tips to keep these two "keys" safe:

• Keep your debit card in a safe place and don't lend it to anyone, including friends and family.
• Memorize your PIN and/or your PAC — it's your electronic signature. If you disclose your PIN and/or your PAC to someone else, you could be held liable for losses.
• If your MEMBER CARD® debit card is lost, stolen or retained by an ATM, notify your financial institution immediately upon becoming aware of the problem.
• When selecting your PIN and/or your PAC, don't pick the obvious. Your name, your children's names, address, telephone number, social insurance number or date of birth are all easy to find out. Choose something more complicated. If you don't, you could be held liable for losses.
• Don't let your debit card out of sight when you're conducting a transaction and don't let it be "swiped" twice. As soon as the transaction is complete, remember to take your card and the transaction record with you.
• Don't use ATM or Point-of-Sale machines where you don't feel secure. If anyone tries to distract you, retrieve your card and leave.
• If you have signed in to Internet banking, don't leave your computer unattended. Instead, Sign Out and then Sign In again when you are ready to stay at your computer until your banking transactions are complete.
• When you're making a transaction, or if you are using a publicly viewed computer terminal to access Internet banking, use your hand or your body to prevent people from looking over your shoulder while you type in your PIN or PAC.
• Regularly check your statements and balances to verify all transactions have been properly documented. If entries do not match your records, contact us right away.
• Change your PAC and your PIN regularly.

Stay on top of your account activity with free mobile/email alerts. For more information on the type of alerts available and how to set up, click on the 'Set up Account Alerts' tab.

When sending an Interac e-Transfer, you have a role in protecting yourself against fraud by ensuring the recipient’s contact details are correct and up-to-date, and that you’ve chosen a security question that’s hard to guess. 

What is an intercepted Interac e-Transfer?

Interac e-Transfer is a popular method for sending money given its convenience and efficiency. All you need is access to online or mobile banking and the email address or mobile phone number of the recipient, and you can send money instantly to anyone in Canada.

While Interac e-Transfer uses a number of security measures, including encryption technology and secure login processes, money can still fall into the wrong hands in one of two ways:

• If the recipient’s contact details are incorrect, the Interac e-Transfer can be mistakenly directed towards another person.
• If the recipient’s email has been compromised, criminals can monitor the account for notifications from Interac. When they see one come through, they can use the deposit link to redirect the funds into a different account, if they can correctly answer the security question.

When sending an Interac e-Transfer, you have a role in protecting yourself against fraud by ensuring the recipient’s contact details are correct and up-to-date, and that you’ve chosen a security question that’s hard to guess.

If you are a member of First West Credit Union and you suspect you’ve been a victim of Interac e-Transfer fraud, please contact us right away. 

How to protect yourself from Interac e-Transfer interception

Protect yourself when sending an Interac e-Transfer by following these best practices:

• Ensure the recipient’s contact details are correct and up-to-date.
• Use a security question with a hard-to-guess answer. Don’t overestimate the security of the internet and email. The security question is there as a safeguard against the wrong person getting their hands on the Interac e-Transfer.
• Never send the answer to the security question via the same means as the Interac e-Transfer itself. For example, if the transfer is sent via email, do not email the answer. Instead, provide it to the recipient via a telephone call or text message.
• Consider setting up Autodeposit, which eliminates the need to manually deposit the funds and eliminates the opportunity for fraudsters to scoop the Interac e-Transfer. Encourage your frequent Interac e-Transfer recipients to also set-up the service.

Protect your email from being compromised with these tips:

• Change your email passwords frequently. Ensure they are unique, complex and use a combination of uppercase and lowercase letters, numbers and special characters.
• Maximize the security of your email accounts with strong challenge questions and two-factor authentication (when available). If these features are not available seek out a service provider that offers them.
• Be careful when clicking links that are not familiar or trusted. Phishing links are a popular way for email accounts to be compromised.

 

Do not give out personal information or account numbers to anyone until you have confirmed the identity of the person asking for it.  It is also a good idea to shred all documents containing your personal information.

What You Need to Know

Some examples of personal information which can be used by an identity thief to impersonate you are:

• Social Insurance Number
• Driver’s License Number
• Health Care Card Number
• Debit Card
• Credit Card Numbers
• PIN (personal identification number)
• Address
• Birth Certificates

Identity thieves gain your personal information by:

• Stealing wallets and purses containing your identification, credit cards and debit cards
• Stealing your mail, including you debit and credit card statements, preapproved credit offers, telephone calling cards and tax information
• Completing a change of address form to divert your mail
• Rummaging through your garbage or the garbage of business for personal information
• “Shoulder surfing” at ATMs to obtain PIN numbers
• Breaking and entering into your home
• Looking at personal information from personnel or customer files in the workplace

Identity thieves use your personal information to:

• Call your credit card issuer and, pretending to be you, ask to increase your card limit and change the mailing address on your credit card account.  The thief then runs up charges on your account.  As the bills are being sent to another address, it may take some time before you know there’s a problem.
• Open a new credit card account using your name, date of birth and SIN number.  When they use the credit card and don’t pay the bills, the delinquent account is reported on your credit report.
• Establish phone or internet service in your name.
• Open a bank account in your name and write off bad cheques on that account.
• Use counterfeit cheques or debit cards to drain your account.
• Obtain credit in your name (e.g. car loans, credit cards, mortgage).

How You Can Protect Yourself
​

• Place passwords on your credit card, bank and phone accounts. Further protect yourself, by not using easily available information like your mother’s maiden name, your birth date, the last four digits of your SIN or your phone number or a series of consecutive numbers.
• Secure personal information in your home, especially if you have roommates, employ outside help or are having service work done in your home.
• Never attach or write your PIN number or SIN on anything you are going to discard, such as transaction records or scraps of paper, or on the card itself.
• Ask about information security procedures in your workplace.  Find out who has access to your personal information and certify records are kept in a secure location.  Ask about disposal procedures for those records as well.
• Deposit outgoing mail in post office collection boxes or at your local post office rather than in an unsecured mailbox.  Promptly remove mail from your mailbox.  If you’re planning to be away from home and can’t pick up your mail, the postal service will hold your mail from your mailbox until you can pick it up or at home to receive it.
• Shred any important personal and financial paperwork when it is no longer required. Unless properly shredded, criminals could learn your name, address and other details by going through your household recycling and garbage and use this information to apply for credit, goods or services in your name.
• Check your statements—Most financial crime goes undetected for long periods, because victims are simply unaware that it has occurred. By carefully checking your banking, credit card and any other financial statements on a regular basis (at least monthly) you improve the chances of having the fraudulent transactions resolved more quickly.
• Find out how your information will be used and secured and whether it will be shared with others.  Ask if you have a choice about the use of your information. Can you choose to keep it confidential? Envision Financial will not ask you for your PIN number or other passwords during an authentication process.
• Don’t carry your SIN card; leave it in a secure place.
• Give your SIN only when absolutely necessary.  Ask to use other types of identifiers when possible.
• Carry only the identification information and credit and debit cards that you’ll actually need. Cancel cards you don’t use.
• Protect your computer with a good firewall and anti-virus software.   Take advantage of technologies that enhance security and privacy when using the internet, such as digital signatures, data encryption, and different ways of making the information anonymous.
• Avoid posting personal information on publicly accessible websites and online bulletin boards.
• Use strong passwords and avoid words that are easy to guess.  Don’t use the same password for different sites and don’t store your password on your computer.
• Shop on secure websites.  Do not enter any financial information, including your credit card number, if you see a broken key or open padlock on your website browser.
• Pay attention to your billing cycles.  Follow up with creditors if your bills don’t arrive on time.  A missing credit card bill could mean an identity thief has taken over your account and changed your billing address to cover his tracks.
• Be wary of promotional scams. Identity thieves may use phony offers to get you to give them your personal information.
• Keep your purse of wallet in a safe place at work.
  
  

How to Report Identity Fraud

​If you suspect that you are a victim of identity theft, you should:

• Contact us immediately.
• Call the police and file a report.  Ask for a copy of the police report and the police file number.
• Obtain a copy of your Credit Bureau report.  If you see credit inquiries on your report that you didn’t authorize, have a fraud alert placed on your credit bureau report. You can do this by contacting Equifax Canada at 1-800-465-7166, Trans Union of Canada at 1-800-663-9980 or Experian at 1-888-397-3742.
• Contact each credit grantor who has allowed a fraudulent account and tell them you did not open that account.  Have them close these accounts.
• Change your PIN (debit and credit card access) and your PAC (online and telephone access) immediately.  If you open new accounts, make sure you put a new password on these accounts.
• Contact Canada Post if someone is diverting your mail.
• Document all the contacts you make along with dates, names and phone numbers.
• Review all recent transactions on your accounts to ensure there hasn’t been a request for a change of address or a change of PIN number.

Phishing, Vishing and Smishing

Phishing, vishing and smishing are all scams that involve fraudsters who use email (phishing), telephone calls (vishing) or text messages (smishing) to obtain personal information such as bank account information, credit card numbers and social insurance numbers from unsuspecting victims.

While an internet fraudster can easily obtain and share your email address on the internet, it is unlikely he or she will have a lot of additional information about you. To obtain additional information a fraudster may use an official looking, but fake email known as a phishing email.

Phishing emails usually include links to websites that appear to direct you to a legitimate company. However, these links go to fraudulent websites and any information you submit via the website is gathered by a fraudster. Fraudsters often target companies with a large customer/member base and send thousands of phishing emails to reach as many potential victims as possible.

Envision Financial has clear guidelines about the information they will request via phone or email. If you have any concerns about a request, please contact us immediately.

Trojan Horses

Fraudsters have successfully found a way to extract banking information from computers by using virus programs known as Trojan horse. A Trojan horse lies dormant on your computer, monitors your activity and then activates if you visit a targeted website, such as an online retailer or a financial institution. The program can then record keystrokes, such as usernames and passwords, and other information stored on your computer and sends them to the creator of the Trojan horse.

A Trojan horse may also allow hackers remote access to your system. Operations which can then be conducted by the hacker include:

• Use of the machine as part of a botnet (performing automated spamming or distributing denial of service attacks)
• Data theft (e.g. retrieving passwords or credit card information)
• Installation of software, including third-party malware
•  Downloading or uploading of files on the user's computer
•  Modification or deletion of files
• Keystroke logging
• Watching the user's screen
• Crashing the computer

How to Protect Yourself

• Never disclose your passwords (including your PIN and personal access code (PAC)) to anyone
• Do not set your email program to “auto-run” attachments –always check that run your antivirus software when an email attachment is received
• If you are unsure of the authenticity of an email, delete it and call your branch
• Do not choose the “save password on this computer” option
• Never click on an email that you suspect may be fake
• Before entering confidential or financial information online, check for the lock icon on your browser, which means that your data is encrypted and cannot be read
  
  

​Additional Resources

There are numerous websites with useful security information and tips. Whether you are looking for general security advice or free security tools (antivirus, firewall, malware removal, browser security, encryption, vulnerability scanner, just to name a few) these listed sites are great security resources:

• Free Security Software/Tools
  • Tech Support Alert
• Security Tips
  • US-CERT Tips
  • Interac – Fraud Prevention Tips
• Security Information
  • Get Safe Online
  • Stay Safe Online

Don't be a victim of cheque fraud—if someone sends you a cheque, asks you to deposit the money in your account, then requests you forward most of the funds by wire transfer or money order elsewhere, be alert.

How This Scam Works

• A job posting for an Internet collection agent, a funds forwarding agent or similar position
• A lottery or sweepstakes notification requiring you to pay a fee before collecting your prize
• An inheritance notification regarding a recently deceased distant relative you didn’t know you had
• An arrangement where you’re asked to transfer funds to your account for “safekeeping” and promised a portion of the money in return for your services
• A situation where you’re overpaid for something you’re selling and are asked to return the excess funds.

Although there are many variations to these scams, they almost always have one thing in common: they seem too good to be true—and are!

Wondering how it works? The cheque sent to you isn’t usually drawn on an account in the name of the person or company with which you’ve been dealing. Instead, these cheques are usually counterfeit or stolen or altered. Sometimes other fraudulent payment items such as traveler’s cheques or money orders are used. Weeks or even months later you discover that it was fraudulent and the cheque is returned to you unpaid and the full amount is deducted from your account. Unfortunately, when this cheque or other form of payment is returned unpaid, you are responsible for any related loss. 

The bottom line? Use your best judgment before accepting payments and depositing cheques in your account.

Debit card fraud occurs when your MEMBER CARD® debit card is lost, stolen or counterfeited and used to obtain funds from your account without your authorization. 

What is your responsibility?

It is your responsibility as an Envision Financial MEMBER CARD® holder and/or electronic banking user to protect your passwords in order to protect yourself from this type of fraud.

What is card skimming?

Card skimming involves the unauthorized copying of electronic data from your debit or other cards. Hidden equipment typically obtains your PIN (i.e. cameras or false/altered PIN pads). The stolen data is then encoded onto a counterfeit card, which is used to withdraw funds without your knowledge.

How it happens

• At ATM machines, a card reader is placed on either the ATM itself, typically over top of the legitimate card reader, or on the entrance door to the ATM if there is a card reader device on the door for access. Hidden cameras are strategically placed to capture you entering your PIN.
• At debit card (point-of-sale or POS) terminals, the merchant may swipe your card in the legitimate POS terminal and then swipe your card a second time in a card reader device designed to capture the electronic data on your card. Either a camera or a “shoulder surfer” captures you entering your PIN.
• At a POS terminal, the electrical components inside the PIN pad may be altered to capture data from your debit card and capture your PIN as it is entered. In these cases, it is virtually impossible to detect the altered PIN pad as most of the alterations are done to the electrical components inside the PIN pad.
• The magnetic stripe on your debit card does not contain your account information or your PIN. Therefore, a counterfeit card is useless without your PIN.
  ​

Protect Yourself

• Keep your debit card in a safe place and do not lend it to anyone, including friends and family.
• Memorize your PIN — it's your electronic signature. If you disclose your PIN to someone else, you could be held liable for losses. If you suspect someone knows your PIN, change it immediately.
• Change your PIN regularly.
• Use your hand or body as a shield when entering your PIN on an ATM or debit card (POS) machine to prevent “shoulder surfing” while you type it in.
• Check your statements regularly to verify proper documentation of all transactions. Contact us immediately if you discover any inaccuracies (e.g. missing or additional transactions).
• Call us at 1-888-597-6083 immediately upon becoming aware that your MEMBER CARD® debit card is lost, stolen or retained by an ATM.
• Have your branch set your account up so that you don't have instant access to money deposited into your account using an ATM. That way, perpetrators won't be able to quickly access large sums of funds through your account before you are even aware that your card, or card information, has been stolen.

​Whether you've got a large business or a smaller one, it’s important to consider how fraud can affect your business. The following information can help you begin the process of putting systems in place that will save you time and money.

 

Know and protect your account

Protecting your business account information is a key measure in minimizing the risk of fraud against your business.

• It’s important to be familiar with the terms and conditions of your account agreement with us – that way, you’ll know what you are responsible for as a business account holder.
• Protect your passwords so that the integrity of your financial information is secure, and risk of fraud can be minimized.
• Take the precaution of protecting your computer(s) with a firewall and the latest anti-virus and anti-malware software.
• Review your account activity regularly so that you can see whether there are transactions going through your account that you haven’t authorized.
• Secure your computer files through encryption and ensure your computer is password protected.
• Put a process in place for authorizing transactions if you don’t personally have capacity to authorize each transaction. As a best practice, separate the duties, so that one employee prepares the transaction (e.g. writes the cheque), while another employee authorizes it (e.g. signs the cheque). Or, simply require two signatures for each transaction. This type of dual authorization will minimize risk of fraud.
• Protect your account information including the information you have gathered about your customers.
  
  

Employee Management

According to research, typical organizations lose nearly 5 percent of their gross revenues to fraud each year, through employee theft of inventory, assets, cash, or company documents. Protection from employee fraud will minimize your losses.

• Anti-fraud controls, including cameras, have an impact on reducing losses due to internal fraud. Ensure you tell your employees and customers that you have these cameras on the premises.
• Screen your job applicants, by calling their references and doing background checks. This way, you’ll know you’re hiring employees you can trust.
• Ensure your company policies are clear and well-communicated so that employees understand how they are to conduct themselves in the workplace.
• Require dual custody (two people) for sensitive documents and items like account transactions, business name stamp, cheques, etc.
• Ensure your employees take their vacations. This may seem odd, but you’d be surprised at how many employee fraud instances have been uncovered simply because the employee committing fraud was unable to maintain the fraud while on vacation.
  
  

Reduce the Risk of Bookkeeper Fraud

Protect your business from being a victim of bookkeeper fraud with these added tips.

• Access your bank, credit card, and loan statements online and discontinue using paper statements. Or, have paper statements mailed to your home.
• Review your bank, credit card, and loan statements thoroughly for suspicious transactions before you provide them to your bookkeeper. Pay close attention to the front and back of your cheques for forgeries and also review your deposit slips, especially for any unauthorized "less cash" amounts.
• Consider taking a course in bookkeeping yourself so that you understand the general process. This will help you spot any fraudulent activity more easily.
• Understand your bookkeeper's accounting system and the various reports that it generates. Regularly review reports such as bank reconciliations, financial statements, payroll reports, and aging reports for suspicious transactions.
• Consider making your own bank deposits.
• Open all mail yourself.
• Avoid giving signing authority to your bookkeeper.
• Personally sign all prepared cheques, and never sign blank cheques.
• If you're bookkeeper resigns or is terminated, change the accounting system, banking, and other applicable passwords immediately.
• Have a Certified Fraud Examiner with a solid accounting background perform a periodic review of your accounting records.
• Avoid providing one bookkeeper with access to both your business and personal financial information. For this reason, it is better to use two part-time bookkeepers than one full-time bookkeeper.
  
  

Protect Your Business Premises

• Keep all your sensitive documents and business valuables in a secure, locked place where only you or those employees with dual custody can access them.
• Keep a close eye on your Point-Of-Sale (payment) terminals, and ensure they are secured, so that thieves can’t tamper with them to record card information.
• Check your inventory regularly so that you can detect losses right away.
  
  

1. Log in to online banking.
2. Select 'Profile & Settings' from the menu.
3. Then select 'Change 2-Step Verification Information'.
4. Enter your mobile phone number or email and we'll send you a verification code.
5. Then enter that same verification code at the prompt. 

That's it! You can also check out this quick video for a step-by-step guide.

If you've entered an incorrect one-time verification code too many times, and are locked out, our Member Advice Centre team can help you out.

You can easily update where your two-step verification code is sent to, either email address or mobile phone number, following the steps below. Or check out this quick video for a step-by-step guide.

1. Log in to online banking.
2. Select 'Profile & Settings' from the menu.
3. Then select 'Change 2-Step Verification Information' - You will be prompted to log in to online banking again at this step.
4. When you log in, you can then update your contact information.
5. Just click on the pencil icon to edit or delete, or the plus symbol to add. It's that simple!