Online Security

Staying safe on the Internet - We're in this together

Mobile banking makes managing your finances easy and convenient as well as accessible 24/7 from anywhere you can access the internet.  Your online security is our priority, we take your security seriously and make sure we have the latest security protocols in place and staff are well trained. We do our part, you need to do yours. There are measures you need to take to help protect yourself.  Below are some best practices you should follow, resources to help educate yourself on known internet scams and cyber security as well as resources for if you think your identity has been compromised.  

How we protect you

Security Guarantee

Our online banking system is safeguarded with the best security available in a commercial environment, ensuring that your information is protected while data is transmitted between your computer and our banking server.

Encryption

Internet browsing encryption protects your information while it is in transit between your computer and our systems. Encryption ensures that data cannot be read or altered because the information is scrambled. Our online banking website uses a 128-bit SSL, encrypting both request and response transactions, through a secure connection. To establish a secure connection, verify that the prefix of our website address in your browser reads 'https' (and not simply 'http'). All the browsers we support meet this requirement. If yours doesn't, please download the appropriate encryption support from your browser's supplier. See a list of supported boswers undre How You can Protect Yourself section. 

Controlled Access to Your Accounts

Your accounts can only be accessed by providing the correct login credentials and Personal Access Code (PAC), which only you know. Our employees never know these details and will never ask you to provide them with this information.

Enhanced Security Login Process

The first time you log in to your online banking account, you will be asked to update your Personal Access Code (PAC) and choose from a list of security questions and answers. Be sure to pick questions with answers that are not easy to guess. Use ones that only you know. You can register your home or personal computer so that you will not have to answer a security question every time you log in. However, when you log in to your account from another machine, we will ask one of the security questions to confirm your identity.

For security reasons, we track the number of login attempts used to access your online banking. After a number of incorrect attempts to provide the correct PAC or answers to security questions, your online access will be immediately disabled. To regain access, please call our customer service representatives.


Safe Browsing

Within our branches we protect your money with vaults, locked doors, security and surveillance. We are keeping you just as safe when you bank online but once your information reaches your computer, you have a responsibility to protect it.

Personal Access Code (PAC)

Online credentials can be numerous as they are needed for email accounts, social networking sites, online newspapers and shopping websites. That's a lot of usernames and passwords – and it can be tempting to use the same combination for everything. But this makes it far too easy for hackers because once they have one password, they can access all your sites. Login credentials are the keys to your accounts so don't leave those keys around for anyone to find.

For online banking, the key is your Personal Access Code (PAC). We recommend you:

  • Be smart and don't save a list of your credentials on your PC. If you have to write them down, keep these details locked away somewhere only you can access or consider using password-management software, which secures and encrypts usernames and passwords and allows you to use a single master password.
  • Do not share your PAC with anyone, especially online. Employees of our financial institution will never call, email, write or ask you to provide your online banking credentials. Ever.
  • Don't authorize browsers to memorize your credentials. Saving these on your computer allows anyone using your PC to gain access to your login-protected sites.
  • Consider changing your PAC every 90 days for optimum security.

Personal Details

When you move, it is your responsibility to notify us of your change of address. If your mailing information isn't up-to-date, statements or letters that contain personal information will continue to be sent to your former address.

e-Statements

You may prefer to eliminate paper statements altogether, avoiding any possibility of mail theft. Eliminate paper documents, go electronic and be secure while doing it. Our e-Statements are a digital archive of your monthly banking activity than can be downloaded as a PDF from our secure online banking site and they are kept for 7 years.

Logging In and Out

When you are finished with your banking session, always log out by clicking the "Log Out" button, as opposed to simply closing the browser window. To help protect your information, your online banking session will end automatically if there has been no activity for 20 minutes or if your visit lasts longer than 60 minutes. If your session has timed out, no further transactions can be made until you log in again. This time-out feature helps protect your accounts from unauthorized access if your PC is left unattended or if you have forgotten to log out.

Clearing Cookies and Cache

When you spend time on the Internet, your browser stores information, such as the websites you visit, the images and files you view, and your personal information, including passwords and login details. This data is held on your computer's hard drive and is known as 'cache.' Even though you may have logged out and closed your browser, this information may remain accessible. You can protect your data by clearing your browsing history regularly. This can be done in a few easy steps.

Private Browsing

Some web browsers have a feature that allows you to browse the Internet without the browser storing information, such as the sites you visit, the images you see and videos you watch. This feature is sometimes used by people who share the same computer. Private browsing is a temporary option and must be selected in order for it to be activated. Private browsing, however, does not give you immunity to spyware or make you anonymous. It is still possible for your Internet service provider, employer or the websites you visit to track your online activity.

Monitoring your Accounts

Frequently reviewing your paper and/or electronic account statements and/or registering for our banking alerts ensures that you spot any incorrect or fraudulent transactions as soon as they occur. If your card has been skimmed (when the card's magnetic stripe and PIN are fraudulently copied by embedded devices at ATMs or point-of-sale devices) or unauthorized transactions have been made, you will want to catch this as soon as possible. Every time you receive an account statement, verify you made all the transactions or let us notify you whenever there has been movement in your accounts (with banking alerts). You have 30 days to let us know of any issues. 

Banking Alerts

This is a FREE feature that Alers you of any unusual activity in your account. To find out more see our section on Alerts.

With this feature, you select what types of account activity you want to be notified about, and we'll alert you through text message or email. These alerts allow you to monitor your accounts effortlessly and detect suspicious activity immediately.

While our alert messages provide balances and account activity, they will never ask for, or contain, your personal details, account numbers, login credentials or any other type of confidential information. Also, our notifications will never include any links or instructions to click or download anything.

​epost ™

Receive, manage and pay your bills through Canada Post's free online service. To sign up, create an account and scroll through the list of partners to find which bills you can receive with epost. More than 100 organizations are supported as "Mailers," including telecommunications and credit card companies and government agencies. You can also store your bills and statements securely on epost for up to seven years.

​Lock’N’Block®

Manage your debit cards when you are travelling or when you suspect that your debit card is being used frauduletly with this quick and easy tool.

With Lock’N’Block® you can lock your debit card or block your debit card for ATM Transactions, purchases, and international transactions. 

Steps to follow:

  • Log into online banking. 
  • Click on Account Services.
  • Choose Lock’N’Block®. 
  • Select the debit card you want to lock or block by clicking the Edit button next to it. 
  • Now select the action you want to perform. You can choose to Block Debit Card, Block ATM transactions, Block purchases and refunds or Block international transactions. 
  • Click Save Changes

StrongPAC

Enhanced Security Login Process

The first time you log in to your online banking account, you will be asked to set up a StrongPAC (password) and 3 security questions, these are case sensitive.  Be sure to pick questions with answers that are not easy to guess, and only you would know. Do not share your login information with anyone.

Cyber criminals are finding new ways to gain access to your banking information all the time. When you create a strong Personal Access Code (PAC) or password, you make it more difficult for them. It is your responsibility not to share this information with anyone. Keep it in a secure place that is not easily accessible.

A StrongPAC should include:

  • Upper case letters
  • Lower case letters
  • Numbers
  • At least 8 characters log
  • May contain certain special characters

In addition, you can register your home or personal computer so that you will not have to answer a security question every time you log in. However, when you log in to your account from another machine, you will be asked one of the security questions to confirm your identity.

For security reasons, we track the number of login attempts used to access your online banking. After a number of incorrect attempts to provide the correct PAC or answers to security questions, your online access will be immediately disabled. To regain access, contact us to get reset.


Autodeposit

Sending and receiving e-transfers through Interac e-Transfer® is simple and convenient. Make it even safer by setting up Autodeposit. By adding this feature, you will never be prompted to enter a password when accepting an e-transfer. 

Follow these easy steps to add Autodeposit to your online banking account. 

  • Log into online banking. 
  • Click on Transfers. 
  • Choose Send Interac e-Transfers and then choose Autodeposit. 
  • Click the Add a new email address button.
  • Choose the email address you want to use and the account you want the money to be deposited in. Remember to check the 2 acknowledgement boxes. 
  • Click on Update.

Whenever you receive an  Interac e-Transfer® to that email address, the money will be deposited into the chosen account without you having to enter a password. 


Alerts

Be the first to know if there is any unauthorized activity on your account. Keep a close eye on your money by setting up ALERTS on your online banking.

You can receive notifications for the following ALERTS:

  • Personal Access Code (PAC) changed
  • Interac e-Transfer® recipient added
  • Online banking account locked out
  • Online login 
  • New payee added. 

Follow the easy steps to set up ALERTS on your phone.

  • Sign in to the Mobile App.
  • Swipe to the second page and click on the ALERTS button. 
  • Tap on the MANAGE tab. 
  • Tap on the specific Alert you want to set up. We recommend you set up ALL the Alerts
  • Choose whether you want to be notified by email or text.
  • Click SAVE
  • Click SAVE again to activate the Alert. 

Follow these steps for all the Alerts. 

Follow these steps to set up ALERTS on your computer.

  • Sign in to Online Banking on your computer. 
  • Click on Messages and Alerts
  • Click on Manage Alerts
  • Click on the Alert you want to acitvate.
  • Click on Add.
  • Choose whether you want to be notified by email or text
  • Click SAVE
  • Click SAVE again to activate the Alert. 

Follow these steps for all the Alerts. 

How you can protect yourself

Working together to be safer online

No organization or individual is immune to a cyber attack. The only way to prevent this is to be aware of what is going on around you. It starts with you at home, then at the workplace and extends throughout our communities. Watch these videos find out more. CCUA and the LCUC have partnered to bring you useful resources that will help you learn different types of cyber threats and safe browsing habits.

Practice the Four Cornerstones of Internet Safety and be SAFE online.

Protect yourself agains a personal cyber attack.

How to protect yourself

We take pride in insuring your information is safe and secure, our staff are well trained and our technology is always leading edge and up-to-date. However, you need to do your part too. Once our information leaves our secure site and you access it on your personal devices, it is then your responsibility to protect yourself.

There are many different names for electronic fraud:

  • Phishing – email fraud
  • Smishing – texting fraud
  • Vishing – fraud via phone call
  • Spoofing - try to obtain personal information
  • Scareware – malicious computer program 

Very funny names for a very serious issue, these are all considered Social Engineering fraud. Fraudsters use the anonymity and reach of mass electronic messages and fake websites to try to trick you into providing your personal information. In the hopes to commit identity theft or sell your information on the black market. You can protect yourself from these situations by knowing how to identify and avoid these scams. There are many types of fraud and scams out there, although we cannot list them all, below are suggestions on how you can do your part to keep your information safe.

Staying safe online

  • Verify you are using our legitimate secure website (it will have https: not http:) https://www.biggarcu.com/
  • Keep your Malware and Antivirus up–to-date
  • Report any concerns immediately
  • Monitor your account, you have 30 days to report any discrepancies or issues.
  • Sign up for Alerts
  • Sign up for Lock N Block and report lost or stolen cards immediately
  • Do not make online purchases from websites that are not secure https
  • Do not share your card or PIN number with anyone
  • Do not use the same username and password for your financial info as other websites
  • Do not access your Online Banking over unsecure Wifi
  • Do not give access to your computer to someone who has phoned you stating they can fix it.
  • If you’ve had an incident with your computer that is a red flag for you and you are not sure what to do, take your PC into a trusted technician.   

A common way for scammers to obtain your personal information is through electronic means such as email, texting and SMS messaging.  Usernames, passwords, banking information and credit card details are requested through electronic message or instant messaging. To simplify it, you get an electronic message appearing to be from a legitimate contact such as your financial institution, credit card provider or you receive an etransfer notification, but they are not legit. Typically you are asked to log in to your online banking to verify account information because of some urgent concern, need to verify or deposit funds. The fake electronic message instructs you to click on a link that takes you to a non-legitimate website, you'll be prompted to enter personal or banking information. Fraudsters are seek personal details, such as your address, social security number or mother's maiden name. The details obtained will then be used for identity theft.

Red flags to look for

1. Scare Tactics

  • CAPITAL LETTERS  
    • ATTENTION!,  PAST DUE!
  • Sender is trying to scare you into action, to clicking on a link eg: You did not pay a parking ticket, CRA is after you for money, your credit card company needs more information, your account is going to be closed.

These are all scare tactics. You need to Stop, Think, Rationalize; does it make sense?

  • Where were you to get a parking ticket and how did they know my email address.
  • Why would the credit card company be contacting me asking me for my information, don’t they have that on record?
  • CRA does not email notifications, they send it via mail
  • You would get an official letter if there was an issue with your account.
  • Legitimate businesses will not phone you to verify information, they have your information.

2. Verify the email address

Sometimes a fraudulent email will look like a legitimate email address but if you look closely it will be off slightly.

Eg: Real: info@biggarcu.ca vs Fake: info@B1ggarcu.ca

3. Attachments

Never click on an attachment if you were not expecting it or it is from an unknown source. The electronic message may have malware attached to the link or take you to a mod website that looks like a legitimate one.

4. Links and URLs

You can double check a link or URL in an electronic message by hovering over it with your mouse. You will get a popup that displays exactly where the link is going to take you. If this does not make sense, don’t click on it.

Never click on a link in an email to access your account if you were not expecting it or initiated it; iTunes, Banking, Credit Card, SGI, Facebook etc.

5. Grammar, Spelling & Structure

The structure of an electronic message can be a sign that it may be phishing electronic message. An electronic message with spelling mistakes, missing tenses, transposed words, or over generalities, should be a red flag. You will rarely send an electronic message without the inclusion of a name, company, or specific subject, especially in a business context. If you spot any of these grammatical or structural errors, don’t disregard them, they may be indicators of a phishing attempt.

6. Personal Information Requests

A legitimate financial institution or credit card company, will not contact you to ask for your personal information, especially your login information. From time to time you will be contacted to update your personal information such as an address or contact information if we are having issues getting ahold of you or your statements are coming back undeliverable. However we will not ask you for information we already have, such as your card number, date of birth or SIN. If we are missing that information we would ask you to contact us.

Computer & mobile device

  • Keep yourself secure by keeping your Operating System, Browsers, Firewalls, Malware and Antiviruses current.
  • To prevent access to your information make sure you have login password for your home computer and mobile devices.
  • Only download information from legitimate trusted sites and App stores such as Apple and Google Play.
  • Install anti-virus software for your smartphone and keep current

Identity Theft

Identity theft is when someone uses your personal information without your knowledge for criminal purposes. Fraudsters try to use your stolen information to gain access to your financial information, pose as you to open accounts/loans/credit cards, plate a vehicle in your name, sell on the black market as just a few examples.

Another example of Identity Theft is when someone sets up accounts on social media or websites using your name, image or other information. While this may not cause you financial harm it could potentially harm your reputation.

We are not the experts in Identity Theft but here are some steps and resources to help you if you believe your identity has been compromised.


Unfortunately sometimes you will not know you have been compromised until you are in a situation where your credit report is pulled; loan application, credit card, job opportunity etc. This is why it is very important that you check your credit report at least once a year for errors or strange activities.

  • Contact the Canadian Anti-Fraud Center at 1-888-495-8501
  • Contact SGI if your driver’s license has been compromised 


Government of Canada Resources to find out more about Fraud and Cyber Fraud.

Get Cyber Safe

Anti-fraud Centre 


Looking for affordable anti-virus solutions? 

Here are a few suggestions:

  • AVG 
  • Malwarebytes
  • ZoneAlarm (Firewall)
  • BitDefender
  • Comodo 
  • Ad-Aware
  • Microsoft Security Essentials

Remember to view best practice tips on this page for additional internet security.

Software Requirements

Browser Requirements for Mobile Web and Online Banking:

To help protect yourself make sure you are always using the latest browser version. Make sure when downloading any software that you are using a legitimate site. Browsers are a third party software and we are not responsible for any issues you may encounter by downloading these browsers.

Supported Browsers:

  • Microsoft Edge
  • Firefox
  • Safari
  • Google Chrome

Supported Operating Systems:

  • Windows 10
  • Windows 8
  • Mac OS X

All supported browsers support are XHTML 1.0 Transitional, CSS 1.0 and 2.0, DOM Level 1 and 2, and ECMA Script (JavaScript). The site will work using all the browsers that correctly implement these specifications. To access our services, your browser must also support 128-bit Secure Sockets Layer (SSL) encryption. All the browsers we support meet this requirement. If yours doesn't, please download the appropriate encryption support from your browser's supplier. 

Mobile Device Requirements:

Our Mobile App can be downloaded from Google Play or the Apple store, just search for Biggar Credit Union.

Supported Devices:

Apple devices: iPhone, iPad, iPod Touch running ISO 11 or later.

Android devices: Google & Samsung running Android 5 operating system or later. 

Cookies Enabled:

To use our online banking services, you must enable your browser to accept cookies. Detailed information on our use of cookies is available in our Privacy Statement. For more information on enabling and disabling cookies, please refer to your browser's Help section.