Online Security

Staying safe on the Internet - We're in this together

Mobile banking makes managing your finances easy and convenient as well as accessible 24/7 from anywhere you can access the internet. Your online security is our priority, we take your security seriously and make sure we have the latest security protocols in place and staff are well trained. We do our part, you need to do yours. There are measures you need to take to help protect yourself. Below are some best practices you should follow, resources to help educate yourself on known internet scams and cyber security as well as resources for if you think your identity has been compromised.


Security Guarantee

Our online banking system is safeguarded with the best security available in a commercial environment, ensuring that your information is protected while data is transmitted between your computer and our banking server.
Internet browsing encryption protects your information while it is in transit between your computer and our systems. Encryption ensures that data cannot be read or altered because the information is scrambled. Our online banking website uses a 128-bit SSL, encrypting both request and response transactions, through a secure connection. To establish a secure connection, verify that the prefix of our website address in your browser reads 'https' (and not simply 'http'). All the browsers we support meet this requirement. If yours doesn't, please download the appropriate encryption support from your browser's supplier. See a list of supported browsers under How You can Protect Yourself section.
Your accounts can only be accessed by providing the correct login credentials (username and password), which only you know. Our employees never know these details and will never ask you to provide them with this information.
When you sign in for the first time, you will use your Member Card® debit card number, your date of birth and a valid cell phone number or email address.

Step 1: Sign in using your debit card
That’s the number on the front of your Member Card® debit card.

Step 2: Verify your identity
You’ll need to enter your date of birth and either your mobile phone number or the email address that we have on file for you. You will receive a verification code either through a text message or email. Enter the code you receive in the verification pop-up window and click ‘Confirm.’

Step 3: Set up a new username
Enter a new username (username cannot be your debit card number and avoid using your name). Choose something unique to you and something that you can easily remember because once you create it, you can't change it.
Your username can be up to a maximum of 35 alphanumeric characters. Special characters are optional. Going forward, this is what you will be using to sign in.

Step 4: Set up a password
Choose a password that has a minimum of 10 characters and includes:
• 1 Uppercase letter
• 1 Lowercase letter
• 1 number
Special characters are optional.

Step 5: Confirm sign in details
If everything looks correct, go ahead, and click ‘Create User Profile’ to finalize your sign in information. Going forward, whenever you sign into digital banking, you will use the Username and Password you just created!
Within our branches we protect your money with vaults, locked doors, security and surveillance. We are keeping you just as safe when you bank online but once your information reaches your computer, you have a responsibility to protect it.
When you move, it is your responsibility to notify us of your change of address. If your contact information isn't up-to-date, statements or letters that contain personal information will continue to be sent to your former address.
Landline/cell phone numbers and email address changes are important to update with us as well, as they help us verify your identity.
You may prefer to eliminate paper statements altogether, avoiding any possibility of mail theft. Eliminate paper documents, go electronic and be secure while doing it. Our e-Statements are a digital archive of your monthly banking activity than can be downloaded as a PDF from our secure online banking site and they are kept for 7 years.
When you are finished with your banking session, always log out by clicking the "Log Out" button, as opposed to simply closing the browser window. To help protect your information, your online banking session will end automatically if there has been no activity for 20 minutes or if your visit lasts longer than 60 minutes. If your session has timed out, no further transactions can be made until you log in again. This time-out feature helps protect your accounts from unauthorized access if your PC is left unattended or if you have forgotten to log out.
When you spend time on the Internet, your browser stores information, such as the websites you visit, the images and files you view, and your personal information, including passwords and login details. This data is held on your computer's hard drive and is known as 'cache.' Even though you may have logged out and closed your browser, this information may remain accessible. You can protect your data by clearing your browsing history regularly. This can be done in a few easy steps.
Some web browsers have a feature that allows you to browse the Internet without the browser storing information, such as the sites you visit, the images you see and videos you watch. This feature is sometimes used by people who share the same computer. Private browsing is a temporary option and must be selected in order for it to be activated. Private browsing, however, does not give you immunity to spyware or make you anonymous. It is still possible for your Internet service provider, employer or the websites you visit to track your online activity.
Frequently reviewing your paper and/or electronic account statements and/or registering for our banking alerts ensures that you spot any incorrect or fraudulent transactions as soon as they occur. If your card has been skimmed (when the card's magnetic stripe and PIN are fraudulently copied by embedded devices at ATMs or point-of-sale devices) or unauthorized transactions have been made, you will want to catch this as soon as possible. Every time you receive an account statement, verify you made all the transactions or let us notify you whenever there has been movement in your accounts (with banking alerts). You have 30 days to let us know of any issues.

Our Mobile App Privacy Permissions

The following list of permissions and activities are required by our mobile app to operate. These include:

  • “Access Camera” permission is used by the app to deposit a cheque via mobile deposit capture, store a custom profile picture and background.
  • “Access Location” permission is used by the app to accurately locate the nearest ATM or branch in the “Find Us” feature.
  • “Call Permission” is used to automatically call the user’s preferred branch by tapping on the phone number in the “Find Us” feature.
  • “Contacts List” permission is used to set up new Interac e-Transfer® contacts and send an Interac e-Transfer®. Only the device contact information a user confirms is readable by Interac.
  • “Internal Storage” permission is required to view, share and download PDF files from the mobile app to a user’s device.
  • “App Activities” uses mobile app interaction data for analytics on usage and crash information for the current app version. We also monitor application stability using the crash logs to make ongoing improvements. Data collected on app activities, information and performance is completely anonymous and aggregated – individual users are not identifiable.


Autodeposit

Online Banking:

1. Sign in to digital banking on desktop/tablet.
2. Go to ‘Transfers & Payments’.
3. Under Interac e-Transfer®.
4. Click ‘Autodeposit Settings’.
5. Click 'Add Autodeposit'.
6. Under Register With, input the mobile phone number or email address you would like to register and choose which account you would like your money to be automatically deposited into.
7. Agree to the acknowledgement and click ‘Continue’.
8. Confirm your autodeposit details and click ‘Continue’.
9. Enter the one-time password you receive via text or email address.
10. Click ‘Continue’.
11. A Verification message will be sent to you via text or email to complete the registration. You will have the option of either completing the registration or declining it.

Mobile App:

1. Sign in to digital banking on the mobile app.
2. At the bottom of the screen tap ‘Move Money’.
3. Tap ‘INTERAC e-Transfer’ at the top right corner.
4. Tap ‘Autodeposit Settings’.
5. Click the + icon at the top right hand corner of the screen.
6. Under Register With, input the mobile phone number or email address you would like to register and choose which account you would like your money to be automatically deposited into.
7. Agree to the acknowledgement and click ‘Continue’.
8. Confirm your autodeposit details and click ‘Continue’.
9. Enter the one-time password you receive via text or email address.
10. Click ‘Continue’.
11. A Verification message will be sent to you via text or email to complete the registration. You will have the option of either completing the registration or declining it.


Alerts

Be the first to know if there is any unauthorized activity on your account. Keep a close eye on your money by setting up ALERTS on your online banking.
You will need to set up your alerts in the new Digital Banking for each individual account. Account alerts are unique to each account – different alerts can be set up on different accounts. Only one balance frequency notification can be selected (daily, weekly, or monthly) per account.

You can choose to receive alerts using all, a combination of, or one notification type (text, email, and/or push notification).

There are two types of Alerts, Account Alerts and Security Alerts. There are 3 mandatory Security Alerts that are received by email and cannot be turned off (Password Changed, New Biometric Access and Password Attempt Lock).

Online Banking:

1. Sign in to digital banking on desktop/tablet.
2. Click ‘My Credit Union’ and under Alerts select 'Security' or 'Account'.
3. Select the account.
4. Under each heading toggle on/off the types of desired notifications (text message, email, push notifications).
5. Set limit and amount if applicable.
6. Click 'Save'.

Mobile App:

1. Sign in to digital banking on the mobile app.
2. Tap ‘More’ (located bottom right-hand corner), choose ‘Alert Settings’, and then tap either ‘Accounts Alerts’ or ‘Security Alerts’.
3. Choose the account.
4. Under each heading tap the type of alert you would like then toggle on/off the types of desired notifications.
5. Set limit and amount, if applicable.
6. Click 'Save'.






Best Practices

We take pride in insuring your information is safe and secure, our staff are well trained and our technology is always leading edge and up-to-date. However, you need to do your part too. Once our information leaves our secure site and you access it on your personal devices, it is then your responsibility to protect yourself.

There are many different names for electronic fraud:

  • Phishing – email fraud
  • Smishing – texting fraud
  • Vishing – fraud via phone call
  • Spoofing - try to obtain personal information
  • Scareware – malicious computer program 

Very funny names for a very serious issue, these are all considered Social Engineering fraud. Fraudsters use the anonymity and reach of mass electronic messages and fake websites to try to trick you into providing your personal information. In the hopes to commit identity theft or sell your information on the black market. You can protect yourself from these situations by knowing how to identify and avoid these scams. There are many types of fraud and scams out there, although we cannot list them all, below are suggestions on how you can do your part to keep your information safe.

  • Verify you are using our legitimate secure website (it will have https: not http:) https://www.biggarcu.com/
  • Keep your Anti-Malware and Antivirus up–to-date
  • Report any concerns immediately
  • Monitor your account, you have 30 days to report any discrepancies or issues.
  • Sign up for Alerts
  • Do not make online purchases from websites that are not secure https
  • Do not share your card or PIN number with anyone
  • Do not use the same username and password for your financial info as other websites
  • Do not access your Online Banking over unsecure Wifi
  • Do not give access to your computer to someone who has phoned you stating they can fix it.
  • If you’ve had an incident with your computer that is a red flag for you and you are not sure what to do, take your PC into a trusted technician.   

A common way for scammers to obtain your personal information is through electronic means such as email, texting and SMS messaging.  Usernames, passwords, banking information and credit card details are requested through electronic message or instant messaging. To simplify it, you get an electronic message appearing to be from a legitimate contact such as your financial institution, credit card provider or you receive an e-Transfer notification, but they are not legit. Typically you are asked to log in to your online banking to verify account information because of some urgent concern, need to verify or deposit funds. The fake electronic message instructs you to click on a link that takes you to a non-legitimate website, you'll be prompted to enter personal or banking information. Fraudsters are seek personal details, such as your address, social security number or mother's maiden name. The details obtained will then be used for identity theft.

1. Scare Tactics

  • CAPITAL LETTERS  
    • ATTENTION!,  PAST DUE!
  • Sender is trying to scare you into action, to clicking on a link eg: You did not pay a parking ticket, CRA is after you for money, your credit card company needs more information, your account is going to be closed.

​These are all scare tactics. You need to Stop, Think, Rationalize; does it make sense?

  • Where were you to get a parking ticket and how did they know your email address.
  • Why would the credit card company be contacting me asking me for my information, don’t they have that on record?
  • CRA does not email notifications, they send it via mail
  • You would get an official letter if there was an issue with your account.
  • Legitimate businesses will not phone you to verify information, they have your information.

2. Verify the email address

Sometimes a fraudulent email will look like a legitimate email address but if you look closely it will be off slightly.

Eg: Real: info@biggarcu.ca vs Fake: info@B1ggarcu.ca

3. Attachments
Never click on an attachment if you were not expecting it or it is from an unknown source. The electronic message may have malware attached to the link or take you to a mod website that looks like a legitimate one.

4. Links and URLs

You can double check a link or URL in an electronic message by hovering over it with your mouse. You will get a popup that displays exactly where the link is going to take you. If this does not make sense, don’t click on it.

Never click on a link in an email to access your account if you were not expecting it or initiated it; iTunes, Banking, Credit Card, SGI, Facebook etc.

5. Grammar, Spelling & Structure

The structure of an electronic message can be a sign that it may be phishing electronic message. An electronic message with spelling mistakes, missing tenses, transposed words, or over generalities, should be a red flag. You will rarely send an electronic message without the inclusion of a name, company, or specific subject, especially in a business context. If you spot any of these grammatical or structural errors, don’t disregard them, they may be indicators of a phishing attempt.

6. Personal Information Requests

A legitimate financial institution or credit card company, will not contact you to ask for your personal information, especially your login information. From time to time you will be contacted to update your personal information such as an address or contact information if we are having issues getting ahold of you or your statements are coming back undeliverable. However we will not ask you for information we already have, such as your card number, date of birth or SIN. If we are missing that information we would ask you to contact us.

  • Keep yourself secure by keeping your Operating System, Browsers, Firewalls, Malware and Antiviruses current.
  • To prevent access to your information make sure you have login password for your home computer and mobile devices.
  • Only download information from legitimate trusted sites and App stores such as Apple and Google Play.
  • Install anti-virus software for your smartphone and keep current


Identity Theft

Identity theft is when someone uses your personal information without your knowledge for criminal purposes. Fraudsters try to use your stolen information to gain access to your financial information, pose as you to open accounts/loans/credit cards, plate a vehicle in your name, sell on the black market as just a few examples.

Another example of Identity Theft is when someone sets up accounts on social media or websites using your name, image or other information. While this may not cause you financial harm it could potentially harm your reputation.

We are not the experts in Identity Theft but here are some steps and resources to help you if you believe your identity has been compromised.


Unfortunately sometimes you will not know you have been compromised until you are in a situation where your credit report is pulled; loan application, credit card, job opportunity etc. This is why it is very important that you check your credit report at least once a year for errors or strange activities.

  • Contact the Canadian Anti-Fraud Center at 1-888-495-8501
  • Contact SGI if your driver’s license has been compromised 


Government of Canada Resources to find out more about Fraud and Cyber Fraud.

Get Cyber Safe

Anti-fraud Centre 


Software Requirements

Browser Requirements for Mobile Web and Online Banking:

To help protect yourself make sure you are always using the latest browser version. Make sure when downloading any software that you are using a legitimate site. Browsers are a third-party software and we are not responsible for any issues you may encounter by downloading these browsers.

Supported Browsers:

  • Microsoft Edge (latest version)
  • Firefox (latest version)
  • Safari (latest version)
  • Google Chrome (latest version)

Supported Operating Systems:

  • Windows 10 & Windows 11
  • MacOS 14

Mobile Device Requirements:

  • Apple devices running iOS 17
  • Android devices running Android 14
Our Mobile App can be downloaded from Google Play or the Apple store, search for Biggar Credit Union.

Cookies & Popups Enabled:

To use our Mobile Apps, you must enable cookies and popups, or the App will not work correctly. 

This website uses cookies to improve your user experience. By continuing to browse the site you are agreeing to our use of cookies.