Online banking security

How we protect you

When you bank online with Prospera, you're protected by our global security network and by advanced security technology.

Take a look at our security videos

Encryption

We take many precautions to protect the online banking environment and ensure your information is safe. Prospera.ca offers you the best security currently available in a commercial environment so that your personal and financial information is protected while in transit between your computer and our server. This is done through the use of industry standard security techniques such as encryption. Encryption ensures that information cannot be read in transit or changed by scrambling the data using a complex mathematical formula.

Controlled Access to your Accounts

Your accounts can only be accessed by providing the correct debit card number and password. To help you protect your information, your online banking session will end automatically if there has been no activity for 20 minutes.

Access to our databases is strictly managed and systems are in place to ensure security is not breached, including the physical security of our computer hardware and communications.

For more information on the specific policies and practices that we use to safeguard your personal and financial information, please view our Privacy Policy.

Automatic Session Time-Outs

In the event that you leave your computer without logging out, the online banking feature of this site has been designed to end your session automatically if our system detects that you haven’t provided any instructions or used the browser buttons to navigate for several minutes. To restart the session, you will need to provide your password again.

Find out more about how you can protect yourself online.

reCAPTCHA

A reCAPTCHA system is designed to establish that a computer user is human and not a robot. You may be presented with a series of pictures that you will need to identify to gain access to your online banking account.

We turn it on during times where there is the potential for increased cyber fraud for our members as it provides a deeper layer of protection against Brute Force attacks. Brute Force attacks are when cybercriminals use automated tools to attempt a range of passwords and user names to gain unauthorized access.

Enhanced Online Security

2-Step Verification adds an extra layer of security to protect you and your account in case your password were ever stolen. In addition to entering your password, a one-time use verification code will sent by SMS text message or email to the registered mobile phone number or email address associated with your online banking account.

The code must be entered and submitted for confirmation to access your account online. This new feature will replace the security questions you have been accustomed to answering and will not be required at every log-in.

Online Banking Security: Your Responsibilities

Our members have a part to play to protect their privacy and information when they use Online Banking.

Protect Your Login Information

Together your account number and your Personal Access Code (PAC) are the "keys" that unlock your information in Online Banking. 

• Never share your PAC with anyone, even if they claim they are from Prospera Credit Union. We will never ask you to reveal your PAC.
• Memorize your PAC - don't write it down or store it on your PC. If you must write it down, store it in a place that only you know. 
• Select a PAC that is easy to memorize and but difficult to guess, and change it in Online Banking on a regular basis.
• Prevent others from watching you type your account number and PAC.

As a reminder, we advise all of our members to be alert of suspicious activity online. Please always remember to use safe internet and email practices. Your security remains our top priority during these times and we encourage all members to review our simple fraud precautions to ensure you stay protected.

Passwords

Online credentials can be numerous as they are needed for email accounts, social networking sites, online newspapers and shopping websites. That’s a lot of usernames and passwords – and it can be tempting to use the same combination for everything. But this makes it far too easy for hackers because once they have one password, they can access all your sites. Login credentials are the keys to your accounts so don’t leave those keys around for anyone to find. For online banking, the key is your password. We recommend you:

• Choose a password that is easy for you to remember but difficult for others to guess. Avoid using current phone numbers, dates of birth, or social insurance numbers.
• Be smart and don’t save a list of your credentials on your PC. If you have to write them down, keep these details locked away somewhere only you can access or consider using password-management software, which secures and encrypts usernames and passwords and allows you to use a single master password.
• Do not share your password with anyone, especially online. Employees of our financial institution will never call, email, write or ask you to provide your online banking credentials.
• Don’t authorize browsers to memorize your credentials. Saving these on your computer allows anyone using your PC to gain access to your login-protected sites.
• Consider changing your password every 90 days for optimum security.

Frequently reviewing your paper and/or electronic account statements and/or registering for our transaction alert system ensures that you spot any incorrect or fraudulent transactions as soon as they occur. If your card has been skimmed (when the card’s magnetic stripe and PIN are fraudulently copied by embedded devices at ATMs or point-of-sale devices) or unauthorized transactions have been made, you will want to catch this as soon as possible. Every time you receive an account statement, verify you made all the transactions or let us notify you whenever there has been movement in your accounts (with the transaction alert system).

Personal Details

When you move, it is important to notify us of your change of address. If your mailing information isn’t up-to-date, statements or letters that contain personal information will continue to be sent to your former address.

Logging In and Out

When you are finished with your banking session, always log out by clicking the “Log Out” button, as opposed to simply closing the browser window. To help protect your information, your online banking session will end automatically if there has been no activity for 20 minutes or if your visit lasts longer than 60 minutes. If your session has timed out, no further transactions can be made until you log in again. This time-out feature helps protect your accounts from unauthorized access if your PC is left unattended or if you have forgotten to log out.

Direct Banking Alerts notify you via text message and/or email regarding specific activities related to your account. These alerts are an effective way to monitor accounts for unauthorized activities, allowing you to notify us should you feel your account has been compromised.

Alerts include:

• New Payee Added - This alert notifies you when a new bill payment vendor account is added to your online banking account. 
• Password Change - This alert notifies you when your online password has been changed. 
• Log-in - This alert helps you keep track of authorized log-ins to your account by receiving a notification every time someone logs-in. 
• Interac e-transfer recipient - You will be notified every time a new Interac e-transfer (electronic money transfer) recipient is added to your banking activity. 
• Contact change alert - This alert notifies you when an email or phone contact is disabled or deleted in your registered profile. 
• Alert change -This alert notifies you when an active alert is modified or deleted from within your direct banking alert set-up.

Ready to sign up? Simply follow these four steps:

Clearing cookies and cache

When you spend time on the Internet, your browser stores information, such as the websites you visit, the images and files you view, and your personal information, including passwords and login details. This data is held on your computer’s hard drive and is known as ‘cache.’ Even though you may have logged out and closed your browser, this information may remain accessible. You can protect your data by clearing your browsing history regularly. This can be done in a few easy steps:

Internet Explorer Users

1. Click on the ‘Tools’ tab (or use the ‘Ctrl-Shift-Delete’ shortcut).
2. Select ‘Delete Browsing History’. 
3. Choose the options you wish to erase and click ‘Delete’.

Firefox Users

1. Click on the ‘History’ tab (or use the ‘Ctrl-Shift-Delete’ shortcut).
2. Select ‘Show all History’ and/or.
3. Choose the time frame you wish to erase and click ‘Delete’.

Safari Users

1. Click on the ‘History’ tab.
2. Select ‘Show all History’.
3. Choose the period you wish to erase and click ‘Clear History’.

Chrome Users

1. Click on the ‘wrench’ icon on the right-hand side of the address bar (or use the ‘Ctrl-Shift-Delete’ shortcut).
2. Select ‘History’.
3. Hover over the items you want to delete and click the box that appears.
4. After selecting the items, click ‘Remove Selected Items’.

To delete all browsing history in Chrome: 

1. Select ‘All Browsing History’. 
2. Choose the time frame you wish to erase. 
3. Click ‘Clear Browsing Data'. 

 

Private Browsing

Some web browsers have a feature that allows you to browse the Internet without the browser storing information, such as the sites you visit, the images you see and videos you watch. This feature is sometimes used by people who share the same computer. Private browsing is a temporary option and must be selected in order for it to be activated. Private browsing, however, does not give you immunity to spyware or make you anonymous. It is still possible for your Internet service provider, employer or the websites you visit to track your online activity.

Anti-Virus Software

Install anti-virus software on your computer to protect your information, money and privacy. Such software detects viruses and cleans your computer so that harmful viruses do not spread. Set up your anti-virus to run frequent scans and update the software as soon as it is required. Ensure you have real-time scanning of every email and every file you download.

Operating Systems

Your computer’s operating system needs to be up-to-date in order to defend itself from viruses and malicious software (malware). If one part of your operating system develops a virus, it leaves holes in your PC’s security defences and compromises the safety of the information contained in your computer. 

Keeping your software up-to-date is one of the most important ways of staying safe online because it is much harder for viruses to infect an updated operating system and software. Hackers are targeting operating systems with new viruses all the time and software companies combat these efforts with security patches. You should always download the latest security patch as soon as it becomes available. 

Your operating system lets you know when updates are available by notifying you there are new security features to download. You can also upgrade your operating system to the latest version available from the manufacturer; however, you should ensure your computer has sufficient hardware capacity to support an upgrade. 

Remember to back up your data. To fully eliminate a virus that has infected your machine, the re-installation of your operating system may be required. Protect yourself against the permanent loss of important data by frequently backing up your files on an external hard drive so you’ll have the data should you ever have a problem with your operating system.

Browsers

Recognizing Fraud

You can help protect yourself from electronic identity theft by following some simple precautions.

Safety Precautions for Online Banking

• Prospera will never ask you for your personal passwords, personal information numbers or login information in an email. 
• All legitimate internet banking web sites will begin with ‘https’ in the address toolbar, indicating that the page is secure. 
• Look for the padlock found in the address toolbar of your browser. If the page is legitimate, by clicking on the padlock, you can view the security certificate details for the site. A fraudulent site will not have these details.
• Type in our web address yourself to ensure you are transacting with our server. 
• Check your statements regularly to ensure legitimate transactions.

• Warnings about account closures. 
• Requests to update your information. 
• Offers to register for a new service offers for pre-approved credit cards. 
• Free virus-protection programs. 

Once you click on the link, which directs you to a phishing website, you’ll be prompted to enter personal or banking information. Phishing scams seek personal details, such as your address, social security number or mother’s maiden name. The details obtained will then be used for identity theft.

• Poor spelling or grammar. 
• Alarmist content, warning that your account will be closed if you don’t provide your banking or personal details immediately. 
• Notices that you’ve won a prize and are required to pay a fee in order to claim it. 

Never provide personal details or any account details in an email or electronic messaging.