Security is everyone's responsibility

Concerned about online banking security?

You can rest assured that FirstOntario Credit Union has your information security at the top of mind when it comes to online banking. There are a couple of steps you can take however to ensure even greater security when banking online.


  1. Make sure your computer, tablet and smartphone have up to date antivirus software
  2. Avoid banking online when using unsecure public WIFI services


Internet Security

The Internet has changed the way financial institutions do business. Internet banking provides convenient access to your financial information and the ability to perform transactions from home, work or other locations. It is important to be aware that when you communicate via the Internet, other people and software can also communicate with your computer. An inadequately protected computer can be accessed by unknown parties or a virus in a very short period of time.

What we are doing to protect your security

We take many precautions to protect our online banking environment and ensure your information is safe. Our online services offer you the best security currently available in a commercial environment so that your personal and financial information is protected while in transit between your computer and our server. This is done through the use of industry standard security techniques such as encryption. Encryption ensures that information cannot be read in transit or changed by scrambling the data using a complex mathematical formula. Some browsers can create a more secure channel. We use only the strongest channel available - referred to as 128-bit SSL (Secure Socket Layer). If you have a browser that only supports ‘weaker’ encryption such as 40-bit or 56-bit SSL, you will need to upgrade your browser before using our site. The longer and more complex the ‘key’ is, the stronger the encryption. The 40 and 128 refer to the length of the key. Since 128 digits are longer than 40, it is more secure.

We also ensure that only individuals who provide an authentic Personal Access Code (PAC) can access your financial information. To help you protect your information your online banking session will end automatically if there has been no activity for 15 minutes.

Access to our databases is strictly managed and systems are in place to ensure security is not breached, including the physical security of our computer hardware and communications.

For more information on the specific policies and practices that we use to safeguard your personal and financial information, please click here to view our Privacy Statement.


Alerts can help you stay informed. As a Member you have the option to choose from a variety of alerts that can be personalized to meet your needs. 

The following alerts can be received by email and/or text message anytime, anywhere:

  • New Payee Added – You will receive an email and/or text confirmation that the payee was successfully added.
  • Personal Access Code (PAC) Changed – You will receive an email and/or text confirmation that your personal access code (PAC) has been changed.
  • Online Banking Account Locked Out – You will receive an email and/or text confirmation that your online banking account has been locked out.

It is easy to choose alerts. Simply go into your online banking and you will be prompted on how to set up the alerts you want.

Protecting your computer

We have provided a secure channel for our members to communicate with us. Once the information has reached your computer, it's up to you to protect it. To protect your information, you should:

  • Never leave your computer unattended while using our online banking services.
  • Always exit the site using the Logout button and closing your browser if you step away from your computer. Your browser may retain information you entered in the login screen and elsewhere until you exit the browser.
  • Secure or erase files stored on your computer by your browser so others cannot read them. Most browsers store information in non-protected (unencrypted) files in the browser's cache to improve performance. These files remain there until erased. They can be erased using standard computer utilities or by using your browser feature to ‘empty’ the cache.
  • Disable automatic password-save features in the browsers and software you use to access the Internet.
  • Install and use a quality anti-virus program. As new viruses are created each and every day, be sure to update your anti-virus program often. It is recommended you update anti-virus definitions weekly. Scan all download files, programs, disks and attachments and only accept files and programs from a trusted source.
  • Install and use a personal firewall on your computer to ensure others cannot access your computer through the Internet.
  • Install new security patches as soon as your operating system and Internet browser manufacturers make them available.
  • Install an anti-spyware program and check your computer regularly.

Protect Your Information Online

Safety precautions

  • Don’t send personal information in e-mail or instant messages. It is too easy for someone to intercept and read your information. Remember, it is out of your control once you send it.
  • Limit personal information you post on the Web and restrict who can access it.  Facebook and MySpace are great for connecting with friends, but don’t post anything —like your birthday or full name—that could be used to steal your identity.
  • Unless you know and trust the sender, don’t open files, download programs or click links in e-mails or Instant Messaging. Phishing scams often use these techniques to try to steal your identity.
  • Dedicate one credit card solely for online purchases. Monitor your statements for any suspicious activity.
  • Keep your Web browser updated to ensure you have the latest security features installed. Like any other software, Web browsers need to be kept up-to-date to protect against security vulnerabilities. They are also equipped with encryption capabilities that help keep your data safe as it travels the Internet. Check the online help feature or get more information about security features on the manufacturer’s Web site.
  • Avoid storing sensitive information like credit card numbers or your Social Security number on your computer. If your computer is compromised, you’ll be less exposed.
  • Before disposing of an old computer, use a utility program to “wipe” your hard drive. Deleting files isn’t enough to ensure all the sensitive information on your old hard drive stays safe. If you need help, there are services that will do this for you.
  • Download, install and update firewall, anti-virus and anti-spyware security software regularly from a reputable vendor. This will help protect your computer from intruders looking for your personal information.
  • Be smart about your passwords. Use strong passwords that include a combination of upper and lower case letters, numbers and symbols. Don’t enable a login screen to save your password and remember to log off when you leave a secured site. This will prevent unauthorized users from getting into your accounts.

Protecting your information when using a public computer

You should be extra vigilant when using publicly available computers. Even if you adopt the tips above to protect your information, you need to bear in mind that even benign programs, like popular desktop search programs, can pose a security risk. Certain programs, such as Google Desktop, cache items that you have viewed so you - or potentially, an unwelcome third party - can easily search and find those pages later again.

Safety precautions

  • To learn more about browser security, please visit Microsoft web site.
  • To ensure a safe and secure Internet session, only visit reputable sites.
  • If you visit any questionable web site beforehand, we recommend you close your browser and restart it before proceeding to use our online banking services.

What you need to do to protect your PAC?

Protecting your Personal Access Code (PAC)

In order for us to ensure that only you are accessing your accounts, we need a unique way of knowing that it's you. Just as the key to your home protects unwanted entry, the online banking ‘key’—you’re Personal Access Code (PAC)—ensures that only you can access your accounts.

Safety precautions

It is your responsibility to ensure that your ‘key’ to the online banking section of this website is protected. Please observe the following security practices:

  • Select a PAC that is easy for you to remember but difficult for others to guess.
  • Do not select a part of your PIN (your ATM ‘key’) or another password.
  • Keep your PAC confidential and do not share it with anyone.
  • Do not write your PAC down or store it in a file on your computer.
  • Never disclose your PAC in a voice mail or email, and do not disclose it over the phone.
  • Ensure no one observes you typing in your PAC.
  • Change your PAC on a regular basis. We suggest every 90–120 days.

Protect Your PIN, Protect Your Money

Canadians use their banking cards millions of times each day for purchases and cash withdrawals from Automated Banking Machines (ABMs). In fact, Canadians are one of the biggest users of debit and ABMs in the world. With the INTERAC® shared services; cardholders have convenient access to their cash 24 hours a day, seven days a week.

What is the "Protect Your PIN" icon?

The "Protect Your PIN" icon features a stylized PIN pad being shielded by hands combined with a "Protect Your PIN" tagline. This icon was developed to increase cardholder’s awareness around PIN protection. The Association and its members want to reinforce the importance of PIN security as something cardholders do every time they use the INTERAC® shared services.

However, any debit card fraud is of concern. Interac Association and its members are working to combat these incidents on several fronts. As part of this, the Association has identified the need to increase the awareness of PIN security among cardholders to help prevent debit card fraud in Canada.

Why do I have to protect my PIN?

Your banking card and PIN are the keys to your account(s). They are both required to complete a transaction so you should keep them in a safe place and never lend them to anyone. Even if criminals get access to your card, they need the PIN to get access to your money - so remember to protect your PIN.

*Please note: All fraud related reports connected to a financial loss will be thoroughly investigated by FirstOntario. Any confirmed failure to protect your password or PAC/PIN information will result in non-reimbursement of funds.

Fraud: Recognize it. Report it. Stop it.

What is Electronic Identity Theft

Electronic identity theft can occur when you respond to a fraudulent email that asks for your personal banking information. Armed with this information, a person may be able to access your accounts or establish credit, pay for items or borrow money using your name. You can help protect yourself from electronic identity theft by following some simple precautions.

Safety Precautions

  • The easiest way to tell if an email is fraudulent is to bear in mind that we will never ask you for your personal passwords, personal information numbers or login information in an email. Legitimate financial institutions do not include links to their web sites in email communications to customers.
  • When banking online, check the address of any pages that ask you to enter personal account information. In the toolbar at the top of the page any legitimate Internet banking web site will begin with ‘https’ to indicate that the page is secure.
  • Look for the padlock found in the lower or upper right corner of your screen.  If the page is legitimate, by clicking on the padlock, you can view the security certificate details for the site. A fraudulent site will not have these details.
  • Type in our web address ( yourself to ensure you are transacting with our server only.
  • Check your bank and credit card statements regularly to ensure that all transactions are legitimate.

Protect yourself by regularly checking your credit score to make sure there isn’t any unusual banking or credit activity reported in your name. (Equifax or TransUnion)

Contact FirstOntario Credit Union immediately if you suspect someone has gained knowledge of your PAC/PIN, or if you suspect any loss, theft or unauthorized use of your account.


What is Phishing?

Phishing is a technique used to gain personal information for purposes of identity theft by using fraudulent e-mail messages that appear to come from legitimate sources. The message may look quite authentic, featuring corporate logos and formats similar to the ones used for legitimate messages.

Safety Precautions

  • Never reveal information, such as passwords, to anyone making contact with you.
  • Do not forward any credit card details and/or bank account numbers through e-mail.
  • Do use anti-virus and anti-spyware software, as well as a firewall, and update them all regularly.
  • Do not reply to any e-mail asking to verify your personal data. You will find that legitimate vendors and merchants do not send such requests via e-mail.
  • Never send personal or financial information to any one via e-mail.
  • Ensure that all of your software is up to date - for instance, if you use Microsoft Windows, run Windows Update every day when you first connect to the internet. If you use other operating systems or browsers then check daily for patches or updates. Security loop-holes are regularly discovered in software.
  • Make sure you're on a secure Web server when submitting credit card or other sensitive information via your Web browser.
  • Check the beginning of the Web address in your browser’s address bar - it should be "https://" rather than just http://.
  • Delete requests for your password
  • Be suspicious of any requests for financial information
  • Don't click links in unexpected email. 
  • Type the organization's main URL into your Web browser's address bar and navigate from there
  • Call the organization using a telephone number from a reliable source (ie: telephone directory or legitimate, printed, letterhead)
  • Do not fill out forms embedded in email messages
  • Use modern versions of browsers such as Chrome, Firefox, or Internet Explorer and configure them to automatically update.
  • Regularly log in to your online accounts and check your transactions, grades, etc. (Avoid using public computers for financial and other sensitive communication. Password sniffing software or hardware may be installed on public computers)

Telephone Fraud

What is Telephone Fraud

In Canada, the police and the Canadian Anti-Fraud Centre (Phonebusters) have received complainants regarding telephone scams over the past year.

"If it sounds too good to be true, then it probably is!"

Use of the telephone for the sale of a wide range of services or products can be an effective, legitimate marketing tool for any number of Canadian businesses. However, the legitimacy of well-known companies has provided an excellent opportunity for criminals.

Criminals use the same techniques as legitimate companies, but hide behind the anonymity of the telephone and attempt to defraud thousands and thousands of Canadians each year.

Safety Precautions

  • The key to not becoming a victim is to just hang up. 
  •  Be suspicious of any unsolicited calls where someone claims you have a computer security problem.
  • DO NOT believe that everyone calling with an exciting promotion or investment opportunity is trustworthy, especially if you do not know the caller or their company.
  • DO NOT invest or purchase a product or service without carefully checking out the investment, product, service, and the company.
  • DO NOT be afraid to request further documentation from the caller so you can verify the validity of the company.
  • DO NOT be fooled by the promise of a valuable prize in return for a low cost purchase.
  • DO NOT be pressured to send money to take advantage of a "special offer or deal."
  • DO NOT be hurried into sending money to claim a prize that is available for only a "few hours"
  • DO NOT disclose information about your finances, bank accounts or credit cards (not even the credit card expiry date).
  • DO NOT be afraid to hang-up the phone.
  • DO contact the Canadian Anti-fraud Centre if you are contacted by someone who promises you great prizes, but you are required to send money in advance for shipping, handling, taxes, etc.
  • DO contact the Canadian Anti fraud-Centre if you are contacted by someone who says that you have won a prize, but you have to purchase a product to qualify.
  • Mobile phones present the same security tasks as computers do.
  • To avoid viruses, do not install illegal software or open attachments sent to you in e-mail.
  • Make sure you password protect your screen lock to prevent the phone being used or your personal information viewed if the device is stolen or lost.
  • Be careful what you discuss when using a mobile device.  
  • Disabled the Bluetooth component on your device until you need it.


What is Malware?


Malware (or Malicious software) is software which gets onto your PC and causes viruses, worms or Trojans to run without you even knowing. You will never know that you have Malware on your PC until you begin to experience system degradations or system crashes. Basically, Malware is a computer programme that invades your system when you open e-mail attachments, visit websites, when opening instant messaging sessions or during file-sharing sessions.

Safety Precautions

Ensure your Virus and Malware protection is updated on a regular basis.


What is Spyware?

Spyware, sometimes called a spybot, is a program which installs itself on your PC (usually without your permission) in order to monitor (spy) all your activities on your PC and online.  Spyware works by running a program behind the scenes on your PC. You are unlikely to know that you're being monitored. Some types of Spyware will run to cause a nuisance on your machine by launching advertising pop-ups or changing the browser homepage. Other items which come under the Spyware spectrum include tracking cookies, which collect information from thousands of sites to see who visits what and when, along with other items which bury themselves deep into the PC memory and track other data.

Safety Precautions

  • Keep all of  your software up to date
  • Adjust Internet Explorer security settings
  • Use a firewall
  •  Explore and download more safely
  • Download and install antispyware protection


What is Spam?

Spam is any unsolicited communication received electronically. Typically, we think of e-mail but instant messaging can also be a source of Spam. Spam can be an entry point for Spyware or Malware. Spam is the mass mailing of a single e-mail to thousands or millions of recipients. The Spam perpetrator, known as the spammer, obtains a list of valid e-mail addresses from one of several sources, then fires out as many e-mails as the spammer wants, hoping to get a percentage of profitable responses. The spammer can send out thousands of e-mails in a very short period with really no expense other than the bandwidth necessary to mail out all those e-mails or just the cost of the Internet connection itself.

Safety Precautions

  • Stop posting your e-mail address on a public forum or website
  • Avoid certain sites and software programs
  • Use spam blocking tools
  • Do not reply to spam email


What is Adware?

Adware is software that displays advertising banners, re-directs you to websites and otherwise conducts advertising on your PC. Adware is software which installs itself onto your PC with the intention of promoting adverts depending on the information it captures about the victim.

Safety Precautions

  •  Keep all of  your software up to date
  • Adjust Internet Explorer security settings
  • Use a firewall
  • Explore and download more safely
  • Download and install antispyware protection

Key loggers

"Key logging" is a way for hackers to get information from your computer. A hacker can install software or a physical device onto your computer. Both enable a hacker to track everything you type on your keyboard. This includes passwords, e-mail, Web sites visited, credit card information — anything you type.

Safety Precautions

  • You must be vigilant in your efforts to secure your computers and information resources. Please be alert to attempts to gain access to computer information.
  • Keep all of  your software up to date
  • Adjust Internet Explorer security settings
  • Use a firewall
  • Explore and download more safely
  • Download and install antispyware protection

ATM Skimming

In the News

In Toronto, Hamilton and Niagara Region, law enforcement officials arrested multiple suspects in January & February accused of being part of an international crime effort to steal money from ATMs around Toronto, Hamilton and Niagara Region.

What is skimming?

According to the ATM Industry Association, card skimming, which can also occur on other types of point-of-sale devices, is defined as 'the unauthorized capture of magnetic stripe information by modifying the hardware or software of a payment device, or through the use of a separate card reader.' Crooks often also capture PIN data and then create dummy cards in order to drain a victim's account. The funds are often not taken until several months later.

The effects of this crime have implications for both consumers, who lose their money, and businesses, who often suffer a blow to their image, or even their reputation for security, if one of their machines is affected. ATM security experts urge customers using machines, and businesses maintaining them, to develop secure habits.

Safety Precautions 

  • FirstOntario Credit Union recommends using an ATM you are familiar with so you know what it should look like and check it to make sure that it is solid and sturdy. Criminals often place fake readers that look like real ones over the slot where the card is placed or swiped. This captures the card information. But if you have your eye out for them, they are sometimes easy to spot.
  • Look for fake readers placed over card slots "Put your hands on it and see if you can wiggle it”.
  • Cover your PIN, another way skimmers get PIN info is by installing small, hidden cameras somewhere inside the machine. They can be in the wall, or even hiding inside marketing materials, like pamphlets which appear to be innocently sitting off to the side.
  • A good habit to get into is covering your PIN with your hand, even when you are alone. This may prevent a camera from detecting it and may also stop another type of scam: shoulder surfing, which is done by a person who lurks nearby that is part of the scam who records your PIN for later use.
  • Avoid overly helpful people, crooks get PIN numbers by hanging out near or inside an ATM and offering help when the unit fails to "work." The scam involves capturing the card and the victim is perplexed as to why the machine is having problems. A helpful bystander will offer to help and ask for the person's PIN. Of course, once they have it, the card is as good as theirs.
  • Monitor accounts regularly
  • Failing all else, if you are hit by a skimming scam, your best defense is awareness of your own financial accounts. Regular monitoring will keep you on top of any suspicious activity that may occur as the result of a compromised account. Reporting fraudulent activity as quickly as possible gives you the best possible chance to recover your losses.

Summary of possible signs that you may have a security problem caused by any of these threats:

  • Lots of pop-up windows in the web browser;
  • Cascading windows that cannot be closed;
  • Slow PC and gets worse over time;
  • Takes up large amounts of hard disk space;
  • Reduced Internet speed;
  • Cannot access the Internet;  
  • PC restarts on its own;
  • Web browser freezes up;
  • Home page changed in web browser and cannot be reset;
  • Changes in your web browser such as unfamiliar links in Favourites, different default search engine and new buttons on toolbar;
  • New shortcuts appear on the desktop, the task bar, or even the system tray that the user did not put there; 
  • Firewall and anti-virus software mysteriously turned off;

Firewall alerts the user to an unknown program or process trying to access the Internet, or one trying to access the PC. If you experience any of the above, call your PC technician and have them run a diagnostic scan on your computer device.

Useful Links - Canadian Anti-Fraud Centre - Victim Assistance Online

Please Note:
FirstOntario Credit Union has provided this information as high level guidance only. If you require additional details, please utilize the many resources available on the internet by searching the term you are looking to further understand.

All reports related to fraud that is connected to a financial loss will be thoroughly investigated by FirstOntario.


Online Banking

Find Branch/ATM

Address, postal code or branch name