Security

How do I know my details and information are kept private?

When your browser and our server are establishing a secure session they will exchange data which is encrypted and we establish a session for the period of your use of the site. This session is used to encrypt all the data as it passes through the Internet including your account details, transactions and loans details. The information is decrypted only when it reaches your browser. Part of SSL Protocol used in the encryption involves using a Message Authentication Code (MAC) which will not be accepted by your browser if the information is tampered with in; further ensuring your information is kept safe.

Your privacy and personal information is protected in several different ways on our website:

  • A PIN is issued only to members of the Credit Union, and your PIN application details are checked against the Credit Union records.
  • Your online account is protected by a 3-tier login, which is usually your Username, your PIN and your Password. You should not reveal your PIN to anyone including Credit Union staff.
  • When you log into the members area, your login details are encrypted while passing from your computer to our web server, limiting the chances of revealing your information should it be intercepted en route. The site uses 128-bit SSL encryption. The integrity of the encryption is verified by your browser which can recognize the digital certificate installed for our website, and inform you if the certificate is valid or expired.
  • The Members Area will automatically close your session after a short period of being idle, which helps prevent revealing your personal information should you be away from your computer for an extended period. You should logout of the Members Area when you are finished.

What can I do to ensure my online security?

In order to securely use our service, you should always:

  • Ensure that you connect to the correct web address.
  • Ensure that your browser indicates a secure session.
  • Ensure that you click the Logout button when you have finished.
  • Keep your Member Number and Personal Identification Number (PIN) secret. Do not write them down or share them with anyone.
  • Take care of your information once it has been delivered to your browser.
  • Ensure there is nobody behind you when you are entering your passwords if you are using a computer in a public place such as a library of internet café.
  • Regularly check your transactions by looking at your account balances and view transactions. Also look at the 'last logged in' time on the left hand side under the menu and compare this to the last time you logged in. If you find anything suspicious then report it, by clicking on Messages then New Message from your personal homepage.
  • Always try and keep your operating system (e.g. Windows XP) and web browser (e.g. Internet Explorer) up-to-date. They are not infallible products, which is why the makers often provide patches to correct problems.

You should also be aware of the following dangerous activities:

Phishing/Fraudulent E-mails

‘Phishing,’ is the act of sending fraudulent emails assuming the identity of banks, encouraging people to share user names and passwords. These authentic-looking messages sometimes include the organisations' logos and are designed to fool people into divulging their personal information. Criminals take the personal information and use it to access other people’s accounts in order to steal their money.

We would like to confirm that the Credit Union does not send any emails to customers requesting their security details or any other confidential information. If you receive an email reporting to be from the Credit Union asking you to input your details then please let us know. At anytime, if you feel at all suspicious about it, then delete it without opening.

If you are concerned that you may have disclosed any confidential information, please click on Messages, then New Message once you have logged in to contact us.

Pharming

'Phishing' uses links that appear to be legitimate but actually take you somewhere else. 'Pharming' hijacks the domain name so that even if you are a 'phishing'-aware user who specifically types in the web site you want (e.g. http://www.google.com); you will still end up at a different web site anyway.

To help defeat 'pharming', you need to check the SSL (secure sockets layer), which provides you with a secure and private connection. When you log-in to CU Online, double-click the padlock symbol at the bottom of your browser to ensure the site certificate is valid and belongs to the Credit Union. As long as the padlock symbol is there and is issued to the Credit Union you are not at any risk.

Trojans

A trojan is a malicious file, usually disguised as something useful, but when activated, can cause loss, damage or even theft of data. The critical difference between a trojan and a virus is that a trojan cannot replicate itself. The only way that it can spread is if you help it, typically by opening it.

Once you open this file, the trojan goes to work destroying your computer's functionality - possibly recording your logging-in details. A good line of defence is not to accept files from someone you don't know, and if you have any doubts, then do not open the file.

Label

To improve the security of this website access to this page has been restricted, to gain access you will require a One Time Passcode (OTP). To receive an OTP, click on the Request OTP Code button below.

A unique code will be sent to the mobile device registered to your account.

(Generally you will receive your code in seconds. In exceptional circumstances it could take longer and in all cases may depend on your network coverage.)

Once received enter the code in the box below and click on submit.