Skip to main content

Online Security

  • Security

Our commitment to members

We take many precautions to protect the online banking environment and ensure that our members’ information is safe. We work to prevent, detect and investigate fraud on a daily basis. In addition, our activities and due diligence practices include the following:

  • Regularly updating fraud detection and prevention systems and measures;
  • Ensuring our monitoring systems, controls, and security technologies are up-to-date and complemented by rigorous security procedures;
  • Proactive communications with Members to ensure transactions are legitimate.

Our online account access system is safeguarded with industry leading security, ensuring that your information is protected and is kept safe from unauthorized access. The following are some of the online security measures in place:

  • Encryption: Internet encryption protects your information while it is in transit between your computer and our systems. Encryption ensures that data cannot be read or altered because the information is scrambled. Our online account access website uses enhanced encryption for all transactions, through secure connections.
  • Controlled Access to Your Accounts: Your accounts can only be accessed by providing the correct login credentials and Password (Personal Access Code or PAC), which only you know. Our employees never know these details and will never ask you to provide this information.
  • Increased authentication: Increased authentication is one of the best ways to reduce the risk of unwanted access to an online account. Kawartha Credit Union uses a enhanced authentication tool as a secure and user-friendly way to identify our members

What should you do as a Member to help protect your data:
  • Your Password (Personal Access Code or PAC). A PAC is your password to enter your online banking. Protect your PAC by following the below best practices:
    • Select a PAC that is easy for you to remember but difficult for others to guess.
    • Do not use a part of your PIN (your ATM ‘key’) or another password in your PAC.
    • Keep your PAC confidential and do not share it with anyone.
    • Do not write your PAC down or store it in a file on your computer.
    • Never disclose your PAC in an email or over the phone.
    • Ensure no one observes you typing in your PAC.
    • Change your PAC every few months
  • Account Alerts: Members are strongly encouraged to setup alerts for whenever their account is accessed. With this feature, you select what types of account activity you want to be notified about, and we'll alert you through text message or email. These alerts allow you to monitor your accounts effortlessly and detect suspicious activity immediately. We continue to expand the alerts available for Members to take advantage of on an ongoing basis.
  • Ensure that windows, system and browser updates are installed on a regular and timely basis. Reputable vendors (e.g. Microsoft, Google, Chrome, etc) will provide subscription services for critical security and other fixes to automatically keep your device current and secure.

Internet fraudsters cast their nets widely, using the anonymity and reach of mass emails and fake websites. You can protect yourself from these situations by knowing how to identify and avoid these scams.


A common way for Internet scammers to obtain your personal information is through a method called phishing. Usernames, passwords, banking information and credit card details are solicited through email or instant messaging. Phishing works by sending communications, which appear to be from your financial institution, but they are not. You are asked, supposedly by your financial institution, to log in to your online banking to verify account information. Often some type of security concern is cited as the issue. The fake email instructs you to click on a link that takes you to a non-legitimate version of your online banking site – one that is largely indistinguishable from the legitimate site – and you'll be asked to enter your credentials.

Once you click on the link, which directs you to a phishing website, you'll be prompted to enter personal or banking information. Phishing scams seek personal details, such as your address, social security number or mother's maiden name. The details obtained will then be used for identity theft. Often these sites will look like exact replicas of the official site, once you have entered the information they will often present a very professional message that a problem happened and to retry entering your information. You are then redirected in the background to the correct site and you never realize your information has been taken.

Phishing emails or texts may include:

  • Warnings about account closures
  • Requests to update your information
  • Offers to register for a new service
  • Offers for pre-approved credit cards
  • Free virus-protection programs

Scam emails purporting to be from your credit card company or financial institution often have some telling signs, including:

  • Poor spelling or grammar
  • Alarmist content, warning that your account will be closed if you don't provide your banking or personal details immediately
  • Notices that you've won a prize and are required to pay a fee in order to claim it

The quality of these fake sites is improving and often it is difficult to tell the difference. When you are entering information to enter Online Banking you should always be on the site A double check of that address should confirm you are in the right place.

Never provide personal details or any account details in an email. Electronic messaging is not a secure form of communication. If you receive a message that you are unsure about, please contact us.


Another way for hackers to get their hands on your personals details is by pharming them. Pharming occurs when hackers use a malicious code on your PC, which compromises your computer's host file and redirects you to fake websites. The malware hides the fraudulent URL, cloaking it in the legitimate one that appears in your browser. With pharming, the dishonest redirection of URLs happens even when you type correct URLs directly into your browser, making you think that you're on the correct website when you are not. Once there, you are asked to enter your online banking credentials or account information, which hackers take and use for criminal activity.

How to Avoid Phishing and Pharming Scams

  • We will never send you emails or communications asking you to verify or provide your online banking details. The best way to protect yourself is to never use a link provided in an email to access your online banking (because we don't send those; scammers do). Do not open emails or email attachments from unknown sources. Always scan email through your anti-virus software.
  • Always type your financial institution's website address directly into your browser and remember to look for confirmation that you are browsing securely. The letter "s" in 'https' indicates you are navigating in a secure site, in comparison to the open and unprotected 'http' URLs. Look for the 'https' to confirm it is a secure site you are accessing. Hackers are now taking advantage of Google and other search tools to promote their hacked site links to the top of the list. Always ensure that the link used is
  • Don't feel panicked when phishing emails caution of immediate account closures if your banking details cannot be verified. Don't believe emails warning that your account has been compromised or that you'll miss out on a great deal if you fail to act immediately. If you are concerned, visit your branch or call our contact centre.

Anti-Virus Software

Install a name brand anti-virus software on your computer to protect your personal information, money and privacy. Do not click on any link sent to you to install anti-virus – go to the corporate web site to initiate purchase and product authentications.

Such software detects viruses and cleans your computer so that harmful viruses do not spread. Set up your anti-virus to run frequent scans and update the software as soon as it is required. Ensure you have real-time scanning of every email and every file you download.


Malicious software (malware), spyware, worms and Trojans are the same class of destructive viruses; just with different names. Nobody wants a computer virus. They can steal your personal information, take over your PC and use your computer to attack other people's computers. Your PC can become infected through email attachments, downloading infected content or visiting harmful websites. Good anti-virus software will help protect your computer.


Spyware is exactly what it sounds like – tracking software that is downloaded to your computer (without your knowledge) when you visit certain Internet sites. Secretly, it gathers information about you and your browsing habits. This information can be trivial or it can include passwords and personal data that you wouldn't want criminals to get their hands on. It can also interfere with user controls and disable legitimate anti-virus programs.

The best way to protect your computer against spyware is smart browsing. Stay away from sites that look unsafe and avoid streaming or downloading content from untrustworthy sources. Many anti-virus products offer targeted spyware solutions that inspect your operating system, installed programs, downloads and files.


One of the most common viruses to watch out for is known as scareware. These scams pop-up on your screen and display alarmist warnings, telling you a virus has invaded your computer. Scareware prompts you to download (and often pay for) fake anti-virus software to remove the non-existent viruses. Scareware is a scam that tries to trick you into paying money in exchange for nothing.

You can protect against scareware by keeping your anti-virus software up-to-date and by being judicious about what you choose to download to your computer. You should also familiarize yourself with the interface of your legitimate anti-virus program, so you won't be fooled if one of these pop-ups appears.

Typical Phone Scams

Many scammers will attempt to reach you by phone and will target an individual in one of the following ways:

  • Tech Support Scams: This type of scam feeds off of people’s fear of computer viruses. A pop-up often falsely represents a reputable company with offers of “free security scans,” virus removal services, or anti-virus subscription renewals and instruct the user to call them immediately. After gaining the victim’s trust, the scammer may conduct a remote session on a person’s computer and then install their own products or steal personal information. Reputable tech companies typically never call unless they are responding to a call you initiated. If you receive such a call, do not purchase software or services from them, provide your financial information, or share control of your computer. Instead, disregard the call and ensure your anti-virus software is up to date. Tech scams also manifest as alarming – but fraudulent – pop-up warnings on your computer or emails claiming a computer has a virus. Messages appear legitimate with an offer to remove the virus but the real intent is to deceive someone into providing access to their system or private information. They may also offer “services” requiring payment. As with a tech scam phone call, do not respond to these pop-up messages or emails.
  • The Canada Revenue (CRA) Scam: You should understand that the CRA does not initiate a conversation with taxpayers by phone. When the CRA needs to communicate, the first communication is by mail. They do not use email, text, or social media to contact taxpayers. So if someone calls, emails, or texts you claiming to represent the CRA, it’s a scam. Ignore their threats about owing back tax or the need to transfer money or provide private information. If in doubt, hang up and call the CRA yourself to see if the query is legitimate. If not, contact the police.
  • Fundraiser / Charity Scam: Be cautious about fundraisers or charity campaigns with which you are not familiar, especially if you are offered a generous gift in exchange for your donation. Ask for verification of legitimacy (a website, printed materials, a CRA registered charity number, etc.) before donating money for a cause.
  • Grandparents / Emergency Scam: Scammers know you care about your family. If someone calls claiming to be a relative in trouble who needs emergency funds, you should respond by saying you will call the relative back and hang up. Alternatively, you could ask the caller a personal family-related question that only your true relatives or close friends are able to answer. Don’t succumb to the urgency communicated by the caller or the play on your sympathy.
  • Credit Card Scam: If someone calls representing himself or herself as an employee of a credit card company with news that your card or account has been compromised, and then tells you not to contact your financial institution for any reason, hang up. It’s an attempt to have you release personal information or conduct unwanted transactions. Understand that banks and credit card companies already know your account or credit card number as well as your personal details. Only trust the phone number printed on the back of your credit or bank card.

Familiarize yourself with these other common scams:

  • Lottery Scam: If you receive a cheque accompanied by the claim you won a sweepstakes or lottery you never entered, be very skeptical. Often you’ll be told the cheque represents only part of your winnings with the remainder to be released once you “pay the tax.” This is an obvious scam as tax on lottery or sweepstakes winnings (if any) are paid directly to the government.
  • Overpayment Scam: With this scam, someone buys something from you but overpays for example, through an online classified listing such as Kijiji. Shortly after, you are asked to refund the difference. After, you discover the original payment to you was fraudulent and so your financial institution reversed the payment! If you already sent back the difference, you’ll be at a loss.
  • Earn Money from Home Scam: Be careful if someone contacts you to be a mystery shopper or an account manager from home and they “pay” you in advance. Like the “overpayment scam,” they’ll pay you too much and then ask for a refund. After you refund the difference, you’ll find the cheque for your “pay” bounced and you’re now out of pocket for the refund.
  • Foreign Investment Scam: Watch out if you’re asked to invest in a foreign company or property and then receive a cheque as an “advance” on future profits. Usually it’s followed by a request for you to send money for “service charges” on profits. You will then likely discover that the “advance” you deposited was fraudulent and returned, leaving you at a loss for the so-called “service changes.”
  • Inheritance Scam: Be suspicious if you’re contacted out of the blue (by letter, phone, text, email, or social network) by someone claiming to be a lawyer, banker, or foreign official saying you stand to inherit from a distant relative or wealthy benefactor. This is often followed by a request for you to pay “service fees” before you can inherit. That’s not how a legitimate inheritance works.
  • Romance Scam: Romance scams occur when a criminal adopts a fake online identity to gain a victim’s affection and trust. The scammer then uses the illusion of a romantic or close relationship to manipulate and/or steal from the victim.

Protecting your identity will deter criminals from piecing together enough information about you to change your address, apply for loans or credit cards, and open accounts in your name. Protect your identity with the following best practices:

  • Shred documents with your personal information.
  • Use caution when posting any personal information online.
  • Continually review all of your account details to ensure all transactions are accountable and accurate.
  • Ensure you have alerts set up on your accounts that will advise when your accounts have been accessed
  • Do not give account or card number information to anyone – in person, over the phone, or online – unless you know who you are dealing with.
  • Do not carry your Social Insurance Number card in your wallet unless it is necessary.
  • If your wallet or purse is lost or stolen, contact Kawartha immediately at 705-743-9966 or 1-855-670-0510 to block your accounts and cards from use.
  • At least once each year, check the accuracy of your credit report. Contact Equifaxor Transunion.
  • Protect your Personal Identification Number (PIN) by always blocking the view as you enter your PIN. Stay alert when you are using a bank machine by yourself.

If you think you are a victim of identity fraud, contact Kawartha immediately at 705-743-9966 or 1-855-670-0510. We also recommend you call Canada’s Anti-Fraud Centre. (Phone: 1-888-495-8501 / Fax: 1-888-654-9426)


Web browsers are the gateways to the Internet. Similar to having an up-to-date operating system, upgraded browsers provide more features, stability and security. Whether you use Internet Explorer, Firefox, Safari, Chrome or something else, stay safe online by using the latest version available.

The latest versions of web browsers have security features that can identify and block harmful and fake websites and pop-ups, and warn you if a site is flagged as unsafe. Some browsers also have a feature, which conceals your browsing history from others.


A firewall protects your computer and home network from harmful websites and hackers. It sits between your computer and the Internet, scanning information that is being transmitted. It allows for safe browsing, while blocking unauthorized intrusions. Even though you may think you have no information of value on your PC, firewalls also stop your computer from being used by hackers to send malicious software to other computers.

Most computers now come with a firewall as part of the standard operating system. However, you can get the maximum protection for your computer by installing additional firewalls and ensuring they are kept up-to-date.

Protecting Your Smartphone

Browsing the web has never been easier – it's all at your fingertips. Smartphones let you surf, shop or bank wherever you are. Make sure your information stays secure while you're on the move by following these smartphone-safe browsing tips:

  1. Activate your phone's password feature, which locks the screen and prevents anyone but you from accessing your phone. Set up the secure password feature on your phone with a code that only you know.
  2. Don't connect to unknown networks through hotspots to make financial transactions.
  3. Beware of phishing through text (SMS smishing) – this is known as hacking on phones through text messages. Never download media or images, or click on text-message links that come from unrecognizable people or phone numbers. Even recognizable names may have hidden links to fake sites meant to harvest your personal information – always type the name of sites you want to access into the search bar and confirm you end up where you meant to be. Never provide personal details or any account details using any form of electronic messaging because this is not a secure form of communication. When unsure if you are accessing the correct Kawartha information, please contact us at 705-743-9966 or 1-855-670-0510.
  4. Download apps exclusively from the official source for your smartphone's platform, such as the Google (Android) or Apple stores.
  5. Install anti-virus software for your smartphone when available and update it frequently.
  6. Install and use location finding applications which work with your phone's built-in GPS. These applications allow you to locate and/or remotely erase (or "wipe") data in your phone if it is lost or stolen.
  7. Update your smartphone's operating system as soon as newer versions are available.


These days, everyone is on the go and it's not uncommon to access Wi-Fi at coffee shops, hotels, restaurants or airports. Using wireless networks to access information is convenient, but not risk-free. Be smart when you surf on every device you use in public. Protect yourself from threats by:

  • Using only a trusted computer to access your account online. Don't use shared library or café computers.
  • Managing your online account access only from secure networks. We recommend that you don't use unsecured public networks for anything sensitive.
  • Connecting only to password-protected networks. If there are several networks available, ask employees of the organization which network they operate.
  • Never leaving your computer unattended, especially if you are logged into your online account access.
  • Using different personal password codes and security questions as login credentials. If someone obtains your credentials for one site, such as a social networking site, you don't want them to be able to access your other ones.
  • Ensuring you log out before you close your browsers.


Contact Us: 1-855-670-0510
Copyright © 2023. All rights reserved.