ABCs of security

In the highly unlikely event that an incident of fraud is committed through Internet Banking Solutions, you will be reimbursed for 100% of any amount you lose, provided you followed the security measures provided by the Bank. It’s guaranteed¹ and it’s free! You can bank online securely and with confidence thanks to our Peace of Mind Guarantee, which protects your interests.

Our detection systems and advanced techniques run day and night, so that action can be taken quickly if a suspicious or unusual situation is detected.

A security and fraud prevention team works tirelessly to protect your electronic transactions and establish anti-fraud systems and techniques.

Deployment of robust fraud-prevention measures, such as Enhanced Security, protecting you from possible fraud attempts

At National Bank, we have always made it a priority to protect your personal information.

As part of our ongoing efforts to ensure that your rights are fully respected, we have developed confidentiality policies and procedures aimed at protecting your personal information. Our commitment to privacy is an integral part of our Code of Professional Conduct, to which all Bank employees must strictly adhere.

To learn more about our privacy practices, consult the details of our Confidentiality policies.

We also remind you to take the necessary steps to ensure that your equipment (personal computer, mobile phone, etc.) is secure when you are carrying out transactions on the Internet. Be sure to read useful tips in the Protect yourself from fraud section.

To enjoy the benefits of Internet Banking Solutions and the Peace of Mind Guarantee, you agree to follow the terms and conditions of the National Bank Agreement Governing the Use of Automated Services and Electronic Banking Solutions.

Understand it

The CEO wire transfer scam involves a fraudster impersonating a senior executive at your company and asking one of your employees to carry out a wire transfer for a large, urgent, and—most of all—confidential transaction. The fraudster may also use different identities (e.g., lawyer, notary) in order to make the transaction seem more legitimate.

Recognize it

Indicators of a CEO wire transfer scam:

• The wire transfer request is urgent and/or confidential.
• The transfer has to be completed the same day (e.g., before 3 p.m.).
• The wire transfer request is received towards the end of a regular workweek.
• The beneficiary of the wire transfer is a company that you have never done business with.

Being vigilant will help attempted fraud to be quickly detected. Some preventive measures:

• Implement an internal procedure for handling requests with similar indicators to those above.
• Establish verification, validation in person, and multiple signatory procedures for wire transfers.
• Pay special attention during vacation periods; companies tend to receive more fraudulent emails during these times.

If you have been or suspect you have been a victim of fraud, contact us as soon as possible at 514 394-5555 or toll free at 1 888 835-6281.

Understand it

Phishing is a technique where dishonest individuals send out e-mails to try to obtain personal information about people.

Phishing scams can also be sent via text message; such scams are known as SMS phishing or smishing. The same recommendations apply as for e-mail phishing.

Recognize it

Users of online commercial sites, payment organization sites and financial institution sites may all be the target of this practice. The messages contained in scam e-mail look like they originate from recognized sources. Moreover, the websites used by phishers are generally very good at imitating legitimate sites whose logos users readily recognize.

Want to know more about phishing? Visit the E-mail Fraud/Phishing section of the Canadian Bankers Association website.

Understand it

Malware means a program or software designed to enable unauthorized persons to access a system to disrupt its operations or to change or steal data.

Recognize it

Malware can be difficult to detect, as it generally does not appear on the list of installed programs. It can be installed inadvertently and cause damage without our knowledge, as it is similar in appearance to pages we are used to viewing. It can be installed inadvertently by downloading certain free software in which it resides, by visiting certain websites or via peer-to-peer file-sharing.

You may have malware on your system if:

• Your equipment is performing more slowly than usual or seems less responsive.
• You are automatically redirected to a page whose address you did not enter into your browser.
• You are constantly bombarded with pop-up advertisements.
• A new page suddenly appears, asking you to provide personal or financial information for authentication, which is not normally the case. You may also notice a suspicious or unusual formulation in the new request.
• New tools or icons suddenly appear in your Internet browser, or the settings for your homepage change.
• Your equipment crashes or freezes more frequently.

For a mobile device, you may notice unusual text messages or a sudden drop in the lifespan of your battery

Malware is practically invisible and can be reactivated at any time. To prevent any problems:

• Avoid downloading any documents or applications from unfamiliar or suspicious sources.
• Only do business with trusted sites. You should contact the provider if, while visiting a trusted website, you encounter a new situation or notice changes in your usual procedures, without having received any prior notice of such change. You should also contact the provider if you are asked unusual or strange questions. Also, you should immediately contact one of our representatives at 514 394-5555 or at 1-888-835-6281 if you notice anything abnormal while using our Electronic Banking Solutions. If you have any doubts whatsoever, you should never hesitate: prevention truly is better than cure, so you should always be on the lookout!
• Install anti-virus and anti-spyware software.
  
• Install a firewall.
  
• Run the automatic update and clean up features of your computer.
• Regularly verify bills from your telecommunications supplier to detect any unusual activity.

Understand it

Identity theft is on the rise. Unlike other types of fraud, identity theft can occur whenever a criminal gains access to a person’s means of identification, regardless of whether the victim is aware of that access. This information could be obtained if the victim's wallet is stolen or by using malware to unlawfully capture information on a computer, smartphone, or another device.

Recognize it

You stop receiving certain account statements in the mail.

You now have trouble accessing credit.

You receive bills for purchases you didn’t make.

You receive visits or calls from collection agencies demanding payments from you.

Choose your password carefully

Try to choose a password that will be easy for you to remember, but hard for anyone else to guess. 

Choose a password for the sole purpose of banking online

To change your password, simply go to the Profile section of Internet Banking Solutions or Mobile Banking Solutions while you are logged in.

Avoid choosing a password based on personal information

Avoid using your first or last name, the names of your spouse or children, your date of birth, social insurance number, phone number, licence plate, name of a sports team, bank access codes, etc. Although easier to memorize, these passwords are more likely to be discovered by malicious individuals.

Do not write your password down

If you absolutely have to, write it in such a way that only you will be able to recognize it, and keep it in a safe place.

Do not save your password on your equipment

Never tell anyone your password

This rule applies even to members of your family and anyone claiming to be a National Bank employee.

Remember, your password is like the key to your house. You must take all the necessary precautions to prevent it from falling into someone else's hands.

Forget your password?

If you can’t remember your password and you didn’t provide answers to the secret questions, call one of our Customer Service Representatives at 1-888-835-6281 or 514-394-5555.

The representative will assign you a temporary password so that you can access Internet Banking Solutions. You must then choose a new secure password in order to continue.

Secret questions - Internet Banking Solutions

By answering the secret questions when you create your password (or by accessing the Profile section of Internet Banking Solutions), you can still access your account on your own, even if you forget your password.

If this happens, simply click on I forgot my password on the Internet Banking Solutions login page and correctly answer the questions. The system will then allow you to choose a new password so you can access the site.

If you can’t remember the answers to your secret questions, you can contact one of our Customer Service Representatives by calling 1-888-835-6281 or 514-394-5555.

If you can’t remember the answers to your secret questions, you can contact one of our Customer Service Representatives. As a security measure, the I forgot my password function is not available via Mobile Banking Solutions. You can contact our Customer Service Department at 1-888-835-6281 or 514-394-5555 to obtain a new password.

Note that you can change your secret questions or their answers at any time by accessing the Profile section of Internet Banking Solutions.

It is very important to clear the cache of your browser to safeguard the confidentiality of your financial information and improve your Internet browser’s performance.

We recommend that you clear your browser cache each time you log out of Internet Banking Solutions. This is particularly important if the computer you use for your transactions is shared with other users, especially in public places, such as Internet cafes, public libraries, etc.

Downloading available updates for your browser and operating system will make sure your Web-browsing experience is secure, as you will benefit from patches, which improve your software’s effectiveness at protecting you from a variety of common threats and security vulnerabilities.

Change your wireless network’s default settings to create an identifier and password that would be difficult for criminals to guess.

Choose 128-bit encryption to ensure your network is sufficiently protected from possible intrusions.

Choose a strong encryption protocol, such as WPA or WPA2, that will adequately protect your network against possible intrusions.

Using a public Wi-Fi network

If possible, use your mobile device’s 3G network, rather than a public Wi-Fi network.

Do not remain connected to the Internet unnecessarily.

Never leave information displayed on your screen if you leave your computer, and do not leave your equipment unattended. Always lock your computer or mobile device when it is unattended.

Don’t download or install freeware, shareware or demo software from an unknown source or questionable site. Only use authorized and official applications from recognized suppliers on your mobile device; the operating system must be legitimate and must not be altered (it must not be jailbroken, rooted or pirated).

Never run an executable (.exe) file received by e-mail unless it is from a known and trusted source.

Be careful what you throw in the recycling bin. Shred all documents that contain your financial information, such as statements, credit card offers, receipts or insurance forms, to prevent identity theft.

Update your contact information

Verify the e-mail address entered in your online banking profile and make sure it is up to date. Transaction confirmations will be sent to this address.

Verify the recipient's information

You are responsible for verifying that the recipient's e-mail address or cell phone number entered for the transfer is correct. Always double-check this information before submitting the transaction.

National Bank recommends that you contact the recipient to inform him or her of your intentions to transfer funds.

Choose a good security question

The security question is an additional security measure used to authenticate the recipient. It is therefore important to select an appropriate question. Choose a question that only you and the recipient know the answer to. Do not choose a question with an obvious answer that could be easily guessed by a malicious person.

Examples of poor security questions:

What colour is the sky?

How many fingers do you have?

Transmit the security answer safely

Call the recipient or speak to him or her in person to communicate the security answer. Do not leave the recipient a voice message that includes the security answer.

Never send the security answer by e-mail.

Do not indicate the security answer in the transfer message.

For example: Do not write, "Hi Diana, here is the $500 transfer as agreed. The security answer is X8T30987."

Secure your workstation

Your workstation must be protected against malware. For more information, please consult the "Protect yourself from fraud" section.

Protect the recipient's personal information

Never leave the information displayed on your screen if you leave your computer. Always lock your computer when it is unattended, and never print out the page containing your recipients' personal information.

Be vigilant

If you receive an e-mail confirmation for a transaction you did not initiate, call our Customer Service immediately at 514-394-5555 or 1-888-835-6281.

Be careful when receiving transfers

Watch out for fraudulent e-mails and text messages (phishing).

If you receive an e-mail or a text message stating that someone wants to transfer funds to you, but:

• You do not know the sender
• You were not expecting the funds

Never click on a hyperlink contained in such an e-mail or text message. It could be a fraudulent e-mail or text message (phishing) and may contain a virus that could compromise your browser or allow malicious persons to remotely control your computer.

Protect the required security answer

Never enter the security answer provided by the sender in your computer or mobile device (in a Word or Notepad document, spreadsheet, etc.) or leave it on a note near your computer.

We strongly recommend* that you install appropriate security software on your equipment. Note that it is also very important to update this software regularly. Software that is not kept up to date will be unable to recognize the most recent viruses and other threats.

Updates from software manufacturers should be applied regularly, especially when a vulnerability is publicized in the media. In particular, we strongly recommend* that you install the security patches for the software you use.

External resources*

CBA

Equifax

Transunion

Internal resources

SECURIZONE^®

No one wants to deal with the hassle associated with online fraud. If, however, such a situation does occur, National Bank puts a set of tools and a team of fraud prevention and security experts at your disposal to guide you and help you quickly resume your normal banking activities.

Steps to take if you think you have been a victim of online fraud

1. Contact our security center

Immediately contact TelNat Customer Service (open 6 a.m. to midnight, 7 days a week.) at 514 394-5555
or 1-888-835-6281.

If you receive a scam e-mail, do not click on any hyperlinks. Forward it to us by e-mail at telnat.securite@bnc.ca

2. Report the fraud to the following other parties as well:

• Équifax
• Trans Union
• Sûreté du Québec
• Any other financial institutions or credit card issuers you do business with Government authorities (if you have been the victim of identity theft involving information such as your social insurance number, driver’s licence, etc.) such as info@antifraudcentre.ca

3. Visit your branch in order to:

obtain a new Client Card, sign the forms needed to initiate the investigation process and obtain a reimbursement for any funds lost.

4. Before resuming your normal activities on Internet Banking Solutions:

• Install or update security software on your computer
• Clean up the computer or computers you use
• Download all updates required for your operating system
• Learn about good practices for safely doing business online

5. Next, log in to Internet Banking Solutions (as a security measure, this operation cannot be carried out via Mobile Banking Solutions):

• Have your new Client Card on hand
• Click on my card has been changed on the login page
• Complete the form and follow the steps on screen
• When you once again have access to your banking records:
• If applicable, be sure to change any post-dated payments that you saved before the fraud incident, as they will have been interrupted when your Client Card was cancelled.

¹ The Internet Banking Solutions Peace of Mind Guarantee applies to clients who, upon checking, discover that they have been victims of fraud and agree to cooperate in the investigation into this fraud. This Guarantee applies only to unauthorized transactions carried out through Internet Banking Solutions and covers only the amounts lost as a direct result of those transactions.

^TMTrademark of Interac Inc.

* We were not involved in developing the content of these sites and bring them to your attention solely for the purpose of illustrating the various options on the market. It is therefore your responsibility to evaluate the applicability of the information on these sites based on your computing environment. We assume no responsibility in this regard or with respect to the content of these sites.

^®SECURIZONE is a registered trademark of National Bank of Canada used by NBC Assistance Inc.