Security Is Everyone's Resposibility

What We Are Doing To Protect Your Security

We take many precautions to protect the online banking environment and ensure your information is safe. Our online services offer you the best security available so that your personal and financial information is protected while in transit between your computer and our servers. This is done through the use of industry standard security methods such as encryption. Encryption scrambles data using a complex mathematical formula and ensures that information cannot be read in transit or changed. Some browsers can create a more secure channel than others, owing to the ‘strength’ of their encryption. We use only the strongest channel available.

We also ensure that only individuals who provide an authentic Personal Access Code (PAC) can access account information. To help you protect your information your online banking session will end automatically if there has been no activity for 15 minutes.

Access to our databases is strictly managed and systems are in place to ensure security is not breached, including the physical security of our online banking server hardware and communications.

More on Fraud Prevention and External Resources.

Phishing and Brute Force Attacks

Update:  June 6, 2020

Our staff and members have been receiving emails indicating that their Autodeposit will expire in a week.  We would like you to know that this is a legitimate email from INTERAC.

Does Autodeposit registration expire?  Yes. Autodeposit registration will expire if you have not received any transfers for 12 months.

Members will receive a reminder notification from Interac about 1 week before their Autodeposit registration expires. 

Please remeber that autodeposit is a secure way to receive e-transfers that removes any chance for transfers being intercepted through email.  Contact us with any questions.

:  December 20, 2018

Activating MemberDirect® Banking Alerts for your mobile device and email, see the October 4, 2018 Update below.

Phishing, occurs where people have inadvertently disclosed their login information, and Brute Force attacks leverage login enumeration with a range of passwords attempting to find a successful login match to gain access to an account.  

These cyber-frauds often gain advantage by the opening email attachments that from unknown sources.  If you are not expecting mail or recognize the sender it is most prudent not to open any attachments or click on links.

Choose a strong password by using a short phrase, or adding special characters and numbers.  Update passwords often.

If you suspect fraudulent activity in your account through online banking, contact us at 250-837-6291 immediately, or MemberDirect, when our office is closed, at 1-888-889-7878, option 2.

MemberDirect® Alerts

Update:  October 4, 2018

We are excited to announce that MemberDirect® Banking Alerts is now available for all Online Banking users!
In Direct Banking Alerts, MemberDirect® Services detects events that occur within online banking and sends alerts to the member. For example, the member can choose to receive an alert when a new bill payee is added in online banking, or when a new eTransfer recipient is added!

To activate this free service, log in to your online banking account and select MemberDirect Banking Alerts from the column of headings on your left side.  From this stage, follow the instructions provided.  If you need assistance setting these alerts, please contact us to make an appointment and we will assist you in this.

If you suspect fraudulent activity in your account through online banking, contact us at 250-837-6291 immediately, or MemberDirect, when our office is closed, at 1-888-889-7878, option 2.

Increased Authentication

Update:  September 14, 2018

Your Challenge Questions will No Longer be asked with each login

We use increased authentication to verify your identity at the time of login. Increased authentication allows you to create challenge questions which only you would know the answers to. This ensures that you are the authorized person using MemberDirect online banking services.

As part of an initiative to improve member/customer experience and improve your security posture, by allowing a Risk Engine to determine when to ask our members/customers their challenge questions. 

Counter-intuitively, reducing how frequently we challenge members/customers actually improves security. Malicious actors trying to login to your Member account will need the challenge question answers, thus most malware work by recording the challenge question by removing the cookie used in the current static rule approach; the next time your Member logs in, they are asked the challenge question and the answer is successfully captured by the malicious actor. By moving to a smarter decision process on when to challenge, it will be harder for malicious actors to trigger a challenge event and thus harder for them to capture the answers.

Protecting Your Personal Access Code (PAC)

Just as you play a vital role in ensuring the security of your home and your possessions, you too share in the responsibility for ensuring that your personal information is adequately protected. In order for us to ensure that only you are accessing your accounts, we need a unique way of knowing that it's you. Just as the key to your home protects unwanted entry, the online banking Personal Access Code (PAC) and Increased Authentication challenge questions - ensures that only you can access your accounts.

It is your responsibility to ensure that your PAC and the answers to your challenge questions in the online section of this website are protected. Please observe the following security practices:

• Select a PAC that is easy for you to remember but difficult for others to guess. For example, never use obvious PACs such as 12345.
• When choosing a PAC do not select a part of your ATM card PIN or another password.
• Keep your PAC confidential and do not share it with anyone.
• Do not write your PAC down or store it in a file on your computer.
• Never disclose your PAC in an email message, and do not disclose it over the phone.
• Ensure no one observes you typing in your PAC at ATMs or Interac Direct Payment merchant terminals.
• Change your PAC on a regular basis. We suggest every 90–120 days.

• When selecting challenge questions, choose questions that only you would know the answer to.
• Keep the answers to your challenge questions confidential and do not share them with anyone.
• Do not write your challenge questions and answers down or store them in a file on your computer.
• Never disclose your challenge questions and answers in an email message, and do not disclose them over the phone.
• Ensure no one observes you typing your challenge question answers on a computer, tablet or other online banking devices.
• Change your challenge questions and answers on a regular basis. We suggest every 90–120 days.

Protecting Your Computer

We have provided a secure channel for our members to communicate with us. Once the information has reached your computer, it's up to you to protect it. To protect your information, you should:

• Never leave your computer unattended while using online banking services.
• Always exit the site using the Logout button and close your browser if you step away from your computer. Your browser may retain information you entered in the login screen and elsewhere until you close the browser.
• Secure or erase files stored on your computer by your browser so others cannot read them. Most browsers store information in non-protected (unencrypted) files in the browser's cache and temporary internet files to improve performance. These files remain there until erased. They can be erased using standard computer utilities or by using your browser feature to ‘empty’ the cache, or temporary internet files.
• Disable automatic password-save features in the browser and software you use to access the internet.
• Install and use quality anti-virus and anti-malware programs. New viruses and malware are created every day, so be sure to update your program definitions often. It is recommended you update anti-virus and malware definitions weekly. Scan all download files, programs, disks and attachments and only accept files and programs from a trusted source.
• Install and use a personal firewall on your computer to ensure others cannot access your computer through the internet.
• Install new security patches as soon as your operating system and internet browser manufacturers make them available.

Fraud: Recognize It. Report It. Stop It.

Electronic identity theft can occur when you respond to a fraudulent email that asks for your personal banking information. Armed with this information, a person may be able to access your accounts, establish credit, pay for items or borrow money using your name. You can help protect yourself from electronic identity theft by following some simple precautions.

• The easiest way to tell if an email is fraudulent is to bear in mind that we will never ask you for your personal passwords, personal information numbers or login information in an email.
• When banking online, check the address of any pages that ask you to enter personal account information. In the toolbar at the top of the page any legitimate Internet banking web site will begin with ‘https’ to indicate that the page is secure.
• Look for the padlock icon on your screen. If the page is legitimate, by clicking on the padlock, you can view the security certificate details for the site. A fraudulent site will not have these details.
• Open an Internet browser and type in our web address yourself to ensure you are transacting with our servers.
• Check your bank and credit card statements regularly to ensure that all transactions are legitimate.

Contact us immediately if you suspect someone has gained knowledge of your PAC, challenge questions and answers, or if you suspect any loss, theft or unauthorized use of your account.