Tel: 01904 676633
Security Overview
The Members Area utilises several layers of technology to ensure the confidentiality and integrity of its transactions across the Internet. SSL Protocol (Secure Sockets Layer) ensures that data cannot be read by other computers as it travels between your browser and our server. Digital Certificates allow you to verify that your browser is communicating with our server and not another server posing as our server. Member Numbers, PINs (Personal Identification Numbers), your date of birth and other personal details are also used to verify your identity. In order to provide a banking service on the Internet, it is necessary for information to securely pass between your computer and our server.
Security Definitions
Your Browser - As secure encryption advances, browsers need to be updated to avail of the most up-to-date improvements in secure communications. We recommend that you use an up to date browser. At the very least we recommend that you use Internet Explorer, Google Chrome, Firefox, Opera or Safari
Cookies - A cookie is a piece of information that our server gives to your browser once your browser has established a secure session. The cookie basically tells our system that a secure session has already been established with your computer. Without the cookie data, you would have to login every time your browser requested any information from our server. When you click the Logout button to leave the Members Area, the cookie data is deleted from the system thus breaking the link between your PC and our server. Clicking on the Logout button ensures that you securely terminate the service.
Caching - Caching is temporarily storing of information either in your computer's memory or its hard drive. When you view a page on the Internet, your browser may keep a copy of that information locally. This can be very useful for quickly retrieving pages that you have visited previously. However it may cause problems when the website has been changed, in which case you could be viewing out-of-date or even incorrect information. Your cache can be cleared.
Frequently Asked Questions
How do I know my account details and other information is kept private?
When your browser and our server are establishing a secure session they will exchange a secret code. This code is commonly called a session key. This session key is used to encrypt all the data as it passes through the Internet including your account details, transactions and loan applications. The information is decrypted only when it reaches your browser.
How do I know that the information sent by the server is accurate and has not been changed en route?
It is important that you know your information has not been tampered with as it travels across the Internet. Part of SSL Protocol involves using a Message Authentication Code (MAC). If a message is tampered with in transit then your browser will not accept the message.
How do I know my member number and PIN are kept private?
When your browser and our server are establishing a secure session they will exchange a secret code. This code is commonly called a session key. This session key is used to encrypt (scramble) all the data that passes between the two computers. Only your browser and our server will have the session key that can decrypt (unscramble) your information.
Member Responsibility
In order to securely use our service, you should always:
- Ensure that you connect to the correct web address.
- Ensure that your browser indicates a secure session.
- Ensure that you click the Logout button when you have finished.
- Keep your Member Number and Personal Identification Number (PIN) secret.
- Take care of your information once it has been delivered to your browser.
The Correct Web Address
Ensure that the site address you connect to is correct. The legitimate website address to log into the members area will start with https://. If your address bar displays http without the s your session will not be secure.
Secondly, you must ensure that your browser is indicating a Secure Session. The Digital Certificate that our server sends to your browser will allow your browser to uniquely identify our website. Your browser will warn you if the Digital Certificate is incorrect.
WARNING! - Only proceed if the address is correct and your session is secure.
A Secure Session
Different browsers have different ways of indicating that the session is secure and you should consult the documentation or help files on your browser. The links below give details for the most popular browsers.
Secure Websites in Internet Explorer
Secure Websites in Google Chrome
Log Out
Always finish your session by pressing the Logout Button. This will ensure that your session with our server has terminated securely.
Strong Customer Authentication (SCA)
In September 2019 changes were made to Online Banking for compliance with European banking regulations - Payment Services Directive 2 (PSD2). These regulations bring additional safety and security to your online banking.
These changes were introduced in order to protect consumers from increased instances of online fraud. This additional security is known as Strong Customer Authentication (SCA) and was introduced in both our browser-based services and Mobile App.
Mobile phone number
It is important that the mobile phone number that we have registered for your account is correct. To view the number registered to you, log in to Online Banking and click the Personal Settings option. If any details are incorrect please contact the Credit Union.Strong Customer Authentication (SCA)
The following actions require SCA:
1. Logging in to your Online Banking
2. Setting up new payees
3. Viewing transactions older than 90 days
4. Viewing e-Statements
5. Viewing Documents older than 90 days
As part of these improved security measures you will logon as normal but you may be required to provide additional authentication via your phone.
Security Advice
When we communicate with you we will never ask you for your card number or PIN and we will never advise you to transfer money out of your account. Should you encounter any of the above requests you should report it to your Credit Union immediately.
Smishing
What is Smishing?
The word "Smishing" is a combination of the two words SMS and Phishing.
It is an attempt to convince mobile phone users to follow a malicious link or to call a number for the purposes obtaining the user’s personal information or security details or banking information with the ultimate objective of defrauding the end user.
The SMS message may appear to come from a valid and reputable organisation such as the user’s Credit Union or bank or a utility provider.
Typically, the user will be asked to click on a link which is likely to bring the user to a fake website masquerading as the genuine website of an organisation. The user is then likely to be asked to provide sensitive personal, security or banking details which the attackers will use to defraud the user.
In an attempt to encourage the user to follow the malicious instructions, the attackers may inject a sense of urgency into the message by claiming that some action is needed to prevent an account being closed or other similar consequences.
How do I avoid being a victim of Smishing?
- Exercise caution with unexpected messages that appear to come from your Credit Union or bank or utility company.
- Your Credit Union or bank will never ask you for your username, password, PIN or account number in a message. Never respond to a message with this information.
- You can verify the authenticity of a message by phoning your Credit Union or bank directly. However, do not trust any number provided in a message. Use a number you already know or look it up online.
- Do not be misled by claims that urgent action is need to avoid some dire consequences.
- Be cautious about clicking on any links in a message or calling any number in a message.
- If you think you have provided your Credit Union details in response to a Smishing message, you should contact your Credit Union immediately.