Frequently Asked Questions

Overview

Enrolment

General Usage

Security

Heritage Mobile Banking


Overview

Why are you making these changes?

These new security features were designed to respond to the growing incidence of attempted online bank fraud experienced by all financial institutions.   Criminals understand the weakest point in any security system is the human element and use “Social Engineering” techniques, to manipulate people into divulging confidential information or performing some action.

The most common example of social engineering is “Phishing” where criminals send emails that appear to come from a legitimate source and directs you to log into a fraudulent website via an embedded link.  These fraudulent emails and websites are oftentimes very difficult to tell from legitimate emails and website and exist only to trick you into disclosing your personal, confidential information that can then be used to commit other crimes.

Our new security features will reduce the chances of unauthorized access to your account as well as reducing the chances of you being a victim of a phishing scam.

Back to Top


What will change?

When you log into Heritage Online Banking on or after September 4th, 2013, you will be prompted to select a security image and phrase, followed by selecting security questions and providing answers.  Set up of these new security features will be optional for the first 60 days. On November 4rd, 2013, it will become mandatory to select your security image, phrase and security questions.

At the end of the enrolment process, you will be given the option of registering your computer as a “Trusted” computer.   Heritage Online Banking will then remember this computer and every time you log in from a computer registered as “Trusted”, you will be presented with your chosen security image and phrase.   When you log into your bank accounts from computers that are not registered or “Untrusted” you will be required to answer one of your preselected security questions.

You should register your computer only if you are the owner of the computer (such as a home computer) or its sole user (such as a personal work computer).  Heritage Credit Union strongly recommends you do not register shared or public computers (such as those found in libraries, internet cafe's or shared work computers).

Our system will remember the registered computer and every time you log in from it, you will be presented with your chosen security image and phrase. When you log into your bank accounts from computers that are not registered (i.e.: at work, in a hotel, at an internet café, etc…), you will need to correctly answer the Challenge Questions you selected when you first enrolled in Increased Authentication.

Back to Top


How does it work?

When you register for Increased Authentication, you will be asked to;

  1. Select an image that will then be displayed to you on subsequent logins,
  2. Provide a personal security phrase that will also be displayed on subsequent logins,
  3. Choose three security questions and provide your unique answers.
  4. Optionally, register the computer you usually log in from as a “Trusted Computer”.

Next time you log in from your registered computer, you will see your image and phrase. If you don't, you'll know it's not the legitimate Heritage Online Banking site, and you should not proceed with your login.

If you are logging in from a computer that has not been registered to you as a “Trusted Computer” it will be considered an “Untrusted” computer and you will need to provide the correct answer to one of the security questions you chose during the enrollment process.  That way, we know it's really you.

Back to Top


Is there a cost to me for this enhancement?

Increased Authentication is provided as a free enhancement to our secure Heritage Online Banking services as part of our ongoing commitment to your privacy and security.

Back to Top


 Enrolment

Do I have to enroll for Increased Authentication?

Yes. In order to ensure the integrity and safety of our online banking service all members must enroll for Increased Authentication.  Enrollment will be optional during the 60 day transition period beginning September 4, 2013 and mandatory enrollment will begin November 4, 2013. If you wish to use Heritage Online Banking after November 4, 2013, you will need to be enrolled in Increased Authentication.

Back to Top


How do I enroll for Increased Authentication?

Setting up Increased Authentication is quick and easy. The enrolment process consists of;

  • Picking an image and phrase that you will recognize as your own when you log in.
  • Picking from a list of security questions and provide answers that are unique to you.

You'll be guided through the set up process when you log in to Heritage Online Banking.  After you enter your Personal Access Code, you will be automatically led to the enrolment page where you choose your image, caption, and security questions. After you log in and get to the enrolment page, follow these four steps.

  1. Select a security image from a series of images presented to you. You will have lots of choices.
  2. Enter a security phrase that you type in yourself. It can be short, but it should be something you recognize when you see it.The next time you log in to Online Banking, both the security image and caption will be displayed AFTER you enter your Membership  number, but BEFORE you enter your Personal Access Code (PAC). If the system doesn’t present both the security image and caption to you, you know you’re not on the official Heritage Online Banking website (or the site may be temporarily offline), and you should not enter your PAC.
  3. Select your three security questions and provide your unique answer to each question. Once enrolled, one of these questions would be presented to you if you are logging in to Online Banking from a computer that you haven’t registered as a "Trusted" computer. (See the following)
  4. You have the option of choosing whether to register the computer you are presently using by clicking the checkbox presented on the screen.  Ideally this would only be a computer you own or have sole use of.  Do not register a public computer or any other computer that you believe could be insecure. By selecting the checkbox, a “cookie” will be placed on your computer which Heritage Online Banking will recognize as a trusted computer, and you will not be asked one of the challenge questions when you log in.  When you login from unregistered computers we will consider them as "Untrusted" and you will need to correctly answer one of your security questions.

Please note: if you choose to delete browser cookies on a registered computer, the next time you log in, Heritage Online Banking will ask you one of your challenge questions. By re-registering the computer, you can again skip the question.

Back to Top


 I’m unable to move on to the next step within the registration process due to one of the following issues :

  • Unable to select a security image
  • Unable to enter a caption
  • Unable to select security questions
  • Unable to enter a response to the security questions

The information stored on temporary internet files may be interfering with the Increased Authentication feature. To resolve this issue, please complete the following steps:

  1. Follow the instructions for your browser,  Internet Explorer, Fire Fox, Mozilla, Safari etc  to delete your browsing history, cookies, temporary internet files, history of websites you’ve visited, form data and passwords.
  2. Close out all browsing sessions and then restart your browser and return to Online Banking and go through registration process.

Back to Top


General Usage Questions

How do I log in if I’ve registered my computer?

You log in very much like you did before. The banking login page is in the same place you usually find it. Your Membership number and Personal Access Code stay the same. However, the login takes place on two screens, not one.

  1. At the login page, enter your Membership number like you usually do, and click Login. (There’s no place to enter your Personal Access Code; that comes later.) When you enter your Membership number, the banking system verifies that your computer registration matches your Membership number, and sends you to the next screen.
  2. At the next screen, you need to look at the picture and caption. It MUST be the picture and caption that you chose. If the picture and caption is correct, enter your Personal Access Code and click Login. If either the picture or the caption is incorrect, do not proceed or enter your Personal Access Code.  Close your browser and contact your branch for further instructions.

Back to Top


How do I log in if I’m NOT at my registered computer?

The banking login page is in the same place you usually find it. Your Membership number and Personal Access Code stay the same. Because you’re not at your registered computer, there’s an extra step to take.

  1. At the login page, enter your Membership number like you usually do, and click Login. (There’s no place to enter your Personal Access Code; that comes later.)
  2. The banking system will present one of your challenge questions which you will have to answer correctly.
  3. At the next screen, you need to look at the picture and caption. It MUST be the picture and caption that you chose. If it is not, DO NOT proceed. If the picture and caption is correct, enter your Personal Access Code and click Login.

Back to Top


Will I be able to log in to Heritage Online Banking from different computers?

Yes, you can log in from computers you haven’t registered. As always, it’s important to use computers that you trust, such as a home computer, a computer at work or your smart phone. In order to keep security levels high, the banking system will ask you one of your challenge questions to verify that it’s really you at the unregistered computer.

Only after that will the banking system show you the security image and phrase that you’ve chosen. When you recognize your picture and phrase you can then enter your Personal Access Code and proceed to online banking. It’s important to see the security image and phrase. If you don’t see it, DO NOT enter your PAC, because the website is not the official Online Banking website.

Back to Top


Does my Membership login and Personal Access Code (PAC) change?

No. Increased Authentication adds security features, but does not change your Membership login or your Personal Access Code.

Back to Top


Can I change my security settings?

Yes. You can change your image, phrase, and security questions at any time. After you’ve logged in to Heritage Online Banking, you can select My Profile from the top menu bar and then make your selection from the left-hand menu.

Although we recommend that you update your image and phrase frequently, we will never contact you by email to confirm or change your image, phrase, or security questions.

Back to Top


Can I upload my own image?

No, but we do have over 40,000 images for you to choose from.

Back to Top


What if I forget my image and phrase?

If you forget your image or phrase, please call your local branch and we will reset it.   

Back to Top


What are the technical requirements for using Increased Authentication?

To log in to Heritage Online Banking, you'll need to enable JavaScript. View all of our Heritage Online Banking requirements including supported browsers and hardware configurations in our Browser Requirements section.

Back to Top


 Security

What if the image and phrase displayed on the login page aren’t mine?

After you enter your Membership number and proceed to the login page, if the image and phrase displayed are not yours, do not enter your Personal Access Code. Please close your browser and contact your local branch.

Back to Top


What exactly is Increased Authentication?

Increased Authentication adds Two-Factor, Two-Way Authentication security features to Heritage Online Banking. Two-factor means it authenticates each user based on a password and the specific computer used and Two-way because it authenticates the site to you with a PassMark™; a unique image and security phrase combination you've chosen to have displayed to you each time you log into Heritage Online Banking.

Increased Authentication is an enhanced security feature that has become part of your Online Banking login process and has three parts:

  • A picture you choose,
  • A security phrase you make up,
  • Three challenge questions.

After you enroll for Increased Authentication, you will see your personalized Passmark™ each time you log into Heritage Online Banking which will assure you that you are logging into the genuine Heritage Online Banking.

If you are accessing Heritage Online Banking from a computer that has not been registered as one you usually use, we will consider that computer "Untrusted" and you will need to correctly answer one of your security questions as a way of providing a further defense against unauthorized access to your accounts. 

Back to Top


How is Increased Authentication more secure?

Increased Authentication requires three levels of security before allowing login – two items, your Membership number and either a challenge question or a computer registration, are required before the banking system will respond with your security image and phrase.  These are additional levels of defense against password scams and the type of fraud known as phishing, where thieves impersonate well-known companies to gain your personal information and then use this information to get into your banking accounts.

 After that, the last piece of identity is the Personal Access Code you have chosen for your account. This process makes it very difficult for online thieves to (a) steal your password information or (b) trick you into entering your information on a phishing site.

While Increased Authentication will help to better protect the privacy and security of your personal information, there are additional security steps that you should follow:

  • Check the web address. Make sure that the web link is https://www.heritagecu.ca and contains “https” with the “s” in it. To ensure that you are not on a fraudulent website, type the website address directly into your browser or use your personal bookmarks instead of clicking links from emails.
  • Heritage Credit Union will never send you an email with instructions to click a link to access our website. Therefore, if you receive an email appearing to come from Heritage Credit Union asking you to click a link and enter your password, you can conclude that the email is phishing, and doesn’t come from Heritage Credit Union. As always, contact your local branch to verify anything you are not sure about.
  • Educate yourself about online security and fraud.  See our links to resources that are valuable sources of information.

Back to Top


What is Phishing?

Phishing is a term to describe the criminal actions of fraudsters to trick people into revealing their personal information and passwords by creating fake websites that look very much like the sites of legitimate financial institutions. They send out random emails with links to these fake websites. Once there, you enter your Membership number and Personal Access Code on their site, and they use this information to later log in to your account. This type of fraud, known as phishing, depends on you mistaking their site for the real one. Because Increased Authentication shows you a picture and phrase that only you know, a phishing site can’t trick you into entering your Personal Access Code. If you don’t see the picture and phrase, you don’t enter your PAC. And the phishing fraudsters never learn your password.

Back to Top


Where can I find out more information to protect myself online?

There are many good resources online to educate yourself against all types of fraud.  Our favourites are as follows;

Back to Top


Heritage Mobile Banking

Will this protect me while I use Heritage Mobile Banking?

Increased Authentication will also protect you while you use Heritage Mobile Banking but you will FIRST need to go to our website from a PC and set up the Increased Authentication.
Once you have set it up you will be able to use Heritage Mobile Banking as before. When you access your account using Heritage Mobile Banking for the first time after Increased Authentication has been implemented on September 4, 2013 you will receive a message prompting you to go to our main website to sign up for Increased Authentication and to register your mobile device as a "trusted" device.

Back to Top