Privacy and Security: Staying Safe on the Internet

The CWBdirect^® site ensures that your personal and financial information is handled with care. Any personal or transactional information transmitted between you and our Internet banking system is secure and cannot be read by anyone else. While using the CWBdirect^® site the integrity of your account information is guaranteed. Transactions from your computer to our system are received without alteration. From a technical point of view a process called encryption is used to achieve security.

How Is Security Achieved?

Access to our services, financial systems, and databases is strictly managed. Technological and procedural systems are in place to ensure security is not breached. This includes physically securing all of our computer hardware and telecommunications systems. All data is transported using encrypted channels.

What is encryption and how does it work?

Encryption is the process of scrambling data into an unreadable format. It is more secure to transmit encrypted data over the Internet. In the case of the CWBdirect^® site, data is sent by your browser through an encrypted channel to our secure systems where the message is safely received.

Some browsers can create a more secure channel than others, owing to the ‘strength’ of their encryption. To safeguard your personal and financial information, we only use the strongest channel available–referred to as 128–bit SSL or Secure Socket Layer. If you have a browser that only supports ‘weaker’ encryption such as 40–bit or 56–bit SSL, you will need to upgrade your browser before using our site.

What is the difference between 40– and 128–bit encryption?

Encryption and decryption is accomplished using a complex mathematical formula called an algorithm. An encrypted message cannot be read unless you have the formula or ‘key’ to unscramble the message. The longer and more complex the ‘key’ is, the stronger the encryption. The 40 and 128 refer to the length of the key. Since 128 is longer, than 40, it is more secure.

But don’t let the relatively small difference in the size of the key fool you. According to Netscape, 128–bit encryption is trillions of times stronger than 40–bit encryption.

Protect your Personal Access Code (PAC)

Just as you play a vital role in ensuring the security of your home and your possessions, you too share in the responsibility for ensuring that your personal information is adequately protected.

In order for us to ensure that only you are accessing your accounts, we need a unique way of knowing that it's you. Just as the key to your home protects unwanted entry, the online banking "key"—your Personal Access Code (PAC)—ensures that only you can access your accounts.

It is your responsibility to ensure that your "key" to the CWBdirect^® site is protected. Please observe the following security practices:

Select a PAC that is easy for you to remember but difficult for others to guess.
Do not select a PAC that is easy to guess (such as 12345) or is based on personal information (avoid your birth date, address, phone number, social insurance number, or similar information about your family or friends). Otherwise, someone who knows you can easily guess your password.
Do not select a part of your PIN (your ATM "key") or another password.
Keep your PAC confidential.
Do not write your PAC down or store it in a file on your computer.
Never disclose your PAC in a voice or e-mail, and do not disclose it over the phone, especially cellular phones.
Do not share your PAC with anyone else.
Do not permit anyone to observe you typing in your PAC.
Change your PAC on a regular basis. We suggest every 90–120 days.
Contact your branch immediately if you suspect someone has gained knowledge of your PAC.
Contact your branch immediately if you believe there are errors or omissions in your account.
Contact your branch immediately if you become aware of any loss, theft, misuse, or unauthorized use.

Protect The Information On Your Computer

While we have provided a secure channel for our Customers to communicate with us, once the information has reached your computer, it's up to you to protect it. To protect your information, you should:

Never leave your computer unattended while using our online banking services.
Always exit the CWBdirect^® site using the Logout button and close your browser if you step away from your computer. Your browser may retain information you entered in the login screen and elsewhere until you exit the browser.
Prevent the browser from caching (storing) the pages that you view by using the Enhanced Security feature located on the Login screen. We strongly recommend that you use this feature if you are accessing the CWBdirect^® site from a shared computer, such as at a friends house or through a publicly-accessible computer, such as at a library or airport.
Secure or erase files stored on your computer by your browser so others cannot read them. Most browsers store information in non-protected (unencrypted) files in the browser's cache to improve performance. These files remain there until erased. Using standard computer utilities or by using your browser feature to "empty" the cache, these files can be erased.
Disable automatic password-save features in the browsers and software you use to access the Internet.
Install and use a quality anti-virus program. As new viruses are created each and every day, be sure to update your anti-virus program often.
Install and use a personal firewall on your computer to ensure others cannot access your computer through the Internet.
Install new security patches, as soon as your operating system and Internet browser manufacturers make them available.

To learn more about browser security, please visit the Netscape and Microsoft web sites. To ensure a safe and secure Internet session, only visit reputable sites. If you visit any questionable web site before CWBdirect^®, we recommend you close your browser and restart it before proceeding to CWBdirect^®.

How Have We Met Our Responsibilities?

We ensure your personal and financial information is protected within our CWBdirect^® banking service, financial systems, and databases.

We ensure your personal and financial information is protected while in transit between your computer and our server through the use of industry standard security techniques which include Secure Socket Layers (SSL) and encryption.

Encryption ensures that information in transit between your computer and our server cannot be read (private and confidential) or changed (integrity).

We ensure that only individuals who provide the correct PAC can access your account information.

For more information on the specific policies and practices that we use to safeguard your personal and financial information, please click here to view our Privacy Statement.

How To Avoid E-Mail Fraud

While banks and law enforcement take extensive steps to protect people, there are some simple steps Canadians can take to protect themselves:

Be skeptical of any unsolicited e-mail asking you to provide personal information, no matter how legitimate it looks. If you are unsure, contact the company it purportedly comes from: but make sure you use a phone number, e-mail address or website address that you know is legitimate. Do not use the ones provided in the e-mail.
Never send personal and/or financial information by e-mail.
Always enter your bank's website using the website address (URL) that you know is accurate. Contact your local bank to get the correct website address if you're unsure.
Fraudulent e-mails are not personalized and, instead, are addressed in general terms, such as "Dear valued customer".
Check the domain name shown as the link in the e-mail. When you click the link, if it does not match the name that appears in the browser at the top of the screen, then it may be a fraudulent website.
If you receive an e-mail notifying you that an e-mail money transfer is being sent from a person you don't know, delete the e-mail as it is likely fraudulent.
Be aware of social engineering. Normally appearing as an email from a major financial institution, the message explains that your account information needs to be verified and directs you to visit the website listed in the email. This website may look identical to your financial institution's website and will prompt you to enter your account information. These emails and websites are likely fraudulent and will compromise your account.
PLEASE NOTE: Canadian Western Bank, or any credible financial institution, will not send requests for account information via email. If any problems with your account arise, you will be contacted by a bank representative personally. If you receive an email, seemingly from Canadian Western Bank, and wish to verify its source, please contact your branch by phone or in-person.
Make sure your home computer is protected by installing anti-spam, anti-spyware and anti-virus software and personal firewalls, and keep these up-to-date. Also check for operating system patches and upgrades on a regular basis.
Regularly review your bank and credit card statements and immediately report any unauthorized transactions to your financial institution. Also check your credit report at least once a year by contacting credit reporting agencies Equifax Canada or TransUnion Canada.
If you suspect you have received a suspicious email pretending to be from Canadian Western Bank (CWB), CWB Group or Canadian Direct Financial, and that asks you to follow a provided URL or link to a website, please report the email by forwarding it to phishing@cwbank.com. Once you have reported the phishing email, delete it without replying or clicking on any of the links provided in the email.

Why must I have these security features on my online bank account?

These new security features were developed in response to a growing amount of online bank fraud experienced by all financial institutions. By adding these new security features, it will be more difficult for someone to steal your account information through a process called "phishing".

"Phishing" is the creation of e-mails and websites that replicate existing, genuine websites and businesses. These sites try to lead you to believe that the requests for information are coming from a legitimate source, thereby scamming you into providing personal, confidential information that can then be used to commit other crimes.

Please remember that CWB will never contact you to confirm any of your existing passwords, account numbers, or personal information via phone or email. Once you have set up your new questions, you will never be asked to confirm these choices via phone or email.

How do I set up these security features?

When you log into online banking, the process will involve selecting security questions and providing answers. Follow the on-screen instructions to choose your questions and answers . Be sure to pick options you will remember.

If you are configuring a joint account. choose questions and answers that are known to the individuals sharing the account.

At the end of this process, you will be asked to register your computer as a "trusted" computer. While you can designate more than one computer as a "trusted computer", we recommend you register computers where you are the sole user (e.g. your home PC or personal work PC).

Can I change my security questions and answers?

Yes, at any point you can edit these features and it is a good idea to do so on a regular basis. The purpose of changing your PAC is to help protect your personal banking information from being fraudulently retrieved.

While we highly recommend you regularly change your PAC, you will not be prompted or required to do so.

To change these security features, click "My Profile" at the top of the screen after logging into online banking. On the left hand side choose to change your PAC or security questions. There is no limit to how often you can change this information.

If you are configuring a joint account, choose questions and answers that are known to all of the individuals sharing the account.

Can the joint account holder have different answers than mine for the security questions?

No. The joint account holders will be logging in to the same account, so you cannot have different questions and answers. You need to choose security questions and answers that are known to all the individuals sharing the account.

If I don't remember my security questions or answers, how do I reset them?

In order to reset your security questions, simply visit a CWB branch and ask one of our representatives to reset the questions.

Is resetting my security questions the same thing as resetting my PAC?

No, if you are locked out of online banking because you have failed to enter your PAC correctly, you are not locked out indefinitely. Wait until the next business day and your PAC will automatically unlock. If you have forgotten your PAC, you will need to visit your branch to have it reset.

If you remember your PAC but have forgotten the answers to your security questions, your security questions will never unlock automatically. To unlock and reset your security questions, you will need to visit your branch. If you remember your security questions and answers, simply call your branch. Your online banking will be unlocked by the next business day. The next time you log in, you will be prompted with the same security questions and answers.

Is there a difference between "unlocking" and "resetting" my online banking?

Unlocking your online banking access is done when you have incorrectly entered your PAC or answers to your security questions three times and the system "locks" you out from trying again. If this happens and you believe you still know your PAC and/or the answers to the security questions, it is possible to have your security questions unlocked over the phone. Your PAC will automatically unlock the next business day.

You need to reset your online banking information when you have been locked out and do not remember your PAC and/or the answers to the security questions. In this situation you are required to visit your branch to reset your PAC and security questions.

Do I need to register my home computer?

No, you will never be required to register any computer. This security feature is for your protection and convenience. Registering your computer allows you to bypass answering a security question when you log into online banking from that computer.

Can I register more than one computer?

Yes, you will be able to register as many computers as you require. Remember that to best protect yourself, we recommend you only register a computer where you are the sole user (i.e. home computer). We do not recommend that you register computers that are shared, such as those found in libraries or shared work computers.

What if I register a public computer accidentally?

This can easily be fixed. When you register a computer, you place a "cookie" onto that computer. To deregister the computer, you simply need to clear the cookies using the following steps:

Click "Tools" on your browser
Select "Internet Options"
Select "Delete Cookies"

I do not access my online banking very often. How will these new security features affect me?

If you do not access your online banking very often, you should be aware that your security questions will only be active for 13 months. After 13 months of inactivity your Increased Authentication profile will be deleted and you will have to set up Increased Authentication again.

What are "cookies"?

A cookie is a small information token that sits on your computer. As you use the CWBdirect site, cookies are passed back and forth between our server and your browser. While cookies can be used for a variety of reasons, we only use cookies where they are of benefit to our customers.

Specifically, we use two kinds of cookies - session cookies and persistent cookies. A session cookie exists only for the length of your browsing session and is deleted when you close your browser. A persistent cookie is a cookie that stays on your computer after you close your browser. A persistent cookie may or may not expire on a given date.

We use a session cookie to maintain the integrity of your Internet banking session. With each page that you visit, the cookie is passed back and forth between our server and your browser. We use the cookie to distinguish your session from the many others that may be happening at the same time. Our session cookies never store any personal information, such as your name, or date of birth, or financial information, such as your accounts and balances.

Most recent browser versions allow the user to set some level of control over which cookies are accepted and how your browser uses them. Many browsers will allow you to accept cookies from only known, reliable sites that you select such as the CWBdirect site. If you are concerned about cookies, we encourage you to upgrade your browser to a recent version and review the Help section of your browser to learn more about it's specific control features.