Security you can count on

Our digital banking platform is designed to make accessing and managing your finances convenient and secure.

We go to great lengths to safeguard your personal information, but there are important measures you should take to protect yourself when you bank online. Additional precautions like strong passwords, safe browsing (not using search engines to go to your online banking page, for example) and regularly monitoring your accounts. Let’s work together to protect your account and keep your money safe.

ACU dedicates considerable resources and efforts to protecting the security of your account information. We ensure your account integrity in the following ways:

• Every ACU employee is required to undergo annual privacy compliance testing and pass a test. Our training reinforces the importance we place on member information confidentiality and security.
• A series of firewalls prevent unauthorized access to our internal systems. As data comes to us over the internet from your device, it goes through a series of safety checkpoints so that only authorized messages and transactions enter our systems.
• We physically secure our internal servers, telecommunications systems and service centres, so your personal and financial information is protected physically as well as digitally.
• The password you use for online and mobile banking, as well as the Personal Identification Number (PIN) for your debit card, are inaccessible to us and we will never ask you to reveal them. Our online banking system uses two-factor authentication, a security feature that sends unique one-time passcodes for certain secure activities — things like adding bill payees, updating your contact information and resetting passwords.
• We will only exchange information with you through our secure email portal and the secure messaging service that allows you to communicate with us directly through online banking.
• When using Secure Email, the link to this portal will be sent to you by an ACU representative, and you should be expecting it. If you receive an email from ACU you are not expecting, and it contains a link do not click on the link. If you're unsure or want to report any suspicious requests, please contact us at any time. 
  • Once we’ve established connection within the secure messaging service, you can include account numbers and any other information that will help us better serve you.
• We take your concerns about receiving emails seriously. Emails from ACU follow standard privacy rules.
  • All of our email communications come from donotreply@acu.ca.
  • ACU will never ask you to enter your password or financial information via email—or send that information to you in an email.
  • All of our marketing/promotional emails have an unsubscribe option in the footer.
  • All communications follow CASL compliance.
  • We will never send you third-party marketing emails or use your email for any marketing you haven't agreed to receive.
  • We will never share your email address outside of ACU.
  • If you're unsure or want to report any suspicious requests, please contact us at any time.

Read more about how our privacy policies and practices protect your personal information.

Our digital banking system has industry-leading security, including fraud prevention, cyber security and high-risk transaction protections to ensure that your transactions are secure while data is transmitted between your device and our systems.

Encryption
We use 256-bit TLS encryption on our desktop website and mobile app, enabling you to easily and securely complete banking transactions on your phone, tablet or computer.

Controlled account access
You have control over your account access – only you know your sign-in credentials, user name and password. Our employees do not have this information, nor do they require it.

Password protections
There is a maximum number of attempts to input the password for your account. If you exceed that number, your online access will be disabled and you must contact a member representative to assist you.

Mobile Apps
The following permissions and activities are required by our mobile app to operate.

• “Access Camera” permission is used by the app to deposit a cheque via mobile deposit capture, store a custom profile and background picture.
• “Access Location” permission is used by the app to accurately locate the nearest ATM or branch in the “Find Us” feature.
• “Call permission” is used to automatically call the user’s preferred branch by tapping on the phone number in the “Find Us” feature.
• “Read Contacts” permission is used to set up new Interac e-Transfer® contacts and send an Interac e-Transfer. Only the device contact information a user confirms is readable by Interac.
• “Internal Storage” permission is required to view, share and download PDF files from the mobile app to a user’s device. An ACU monthly account statement is an example of a PDF file.
• “App Activities” uses mobile app interaction data for analytics on usage and crash information, which helps us make improvements to our app. We also monitor application stability using the crash logs to make ongoing improvements. Activity data and performance information is completely anonymous and aggregated—individual users are not identifiable.

We do all we can to make sure your financial information is secure. You can help, by doing your part to stay safe.

• Do not follow links in texts or emails to our website. Never use a search engine to go there, either. Always type in the address (https://acu.ca) and look for https in the address. Once you’re there, bookmark it!
• Scammers will try scare tactics, like saying your account has been closed, or there’s some other issue, that requires your immediate action. Call your credit union to independently verify these types of calls or messages. 

Use strong, unique passwords

• Keep your banking login password unique — avoid using passwords you use for other sites and services. 
• Choose a password that’s easy for you to remember but not easy for someone else to guess, and avoid using personal information like phone numbers, birth dates, pets’ names, etc.
• Don’t use the auto-save function for usernames and passwords on your browser and device. Consider using protected password management software or another secure system for storing passwords.  
• Never share your password with anyone, including ACU employees. We will never ask you for it. 
• Change your online banking password and your PIN on a regular basis—especially since credentials are often not used until months after they’ve been stolen.
• Contact us immediately if you suspect someone has obtained knowledge about your online banking password or your PIN

Monitor your accounts and set up alerts

• Review your statements regularly and set up transaction alerts that tell you when there’s any activity on your account—which would include activity you’re not controlling.  
• You can set your alerts to notify you of any activity in your accounts, including password changes, sign in attempts, adding bill payees, withdrawals, deposits. You can manage alerts in the Settings section of online banking or the mobile app.
• Our alert messages will never contain any personal information about you or your account and will never ask you to click or download anything.

Be aware of cyber crime

• Cyber-criminals seek vulnerabilities in human behaviours to steal credentials. They use social engineering tactics to trick people into providing sensitive information or visiting a malicious website.
• In financial phishing and smishing scams, as one example, a cyber-criminal, posing as your financial institution, sends you emails (known as phishing) or text messages (known as smishing) in an attempt to get you to provide your login credentials.

Protect your computer
Threat protection software secures your information and privacy on your computer. Installing this software will mitigate virus threats, ransomware, provide firewall protection and protect you from harmful sites and data.

Browse safely

• Make sure you see “https://” when using secure sites: this verifies the security certificate of the website is authentic.
• Always sign out or log off when you’re finished you digital banking session.
• Don’t access your account using public Wi-Fi or a public computer.

Manage your operating systems

To protect against malware and viruses, keep your operating system up to date. Updates will contain the latest security features available.

Protect your device

• Download apps exclusively from Google Play, Apple Store, etc., not from a link.
• Install anti-virus software for your smartphone, if available, and update it frequently.
• Install an app that enables you to track the location of your device. Location software will also let you factory reset (wipe the data from) your device if it’s lost or stolen
• Keep your smartphone's operating system updated.
• Don’t remove the manufacturer’s restrictions on the device.