Online Security and Fraud Protection

We suggest the following tips for choosing and keeping a PIN:

• Memorise your PIN. Do not keep it with your card or passbook.
• Do not disclose your PIN, password or confidential details to any person.
• Do not base your PIN on personal information such as your date of birth, address or phone number.
• Consider having a different PIN for each different card or passbook.

Your password is the access key to your internet banking, so choose it carefully. A secure password is one that is difficult to guess, does not contain any identifying information (such as your name or telephone number), and is complex. Here’s some ideas to help make your password secure:

• Never share or write down your password.
• We will never ask you for your password under any circumstance. If somebody claiming to be from Heritage asks for your password, do not disclose this information. Do not respond to any email that asks for your personal or account details, regardless of how legitimate it may look, please contact us to report the incident.
• Do not use personal information or your Heritage member number in your password. Fraudsters can learn this information quite easily.
• Take care to ensure that nobody is watching when you’re entering a password.
• Avoid using the password for your Heritage Online for anything else. In general, consider using different passwords for each of your online accounts.
• Change your passwords regularly and don’t re-use any recent ones.
• Use a reputable password management tool to securely store your passwords.

Identity fraud involves fraudsters using someone else’s personal information for things like opening bank accounts and applying for credit cards or loans. Those accounts and cards are then used illegally to incur debt, which can also ruin your credit rating.

Identity fraud is a growing problem worldwide, and costs billions of dollars a year in Australia. Fraudsters use a mixture of tactics to acquire information such as your date of birth, address, mother's maiden name and passwords. They could simply steal documents from a garbage bin or letter box, or they could use sophisticated computer-based software to get your data. They might then sell the data or use it themselves for identity fraud.

We use your personal information to identify you when you open or update your Heritage accounts. We will only ever ask these personal identification questions over the counter in a branch, or when you phone our Contact Centre. Do not provide the answers to your personal identification questions under any other circumstances.

What to do if you suspect you have been a victim of identity theft

If you suspect someone has stolen your identity, please refer to the FAQ section at the bottom of this page for steps on resolving the issue. 

Minimising the Risk of Identify Theft 

To protect your identity, and subsequently your personal reputation and credit rating, consider the following suggestions:

• Ensure you properly destroy or shred documents when you are disposing of old correspondence containing personal information. This includes utility bills, old bank statements, credit card bills, rate notices etc.
• Lock your letterbox so no-one steals your personal mail.
• If you have a mailing address (PO Box), contact the Post Office to confirm if there have been any changes to your contact details for the mailing address.
• Do not leave your personal items unattended in situations where other people have unrestricted access to them. 
• Don't unnecessarily carry ID documents such as your passport or birth certificate in case they are lost or stolen.
• Ensure that your personal computer has the latest anti-virus and anti-spyware software installed and the latest security patches installed.
• If someone has broken into your house, check whether they’ve stolen your personal identifying documents. If they have, report their theft and replace them as soon as possible.

Fraudsters can access your credit/debit cards details in many ways (e.g. data compromise or mail theft) and use this information over the phone or online to make purchases, or to create counterfeit cards to withdraw cash at ATMs. The following suggestions may help protect your credit/debit cards:

• Memorise your PIN. Don't use the same PIN for all your cards, and don't choose your date of birth or another number that might be recorded in your wallet or purse.
• Regularly check Heritage Online and your account statements. Call us if you see anything suspicious on your account.
• Do not allow others to remove your credit/debit cards from your sight at anytime.
• Card fraud has no borders, so be even more vigilant when travelling
• Know when your card is due to expire and look out for your new card. Call the card issuer if it doesn’t arrive.
• Immediately sign any new or replacement cards as soon you receive it. Ball point pen is preferred.
• Destroy old cards once they have expired.
• Be sure your mail box is secure, and that only authorised people can access it.
• Tear up/shred all credit card receipts and pre-approved card offers before you throw them away. Keep your account statements in a safe place until they are destroyed.
• When you use your cards online, make sure you are using a secure website.
• Consider using a separate card (with minimal limit/balance) for online purchases.
• Don't give out any card details unless you initiate the call or transaction.
• If you believe your card has been compromised, please contact us immediately.

When using an ATMs and EFTPOS terminals consider the following:

• Always consider personal safety when using an ATM, particularly at night.
• If possible, always use the same ATM and get to know what it looks like.
• Inspect ATMs to see if anyone has tampered with then. If they have, do not use the ATM. Contact the ATM owner to advise your concerns via the phone number displayed on it.
• Ensure no one can see you entering your PIN. If someone is standing close to you, either ask them to move back or walk away until the other person leaves.
• Cover the PIN pad when entering your PIN, so no-one can see the number.
• Be discreet when withdrawing cash and place the notes in your pocket/purse/wallet before leaving the ATM/EPTPOS terminal.

When using a computer connected to the Internet, consider the following safe computing tips:

Before you connect:

• Install and regularly update your anti-virus and ensure it scans emails as they are received. Your computer store or software retailer will be able to recommend a suitable product.
• Ensure that your Operating System and installed programs are up to date with the latest security patches.
• Install a personal firewall to protect against intrusions to your computer system and activate any firewall function on your home Internet connection.
• Consider registering for the Australian Government’s Stay Smart Online Alert Service. 

While browsing the internet:  

• Use email spam filters to help protect against receiving hoax/spam emails. Most Internet Service Providers (ISPs) offer email spam filtering services. Contact your ISP via telephone, email, or
  their website to determine if they offer a spam filtering service.
• Be very wary of opening or running files or clicking on links on untrusted Web sites or attached to unsolicited emails.
• Before logging in to a web site using an account and password, ensure that the site is secure. Different Web browsers show this in different ways. For example, in Microsoft Internet Explorer ‘https://’ should be displayed at the start of the web address in your browser's address bar. Your Web browser should also display a padlock, indicating a secure connection and that the issued digital certificate from the site is valid.
• Do not accept the assistance of someone contacting you where you haven’t initially asked for help. Particularly, do not allow someone to remote control your computer if you’re not entirely sure that they are who they claim to be.

While using Heritage Online: 

• Never follow a link from a non-Heritage website that purports to take you to, or log you in to Heritage Online.
• Never enter your personal banking information after clicking a link in an email or on a non-Heritage website. We will never ask you to confirm your details via email or through a website.
• Try not to use internet banking sites from public access computers, such as internet cafés. You have no way of knowing what software is on these machines or how secure they are.
• Heritage Online will send you an email to verify that certain significant actions have occurred on your account. This includes things such as BPay, funds transfers, addition of a new scheduled transfer, change of email address etc. If you ever receive one of these confirmation emails without having personally done the transaction it is referring to, please contact us immediately.
• As soon as you have finished with your internet banking or when leave your computer, make sure you logout.

After browsing:

• If you print statements or details from your internet banking session, protect them appropriately and securely dispose of them when they are no longer required.
• CVV numbers are used for online purchases and are printed on the back of Credit Cards. Similar to PINs, don’t record or store your card’s CVV. The only record should be on the card itself.

Don’t store your member numbers or passwords anywhere in your mobile device or in the web browser of your mobile device. If someone else accesses your phone, you do not want them having these details freely available.

Where possible, keep your mobile device’s system and application software up to date and run security software if it is available.

Mobile Phone Porting

Fraudsters who have compromised your credentials may port or transfer your mobile phone number to another provider, allowing them to receive security codes and alerts sent to that phone via SMS.

Consider the following:

• If your phone service suddenly stops working, contact your provider immediately.
• If you believe your phone has been ported without your permission and you are registered for SMS security, please contact us immediately. 

Safe Wi-Fi Practices

Wi-Fi networks can be very convenient and are becoming more common. You need to be aware that having or using an unprotected Wi-Fi network can expose your private information and potentially allow unauthorised persons to perform malicious activities to devices connected to it. Never assume free or public Wi-Fi networks are secure. Consider using the following on your own Wi-Fi network (you may need to reference your Wi-Fi router manual or seek advice when configuring your wireless router):

• Enable encryption on your Wi-Fi router and use WPA2 if available. Avoid using the less secure WEP standard if at all possible.
• Change the default password used to administer the router.
• Use complex and difficult to guess Wi-Fi access and router administrator passwords.
• Disable publishing or broadcasting of your Wi-Fi network name (or SSID) and change the name from the default.

More and more fraudsters are trying to “scam” people out of their hard-earned money. Scammers usually offer a product or service via spam emails that seem too good to be true or cold call asking for your personal information such as PINs or account details. We will never ring you and ask you for this information. It is impossible to list all scams currently being used as there are so many (and then, so many variations to the original scam).

Some tips on how to avoid being scammed:

• Be wary of spam emails, chain letters and persons purporting to be representatives of Government Departments, financial institutions or other businesses.
• Do not give your name, bank account details, copy of your passport, birth certificate or any other personal details to anyone other than for legitimate purposes.
• If someone contacts you asking for personal information, check carefully that they are legitimate.
• Be suspicious of any correspondence from overseas asking you to forward large sums of money or advising that you have won a prize.
• If someone blocks access to your computer or personal files, and then asks for a payment to remove that block, report the incident to the Police.

Some examples of current scams:

Phishing

Phishing’ refers to emails that trick people into giving out their personal and banking information. They can also be sent by SMS. These messages seem to come from legitimate businesses, normally banks or other financial institutions or telecommunications providers. The scammers are trying to get information such as bank account numbers, passwords and credit card numbers, which they will then use to steal your identity.

Nigerian Scam

A ‘Nigerian’ scam is a form of upfront payment or money transfer scam. Called Nigerian scams because the first wave of them came from Nigeria, they can come from anywhere in the world. The scammers offer you a share in a large sum of money that they want to transfer out of their country. The money may be trapped in central banks during civil wars or coups, often in countries currently in the news. Alternatively, you may be “entitled to” a share of massive inheritances that are difficult to access because of government restrictions or taxes in the scammer’s country.

Spanish Lottery Scam

An email or letter from an overseas lottery or sweepstakes company arrives advising that you have won a lot of money or fantastic prizes in a lottery or sweepstakes competition you did not enter. These scams often use the names of actual overseas lotteries (often Spanish lotteries), so may seem legitimate. However, you cannot win these lotteries without buying a ticket from an authorised distributor in the country it is from.

Money Mule scam

Spam emails, or other advertisements offering work-from-home opportunities are often fronts for illegal money laundering or attempts at identity theft. Participating in money laundering is a criminal offence.

For more detailed information go to the Australian Government ”Scamwatch” website. The Australian Competition and Consumer Commission (ACCC) runs this website to help you recognise, report and protect yourself from scams.

Your passbook is a visual record of your account with the bank. Heritage passbook accounts can be accessed via either a signature or PIN. 

• Always protect your passbook from theft and unauthorised use
• Keep your passbook in a safe and secure place
• Don't give your passbook to another person for any reason
• Never pre-sign withdrawal forms
• If your passbook is lost or stolen please contact us immediately. 

Protecting your cheques is important to keep your funds safe.

At Heritage, we help you protect your finances by providing cheque books for personal cheque account members with the latest security features.

Here are some more hints on protecting your cheque facility:

• Keep your chequebook under your control at all times.
• Never sign a blank cheque.
• If your cheques are lost or stolen, please contact us to report the matter as soon as possible.
• When you send a cheque in the mail, put it in a plain (not window faced) envelope.
• Always use a pen or felt tip pen to write your cheques - do not use pencil.
• Write the amount in words and figures as close as possible to the left hand margin or dollar symbol. Ensure it’s obvious where the amount in words and figures end, to prevent the insertion of any additional words or numbers.
• Record the details of cheques on cheque stubs and check your account statements against them. If there is a discrepancy, please contact us immediately.