Security & Fraud Protection

At Heritage, we’re committed to protecting you from fraud. Our Fraud Management and Information Security Teams are constantly updating our processes and technologies to keep you safe.

If you suspect any unusual activity has occurred while using Heritage Online or other services please contact us on 13 14 22 or send an email to our Fraud Team at fraudalert@heritage.com.au with details of what has happened.

This page provides some more information about how we protect you from fraud, some tips on how you can protect yourself, and updates on some recent fraud examples.

Latest security alerts

Ways to bank securely
August 2020: Phishing Scam Awareness
We’ve noticed an increase in reports of Heritage customers receiving cold calls from people claiming to be from an NBN company or a telecommunications company like Telstra.
Using the Heritage Bank Mobile Banking app
April 2020: Covid-19 Scam Awareness
With the spotlight firmly on the coronavirus (COVID-19), scammers are looking to capitalise on the increased media attention and public concerns to catch people unaware. 
March 2020: Fake Mobile Banking Apps

We’ve received reports of fake apps impersonating the Heritage Mobile Banking App. 

February 2020: Hoax emails and phishing scams

We’re aware of hoax emails and phishing scams claiming to come from Heritage Bank or link to Heritage internet banking. These emails ask the recipient to click on a link which goes to a forgery of the Heritage Online website.

These fake websites are designed to capture personal information such as your Heritage member number, passwords and contact information. Those who unsuspectingly login to these sites may later discover their Heritage Online account has been accessed by unauthorised persons.

If you have clicked on link in a suspicious email or logged into a fake Heritage Online website, it’s very important that you change ALL your Heritage Online passwords, and call us immediately on 13 14 22.

When in doubt, do not click on any links contained within the email and make sure to visit the Heritage Bank website directly. You can also call us to check whether or not any communications you receive are genuine.

REMEMBER: while Heritage may send informational or confirmatory receipt emails, we will NEVER send emails that ask you to share personal security details such as your PIN, CCV number, internet banking passwords, credit card details, or require you to click on links or attachments within the email to update or verify details.

January 2020: Hoax phone calls and phishing scams

We’ve received reports that some customers may have recently been targeted by a number of phishing scams including hoax phone calls, emails and text messages from people claiming to be from Heritage Bank.

A caller may suggest there is an issue with your account and may attempt to obtain personal information such as your Heritage account number, card numbers, passwords and PINs. Or, emails or messages may ask the recipient to click on a link which goes to a forgery of the Heritage Online website. Those who unsuspectingly provide their information may later discover their Heritage account has been accessed by unauthorised persons.

If you receive a phone call out of the blue about your account requesting personal information access - hang up – even if they claim to be from Heritage. DO NOT provide any personal or sensitive information to the caller.

When in doubt, do not click on any links contained within the email and make sure to visit the Heritage Bank website directly. You can also call us to check whether or not any communications you receive are genuine.

If you have clicked on a link in a suspicious email, logged into a fake Heritage Online website or given information to an unauthorised third party, it is possible your account details have been compromised. Please immediately change ALL your Heritage Online and phone banking passwords, and call Heritage Bank immediately on 13 14 22.

REMEMBER: while Heritage may send informational or confirmatory receipt emails, we will NEVER send emails that ask you to share personal security details such as your PIN, CCV number, internet banking passwords, credit card details, or require you to click on links or attachments within the email to update or verify details.

April 2019: Hoax phone calls - computer remote access

We’re aware that some customers have recently been targeted by hoax telephone calls from people claiming to be from Heritage Bank technical assistance.

The caller may suggest there is a problem with your internet connection to Heritage’s online services and request remote access to your computer to ‘fix’ the issue.  Once they gain access to your computer, they will attempt to obtain personal information such as your Heritage account number, card numbers, passwords and PINs. They may claim to have control over the personal information on your device and pressure you to provide them with funds or purchase gift cards on their behalf. Or, they may even try to trick you into thinking you are receiving an account credit and request that you provide account details in order to receive funds. Those who unsuspectingly provide their information to the third party may later discover their Heritage account has been accessed by unauthorised persons.

If you receive a phone call out of the blue about your computer and requesting remote access - hang up – even if they mention they are from Heritage Bank. DO NOT provide any personal or sensitive information to the caller. If you have given information to the third party, it is most likely your computer and possibly your account details have been compromised. Please immediately change ALL your Heritage online and phone banking passwords, and call Heritage Bank immediately on 13 14 22.

November 2018: Hoax emails and phishing scams

We’re aware of hoax emails and phishing scams claiming to come from Heritage Bank or link to Heritage internet banking. These emails or messages ask the recipient to click on a link which goes to a forgery of the Heritage Online website.

These fake websites are designed to capture personal information such as your Heritage member number, passwords and contact information. Those who unsuspectingly login to these sites may later discover their Heritage Online account has been accessed by unauthorised persons.

If you have clicked on link in a suspicious email or logged into a fake Heritage Online website, it’s very important that you change ALL your Heritage Online passwords, and call us immediately on 13 14 22.

When in doubt, do not click on any links contained within the email and make sure to visit the Heritage Bank website directly. You can also call us to check whether or not any communications you receive are genuine.

REMEMBER: while Heritage may send informational or confirmatory receipt emails, we will NEVER send emails that ask you to share personal security details such as your PIN, CCV number, internet banking passwords, credit card details, or require you to click on links or attachments within the email to update or verify details.

February 2018: Hoax phone calls - computer remote access

We’ve received reports that some Heritage Bank customers may have recently been targeted by hoax telephone calls from people claiming to be from Telstra. The caller may suggest there is a problem with your internet connection or phone line. They may then request remote access to your computer to ‘fix’ the issue. Once they gain access to your computer, they will attempt to obtain personal information such as your Heritage account number, card numbers, passwords and PINs. They may even try to trick you into thinking you are receiving an account credit and request that you provide account details in order to receive funds. Those who unsuspectingly provide their information to the third party may later discover their Heritage account has been accessed by unauthorised persons.

If you receive a phone call out of the blue about your computer or phone requesting remote access - hang up – even if they mention a well-known company such as Telstra. 

DO NOT provide any personal or sensitive information to the caller. If you have given information to the third party, it is most likely your device and possibly your account details have been compromised. Please immediately change ALL your Heritage Online and phone banking passwords, and call Heritage Bank immediately on 13 14 22.

November 2017: Phone porting

Phone porting is a method used by scammers to hijack your phone number to try to gain access to your banking details.

What happens is that the scammers get hold of your mobile phone number, then arrange for it to be shifted across – “ported” - a different telco provider e.g. from Telstra to Optus. Once it is ported across, the scammer effectively gains control of your phone number.  The victim loses all service to their mobile phone and will not be able to make or receive calls or text messages. Once the scammers take control of your phone number, they can also receive two-factor verification codes such as SMS One Time Passwords sent to your phone, which can also unlock access to your bank accounts.

If you do suddenly lose access to your phone number, you should take immediate steps to contact your telco to check whether the number has been ported. If it’s confirmed that the phone number has been ported without permission, you should immediately contact us as well as your other financial institutions to reset your passwords and check recent transactions. 

Tips to stay cyber safe:

  • If you lose service to your mobile phone take immediate steps to contact your telco to confirm if it’s a network issue or a phone port. If ported, contact your bank immediately to reset passwords and check recent transactions.
  • Keep your anti-virus up to date on all PCs and Mobile devices. Conduct regular scans.
  • Do not give out your personal details to third parties.
  • Do not click on links or responded to emails that ask for you persons information or user names and passwords.
  • Change your passwords regularly
  • Check your transaction activity regularly and report any unauthorised activity to your bank immediately.
  • Visit www.scamwatch.gov.au to report a scam or learn more about common scams and how you can protect yourself.

For more information specifically about phone porting scams, you can visit the scamwatch.gov.au website.  

How we protect you

Heritage Online 

Heritage Online puts your security first, with a range of security features and services designed to keep you safe while banking online. Some of these include: 

  • Fraud prevention technology 
  • Secure communications links to protect all information transferred between Heritage and you over the internet 
  • Dedicated Heritage fraud detection specialists
  • Limits on how much money you can move daily – nominated by you
  • Ability to disable transfer or BPAY features
  • View your Heritage Online session history at any time
  • Register for email or SMS alerts to keep a close watch on your account 

Heritage Mobile Banking

Heritage Mobile Banking is designed to be quick and easy to use on a wide variety of mobile devices. Your funds are protected in the same way as Heritage Online, plus you’ll get access to some additional features such as: 

  • Ability to block online, international in-store or all card payments
  • Lock, cancel or order a replacement card
  • Device Authentication – an extra layer of security for your account that ensures only devices you allow can perform advanced functions such as adding a new payee
  • Use password, PIN, Fingerprint or Face ID to log in on applicable devices

If you have any questions about our fraud prevention and online security, please contact us. 

Automatic Security Notifications 

To help keep your information and finances safe, you'll receive free security notifications via email or SMS if changes are made to your residential or mailing address, mobile number, phone number, email address, statement frequency, Pay Anyone password, periodic payments or Heritage Online transfer and BPAY limits. 

You will also receive notifications if:

  • SMS notifications have been disabled
  • SMS alert options have been switched off
  • A card has been ordered
  • A card has been activated in-branch or in HAL
  •  A new internet banking payee has been added
  • A new periodic payment has been set up to an external Financial Institution
  • A One Time Password has been retrieved
  • A term deposit has matured early

You can opt out of the service by phoning 13 14 22, or visiting a branch. However, it is recommended to leave these notifications turned on to help keep your accounts and personal details as safe as possible. 

Security tips

While we are committed to providing customers with a secure environment, everyone should play a role in combating fraud. This means you need to protect yourself and be vigilant against fraudsters as well. Here are some simple tips to help you do that.

General Security

Never disclose your personal or account information over the phone, unless you initiated the call.

  • If you receive a call or email from anyone claiming to be a Heritage staff member requesting your PIN or password, be suspicious. Our staff will never contact you and ask you for this information.
  • Report lost or stolen cards, chequebooks or passbooks to us immediately.
  • Always check your statements and report any suspicious transactions to us immediately.
  • Please contact us as soon as possible when you change your address.
FAQs

How do I know if I may have been a target of fraud or identity theft?

Fraud and identity theft come in many forms, so you need to be constantly vigilant about your financial account and personal information. In particular, we suggest that you:

  • Routinely check your statements for anything unusual and query the institution which issued the statement about any transactions you’re unsure of.
  • Contact us with the details of any suspicious transactions on your Heritage accounts.
  • Note unusual emails or phone calls from organisations you haven’t contacted, particularly if they ask for information about your identity.

If you believe you've fallen victim to identity theft,read our article on What to do if you are a victim of identity theft.

What do I do if I think I may have been a target of identity theft?

If you suspect someone has stolen your identify, please read our help and guidance article on what do to if you're a victim of identity theft.

How do I find more about how to prevent being the target of fraud?

The following are official Australian Web sites with more information about fraud: 

What do I do if I think my computer has been hacked?

If you believe your computer may have been compromised: 

  • Disconnect your computer from the Internet.
  • Contact a reputable, local computer support company and have them fully remove any malicious software. Do not accept the assistance of someone contacting you where you haven’t initially asked for help. 
  • Please contact us as well as your other financial institutions as soon as possible.

Any claims resulting from such activity will be assessed on the details of each individual incident.

You can also read our help and guidance article on Ways to Bank Securely for tips on keeping your computer safe in the future. 

I’m about to travel overseas; do I need to tell Heritage?

The Heritage Fraud team monitors unusual transactions on our customer’s accounts. If you let us know that you will be overseas, we will be in a better position to determine if you are likely to be doing a transaction in a foreign country.

Before leaving on your trip:

  • Check the expiry date of your card and that the magnetic strip on the reverse of the card is not damaged. If the card is due to expire while you plan to be away or is damaged, you may need to arrange with us for a new card prior to your departure.
  • Advise the Bank when and where your are travelling. We don’t require a detailed itinerary, only when you plan to travel and which countries and regions you plan on visiting.

What can I do to minimise the risk of fraud with my card?

To help protect yourself from card fraud, read our help and guidance article on Ways to Bank Securely

If you believe your card details have been stolen or if you notice any fraudulent transactions on your account, please contact us.

How can I tell if a website is safe to use with my card?

There are heaps of ways to tell if a website is safe to use with your card. When in doubt, always do your research first. For our top tips, check out our article on on Ways to Bank Securely.