Security Information

Just How Secure Is It?

The CWBdirect^® site ensures that your personal and financial information is handled with care. Any personal or transactional information transmitted between you and our Internet banking system is secure and cannot be read by anyone else. While using the CWBdirect^® site the integrity of your account information is guaranteed. Transactions from your computer to our system are received without alteration. From a technical point of view a process called encryption is used to achieve security.

How Is Security Achieved?

Access to our services, financial systems, and databases is strictly managed. Technological and procedural systems are in place to ensure security is not breached. This includes physically securing all of our computer hardware and telecommunications systems. All data is transported using encrypted channels.

What is encryption and how does it work?

Encryption is the process of scrambling data into an unreadable format. It is more secure to transmit encrypted data over the Internet. In the case of the CWBdirect^® site, data is sent by your browser through an encrypted channel to our secure systems where the message is safely received.

Some browsers can create a more secure channel than others, owing to the ‘strength’ of their encryption. To safeguard your personal and financial information, we only use the strongest channel available–referred to as 128–bit SSL or Secure Socket Layer. If you have a browser that only supports ‘weaker’ encryption such as 40–bit or 56–bit SSL, you will need to upgrade your browser before using our site.

What is the difference between 40– and 128–bit encryption?

Encryption and decryption is accomplished using a complex mathematical formula called an algorithm. An encrypted message cannot be read unless you have the formula or ‘key’ to unscramble the message. The longer and more complex the ‘key’ is, the stronger the encryption. The 40 and 128 refer to the length of the key. Since 128 is longer, than 40, it is more secure.

But don’t let the relatively small difference in the size of the key fool you. According to Netscape, 128–bit encryption is trillions of times stronger than 40–bit encryption.

Protect your Password

Just as you play a vital role in ensuring the security of your home and your possessions, you too share in the responsibility for ensuring that your personal information is adequately protected. In order for us to ensure that only you are accessing your accounts, we need a unique way of knowing that it's you. Just as the key to your home protects unwanted entry, the online banking "key" - your password - ensures that only you can access your accounts.

It is your responsibility to ensure that your "key" to the CWBdirect^® Advanced Internet Banking site is protected. Please observe the following security practices:

• Select a PASSWORD that is easy for you to remember but difficult for others to guess.
• Do not select a PASSWORD that is easy to guess or is based on personal information (avoid your birth date, address, phone number, social insurance number, or similar information about your family or friends). Otherwise, someone who knows you can easily guess your password.
• Do not select a part of your PIN (your ATM "key") or another password.
• Keep your PASSWORD confidential.
• Do not write your PASSWORD down or store it in a file on your computer.
• Never disclose your PASSWORD in a voice or e-mail, and do not disclose it over the phone, especially cellular phones.
• Do not share your PASSWORD with anyone else.
• Do not permit anyone to observe you typing in your PASSWORD.
• Change your PASSWORD on a regular basis. We suggest every 90-120 days.
• Contact your branch immediately if you suspect someone has gained knowledge of your PASSWORD.
• Contact your branch immediately if you believe there are errors or omissions in your account.
• Contact your branch immediately if you become aware of any loss, theft, misuse, or unauthorized use.

Biometric Devices

Clients have the option of purchasing a biometric device to be used for login instead of or in addition to a user ID and password. Where a biometric login is required, a fingerprint sample is obtained during registration and then compared at subsequent logons. The server does not store a picture of the fingerprint, but rather an algorithm that is equivalent to a 60digit password.

Protect The Information On Your Computer

While we have provided a secure channel for our Customers to communicate with us, once the information has reached your computer, it's up to you to protect it. To protect your information, you should:

• Never leave your computer unattended while using our online banking services.
• Always exit the CWBdirect^® site using the Logout button and close your browser if you step away from your computer. Your browser may retain information you entered in the login screen and elsewhere until you exit the browser.
• Prevent the browser from caching (storing) the pages that you view by using the Enhanced Security feature located on the Login screen. We strongly recommend that you use this feature if you are accessing the CWBdirect^® site from a shared computer, such as at a friends house or through a publicly-accessible computer, such as at a library or airport.
• Secure or erase files stored on your computer by your browser so others cannot read them. Most browsers store information in non-protected (unencrypted) files in the browser's cache to improve performance. These files remain there until erased. Using standard computer utilities or by using your browser feature to "empty" the cache, these files can be erased.
• Disable automatic password-save features in the browsers and software you use to access the Internet.
• Install and use a quality anti-virus program. As new viruses are created each and every day, be sure to update your anti-virus program often.
• Install and use a personal firewall on your computer to ensure others cannot access your computer through the Internet.
• Install new security patches, as soon as your operating system and Internet browser manufacturers make them available.

To learn more about browser security, please visit the Netscape and Microsoft web sites. To ensure a safe and secure Internet session, only visit reputable sites. If you visit any questionable web site before CWBdirect^®, we recommend you close your browser and restart it before proceeding to CWBdirect^®.

How Have We Met Our Responsibilities?

We ensure your personal and financial information is protected within our CWBdirect^® banking service, financial systems, and databases.

We ensure your personal and financial information is protected while in transit between your computer and our server through the use of industry standard security techniques which include Secure Socket Layers (SSL) and encryption.

Encryption ensures that information in transit between your computer and our server cannot be read (private and confidential) or changed (integrity).

We ensure that only individuals who provide the correct PAC can access your account information.

For more information on the specific policies and practices that we use to safeguard your personal and financial information, please click here to view our Privacy Statement.

How To Avoid E-Mail Fraud

While banks and law enforcement take extensive steps to protect people, there are some simple steps Canadians can take to protect themselves:

• Be skeptical of any unsolicited e-mail asking you to provide personal information, no matter how legitimate it looks. If you are unsure, contact the company it purportedly comes from: but make sure you use a phone number, e-mail address or website address that you know is legitimate. Do not use the ones provided in the e-mail.
• Never send personal and/or financial information by e-mail.
• Always enter your bank's website using the website address (URL) that you know is accurate. Contact your local bank to get the correct website address if you're unsure.
• Fraudulent e-mails are not personalized and, instead, are addressed in general terms, such as "Dear valued customer".
• Check the domain name shown as the link in the e-mail. When you click the link, if it does not match the name that appears in the browser at the top of the screen, then it may be a fraudulent website.
• If you receive an e-mail notifying you that an e-mail money transfer is being sent from a person you don't know, delete the e-mail as it is likely fraudulent.
• Be aware of social engineering. Normally appearing as an email from a major financial institution, the message explains that your account information needs to be verified and directs you to visit the website listed in the email. This website may look identical to your financial institution's website and will prompt you to enter your account information. These emails and websites are likely fraudulent and will compromise your account.
  PLEASE NOTE: Canadian Western Bank, or any credible financial institution, will not send requests for account information via email. If any problems with your account arise, you will be contacted by a bank representative personally. If you receive an email, seemingly from Canadian Western Bank, and wish to verify its source, please contact your branch by phone or in-person.
• Make sure your home computer is protected by installing anti-spam, anti-spyware and anti-virus software and personal firewalls, and keep these up-to-date. Also check for operating system patches and upgrades on a regular basis.
• Regularly review your bank and credit card statements and immediately report any unauthorized transactions to your financial institution. Also check your credit report at least once a year by contacting credit reporting agencies Equifax Canada or TransUnion Canada.

© All Rights Reserved Canadian Western Bank, 2002.