Skip to Content, Menu, Homepage
Call us 131422
Search
lock

SIGN IN / REGISTER FOR

Go
Personal Online Banking
I'd Like To

I'd Like To

Life Events

Life Events

Quicklinks

Quick Links

SMS Services

SMS Services allow you to stay on top of your finances at any time using your mobile phone plus enhances the security of internet banking.

Find out more

Phone Banking

Perform transactions and receive account balances over the phone, whenever it suits you.

Find out more

No fees means more for you

No fees means more for you

Don’t let fees and charges eat into your hard earned cash. Open a Simply Access account and you won’t pay monthly account keeping fees.

Find out more
Home / Online Banking / Security Tips
Print this page

Security Tips

Choosing passwords

Your password is the access key to your Internet Banking, so it is important that you choose ‘good’ passwords. A ‘good’ password is one that should be difficult to guess, should not contain any identifying information (such as your name or telephone number), and where possible, should be complex.

The following tips will assist in creating a ‘good’ password:

  • Do not use dictionary words. Dictionary words as passwords are very easy to compromise. There are tools available to help attackers guess your password. With today's computing power, it doesn't take long to try every word in the dictionary and find your password, so it is best if you do not use real words for your password.
  • Do not use your member number.
  • Do not use personal information. You should never use personal information as a part of your password. It is very easy for someone to guess things like your first or last name, the name of a pet or loved one, a birthday, your street name, your computer name and other similar details.
  • Do not use example passwords such as the ones in this document.
  • Try to avoid using common simple misspellings of dictionary words, such as replacing L with 1, A with 4 etc
  • Use a passphrase. Rather than trying to remember a password created using various characters which is also not a word from the dictionary, you can use a passphrase. Think up a sentence or a line from a song or poem that you like and create a password using the first letter from each word. For example, rather than just having a password like 'yr41Hes', you could take a sentence such as "I like to read about Internet Network Security its Fun" and convert it to a password like 'il2raiNSiF". By substituting the number '2' for the word 'to' and using the first letter of each word you can create a secure password that is harder to crack, but much easier for you to remember.
  • Use a secure encrypted password management tool. Another way to store and remember passwords securely is to use some sort of password management tool, but ensure it is reputable and uses encryption. These tools maintain a list of usernames and passwords in encrypted form. Some will even automatically fill in the username and password information on sites and applications, but this feature should be avoided for Heritage on-line Internet Banking where use of the floating keypad is required for entry.
  • Use different passwords. You should use a different username and password for each login you are trying to protect. That way if one gets compromised the others are still safe. The passwords you use for Heritage on-line should be unique.

Protecting your passwords

  • Heritage will never ask you for your password, under any circumstance, whether it be over the counter, over the phone or via email. If somebody purporting to be from Heritage asks for your password, you should not disclose this information. Ignore any email, regardless of how legitimate it may look, that purports to be from Heritage or from any other source (e.g. Visa or MasterCard) and asks for personal details.
  • Change your passwords. You should change your password at least every 60 days. You should also not re-use a password that you have used in the last year.
  • Never share your password with anybody else.
  • Never write your password down.
  • Take care when entering your passwords to ensure that nobody is watching.

Protecting your personal identification

  • Heritage will only ever ask your personal identification questions over the counter in a branch, or via the phone from our Call Centre. Do not provide answers to your personal identification questions under any other circumstances.

Practices for safe computing

  • Always type the address for the Heritage website. It is easy to modify Bookmarks/Favourites or links in an email. The only way to be certain that you are arriving at the legitimate Heritage website is to type the address every time.
  • Never click on an email that asks for your personal banking information. No Financial Institution will ever ask you to confirm your details via email or through a website. On the Internet it is difficult to determine if a person is who they say they are. You would not give your house keys or your PIN number to a total stranger in the street. The same principle applies for giving your account number and passwords to a stranger on the internet (regardless of how much they might look like someone you ‘know’).
  • Use email spam filters to help protect you against receiving hoax/spam emails. Most Internet Service Providers (ISPs) offer email spam filtering services. Applications are also available that run locally on your computer. These filters intercept many hoax emails and prevent them from ever reaching your inbox. Contact your ISP via telephone, email, or their website to determine if they offer a spam filtering service.
  • Never follow a link from a non-Heritage website that purports to take you to, or log you in to, Heritage Online.
  • Avoid opening, running, or installing applications or files obtained from a person and/or organisation that you do not know. Be very wary of unsolicited email with file attachments.
  • Install a good virus scanner on your computer that scans email as your computer receives it. Your local computer store or software retailer will be able to recommend a suitable product.
  • Be careful when using Internet Banking from public access computers, such as Internet Cafés. You have no way of knowing what is on these systems or how secure they are. The system may capture your login and password details without your knowledge.
  • Before logging in, ensure that your online session is secure.
    • Check, ‘https://’ is displayed at the start of the web address in your browser's address bar.
    • Check that browser displays a padlock, indicating a secure connection.
    • Ensure the issued digital certificate from the site is valid. Double click the padlock on your browser and check the details to do this.
  • As soon as you have finished with your session or when leave your computer, make sure you logout of Internet Banking.
  • If you print statements or details from your Internet Banking session, protect them appropriately by ensuring that they are disposed of securely when they are no longer required.

Keep your computer secure

  • Always have an updated Virus Scanner installed.
  • Ensure that your Operating System is up to date with the latest security patches from the vendor.
  • Have a personal Firewall installed to protect against intrusion to your computer system.

Securely using Wireless Networks (Wi-Fi)

Wi-Fi networks can be convenient to use and are becoming very popular with internet enabled devices. You need to be aware that an unprotected network can expose your private information and transmissions, and potentially allow unauthorised users to download unlawful content using your network and perform a host of other malicious activities.

You may need to reference your router manual or seek advice when configuring your wireless router.

You should:

  • Ensure encryption is enabled and use an effective standard such as WPA or WPA2. Avoid using WEP as it is less secure.
  • Change the default password used to administer the router.
  • Not publish or broadcast the SSID (service set identifier or Network name) and change it from the default name.
  • Use complex and difficult to guess passwords.
  • Never assume free or public wireless networks are secure.

Mobile Phone Porting

Fraudsters who have compromised your credentials may port or transfer you mobile phone number to another provider, allowing them to receive security codes and alerts sent to that phone via SMS.

  • Be wary of unsolicited calls and emails asking for contact and identity details.
  • If your phone service suddenly stops working, contact your provider immediately as this may be an indicator that the number has been ported to another provider.
  • Ask your mobile phone service provider to add extra security questions to your account if available, especially for actions such as porting of the number.
If your phone has been ported without your permission and you are registered for SMS security, please contact Heritage immediately on 13 14 22.

Heritage online email alerts

  • Heritage Online will send you an email to verify that certain significant actions have occurred on your account. This includes things such as BPAY, funds transfers, addition of a new scheduled transfer, change of email address etc. If you ever receive one of these confirmation emails without having personally done the transaction it is referring to, please call our Contact Centre on 13 14 22 immediately.

If you ever suspect any unusual activity when using Heritage Online, we would encourage you to call our Contact Centre on 13 14 22 (8:30 am - 7 pm Mon-Sat), or via e-mail to fraudalert@heritage.com.au.

REMEMBER: While Heritage may send informational or confirmatory receipt emails, Heritage will NEVER send an email that would request the disclosure of any personal security details such as your PIN, Internet Banking Passwords, Credit Card details or require you to click on links or attachments within the email to update or verify details.

Site Information

Heritage Bank - People First

Products issued by Heritage Bank Limited
ABN 32 087 652 024. AFSL/ACL 240984.
© 2011 Heritage Bank