Online Security and Fraud Protection

Online Security and Fraud Protection

At Heritage, we’re committed to protecting you from fraud. Our Fraud Management and Information Security Teams are constantly updating our processes and technologies to keep you safe. Here’s more information about how we protect you from fraud, some tips on how you can protect yourself, and updates on some recent fraud examples.

If you suspect any unusual activity has occurred while using Heritage Online or other services, please call the Heritage Bank Contact Centre on 13 14 22, or send an email to our Fraud Team at fraudalert@heritage.com.au with details of what has happened.
Security Tips

While we are committed to providing customers with a secure environment, everyone should play a role in combating fraud. This means you need to protect yourself and be vigilant against fraudsters as well. Here are some simple tips to help you do that:

General Security

Never disclose your personal or account information over the phone, unless you initiated the call.

  • If you receive a call or email from anyone claiming to be staff from Heritage requesting your PIN or password, be suspicious. Our staff will never contact you and ask you for this information.
  • Report lost or stolen cards, chequebooks or passbooks to Heritage immediately on 13 14 22.
  • Always check your statements and report any suspicious transactions to Heritage immediately on 13 14 22.
  • Notify Heritage on 131422 as soon as possible when you change your address.

Protecting your cheques is important to keep your funds safe. Heritage helps protect your finances by providing cheque books for personal cheque account members with the latest security features. Additionally, here are some more hints on protecting your cheque facility:

  • Keep your chequebook under your control at all times.
  • Never sign a blank cheque.
  • If your cheques are lost or stolen, call us to report the matter as soon as possible on 131422.
  • When you send a cheque in the mail, put it in a plain (not window faced) envelope.
  • Always use a pen or felt tip pen to write your cheques - do not use pencil.
  • Write the amount in words and figures as close as possible to the left hand margin or dollar symbol. Ensure it’s obvious where the amount in words and figures end, to prevent the insertion of any additional words or numbers.
  • Record the details of cheques on cheque stubs and check your account statements against them. If there is a discrepancy, contact us immediately on 13 14 22.

Heritage suggests the following tips for choosing and keeping a PIN:

  • Memorise your PIN. Do not keep it with your card or passbook.
  • Do not disclose your PIN, password or confidential details to any person.
  • Do not base your PIN on personal information such as your date of birth, address or phone number.
  • Consider having a different PIN for each different card or passbook.

Your password is the access key to your internet banking, so choose it carefully. A secure password is one that is difficult to guess, does not contain any identifying information (such as your name or telephone number), and is complex. Here’s some ideas to help make your password secure:

  • Never share or write down your password.
  • Heritage will never ask you for your password under any circumstance. If somebody claiming to be from Heritage asks for your password, do not disclose this information. Do not respond to any email that asks for your personal or account details, regardless of how legitimate it may look, and report the incident to us on 13 14 22.
  • Do not use personal information or a Heritage member number in your password. Fraudsters can learn this information quite easily.
  • Take care to ensure that nobody is watching when you’re entering a password.
  • Avoid using the password for your Heritage Online for anything else. In general, consider using different passwords for each of your online accounts.
  • Change your passwords regularly and don’t re-use any recent ones.
  • Use a reputable password management tool to securely store your passwords.
Identity fraud involves fraudsters using someone else’s personal information for things like opening bank accounts and applying for credit cards or loans. Those accounts and cards are then used illegally to incur debt, which can also ruin your credit rating.

Identity fraud is a growing problem worldwide, and costs billions of dollars a year in Australia. 

Fraudsters use a mixture of tactics to acquire information such as your date of birth, address, mother's maiden name and passwords. They could simply steal documents from a garbage bin or letter box, or they could use sophisticated computer-based software to get your data. They might then sell the data or use it themselves for identity fraud.

Heritage Bank uses your personal information to identify you when you open or update your Heritage accounts. We will only ever ask these personal identification questions over the counter in a branch, or when you phone our Contact Centre. Do not provide the answers to your personal identification questions under any other circumstances.

Minimising the Risk of Identify Theft 

To protect your identity, and subsequently your personal reputation and credit rating, consider the following suggestions:

  • Ensure you properly destroy or shred documents when you are disposing of old correspondence containing personal information. This includes utility bills, old bank statements, credit card bills, rate notices etc.
  • Lock your letterbox so no-one steals your personal mail.
  • If you have a mailing address (PO Box), contact the Post Office to confirm if there have been any changes to your contact details for the mailing address.
  • Do not leave your personal items unattended in situations where other people have unrestricted access to them. 
  • Don't unnecessarily carry ID documents such as your passport or birth certificate in case they are lost or stolen.
  • Ensure that your personal computer has the latest anti-virus and anti-spyware software installed and the latest security patches installed.
  • If someone has broken into your house, check whether they’ve stolen your personal identifying documents. If they have, report their theft and replace them as soon as possible.

What to do if you suspect you have been a victim of identity theft

If you suspect someone has stolen your identify, please take the following steps:

  • Immediately inform the police, giving them as much information as possible.
  • Immediately notify Heritage on 131422 and your other financial institutions and credit providers. Ask them for assistance in managing and resolving the issue with any accounts held with them.
  • Maintain records of your conversations and correspondence with parties you contact about the matter for future reference.
  • Check that no-one has fraudulently established lines of credit in your name.
  • Request the reset of any code/passwords, including phone and Internet banking services.
  • Ensure your financial institutions have your correct address and other contact details.
  • Notify the two main credit reporting agencies, Equifax Pty Ltd (www.equifax.com.au) and Dun & Bradstreet Credit Bureau (www.dnb.com.au). Report the possible theft and misuse of your identity. Arrange for a copy of your credit file from both agencies and review this for any fraudulent activity such as payment defaults that you have not incurred, or credit enquiries about fraudulent credit applications. Obtain new reports again a few months later to further check entries against fraud. Request that any information on the file relating to fraud be removed through the agencies’ resolution services.
  • If you think your regular postal address has been compromised, arrange a new one such as a PO box.
  • Be particularly alert to the details of your financial transactions. Continue to monitor your account statements, mail and bills for any irregular activity. Immediately alert the relevant credit provider(s) of any further fraudulent activity.

Fraudsters can access your credit/debit cards details in many ways (e.g. data compromise or mail theft) and use this information over the phone or online to make purchases, or to create counterfeit cards to withdraw cash at ATMs. The following suggestions may help protect your credit/debit cards:

  • Memorise your PIN. Don't use the same PIN for all your cards, and don't choose your date of birth or another number that might be recorded in your wallet or purse.
  • Regularly check Heritage Online and your account statements. Call your financial institution if you see anything suspicious on your account.
  • Do not allow others to remove your credit/debit cards from your sight at anytime.
  • Card fraud has no borders, so be even more vigilant when travelling
  • Know when your card is due to expire and look out for your new card. Call the card issuer if it doesn’t arrive.
  • Immediately sign any new or replacement cards as soon you receive it. Ball point pen is preferred.
  • Destroy old cards once they have expired.
  • Be sure your mail box is secure, and that only authorised people can access it.
  • Tear up/shred all credit card receipts and pre-approved card offers before you throw them away. Keep your account statements in a safe place until they are destroyed.
  • When you use your cards online, make sure you are using a secure website.
  • Consider using a separate card (with minimal limit/balance) for online purchases.
  • Don't give out any card details unless you initiate the call or transaction.
  • If you believe your card has been compromised, immediately notify Heritage on 131422.

When using an ATMs and EFTPOS terminals consider the following:

  • Always consider personal safety when using an ATM, particularly at night.
  • If possible, always use the same ATM and get to know what it looks like.
  • Inspect ATMs to see if anyone has tampered with then. If they have, do not use the ATM. Contact the ATM owner to advise your concerns via the phone number displayed on it.
  • Ensure no one can see you entering your PIN. If someone is standing close to you, either ask them to move back or walk away until the other person leaves.
  • Cover the PIN pad when entering your PIN, so no-one can see the number.
  • Be discreet when withdrawing cash and place the notes in your pocket/purse/wallet before leaving the ATM/EPTPOS terminal.

When using a computer connected to the Internet, consider the following safe computing tips:

Before you connect:

  • Install and regularly update your anti-virus and ensure it scans emails as they are received. Your computer store or software retailer will be able to recommend a suitable product.
  • Ensure that your Operating System and installed programs are up to date with the latest security patches.
  • Install a personal firewall to protect against intrusions to your computer system and activate any firewall function on your home Internet connection.
  • Consider registering for the Australian Government’s Stay Smart Online Alert Service via www.staysmartonline.gov.au.

While browsing the internet:  

  • Use email spam filters to help protect against receiving hoax/spam emails. Most Internet Service Providers (ISPs) offer email spam filtering services. Contact your ISP via telephone, email, or
    their website to determine if they offer a spam filtering service.
  • Be very wary of opening or running files or clicking on links on untrusted Web sites or attached to unsolicited emails.
  • Before logging in to a web site using an account and password, ensure that the site is secure. Different Web browsers show this in different ways. For example, in Microsoft Internet Explorer
    ‘https://’ should be displayed at the start of the web address in your browser's address bar. Your Web browser should also display a padlock, indicating a secure connection.
    Check that the issued digital certificate from the site is valid. Double click the padlock on your browser and check the details to do this.
  • Do not accept the assistance of someone contacting you where you haven’t initially asked for help. Particularly, do not allow someone to remote control your computer if you’re not entirely sure that they are who they claim to be.

While using Heritage Online: 

  • Never follow a link from a non-Heritage website that purports to take you to, or log you in to Heritage Online.
  • Never enter your personal banking information after clicking a link in an email or on a non-Heritage website. Heritage will never ask you to confirm your details via email or through a website.
  • Try not to use internet banking sites from public access computers, such as internet cafés. You have no way of knowing what software is on these machines or how secure they are.
  • Heritage Online will send you an email to verify that certain significant actions have occurred on your account. This includes things such as BPay, funds transfers, addition of a new scheduled
    transfer, change of email address etc. If you ever receive one of these confirmation emails without having personally done the transaction it is referring to, please call Heritage Bank Contact
    Centre on 13 14 22 immediately.
  • As soon as you have finished with your internet banking or when leave your computer, make sure you logout.

After browsing:

  • If you print statements or details from your internet banking session, protect them appropriately and securely dispose of them when they are no longer required.
  • CVV numbers are used for online purchases and are printed on the back of Credit Cards. Similar to PINs, don’t record or store your card’s CVV. The only record should be on the card itself.

Don’t store your member numbers or passwords anywhere in your mobile device or in the web browser of your mobile device. If someone else accesses your phone, you do not want them having these details freely available.

Where possible, keep your mobile device’s system and application software up to date and run security software if it is available.

Mobile Phone Porting

Fraudsters who have compromised your credentials may port or transfer your mobile phone number to another provider, allowing them to receive security codes and alerts sent to that phone via SMS. Consider the following:

If your phone service suddenly stops working, contact your provider immediately.If you believe your phone has been ported without your permission and you are registered for SMS security, please contact Heritage immediately on 13 14 22.

Safe Wi-Fi Practices

Wi-Fi networks can be very convenient and are becoming more common. You need to be aware that having or using an unprotected Wi-Fi network can expose your private information and potentially allow unauthorised persons to perform malicious activities to devices connected to it. Never assume free or public Wi-Fi networks are secure. Consider using the following on your own Wi-Fi network (you may need to reference your Wi-Fi router manual or seek advice when configuring your wireless router):

  • Enable encryption on your Wi-Fi router and use WPA2 if available. Avoid using the less secure WEP standard if at all possible.
  • Change the default password used to administer the router.
  • Use complex and difficult to guess Wi-Fi access and router administrator passwords.
  • Disable publishing or broadcasting of your Wi-Fi network name (or SSID) and change the name from the default.
More and more fraudsters are trying to “scam” people out of their hard-earned money. Scammers usually offer a product or service via spam emails that seem too good to be true or cold call asking for your personal information such as PINs or account details. Heritage will never ring you and ask you for this information.

It is impossible to list all scams currently being used as there are so many (and then, so many variations to the original scam). Here are some tips on how to avoid being scammed: 
Be wary of spam emails, chain letters and persons purporting to be representatives of Government Departments, financial institutions or other businesses.

Do not give your name, bank account details, copy of your passport, birth certificate or any other personal details to anyone other than for legitimate purposes. If someone contacts you asking for personal information, check carefully that they are legitimate.

Be suspicious of any correspondence from overseas asking you to forward large sums of money or advising that you have won a prize.

If someone blocks access to your computer or personal files, and then asks for a payment to remove that block, report the incident to the Police.

Here are examples of some current scams:

Phishing

Phishing’ refers to emails that trick people into giving out their personal and banking information. They can also be sent by SMS. These messages seem to come from legitimate businesses, normally banks or other financial institutions or telecommunications providers. The scammers are trying to get information such as bank account numbers, passwords and credit card numbers, which they will then use to steal your identity.

Nigerian Scam

A ‘Nigerian’ scam is a form of upfront payment or money transfer scam. Called Nigerian scams because the first wave of them came from Nigeria, they can come from anywhere in the world. The scammers offer you a share in a large sum of money that they want to transfer out of their country. The money may be trapped in central banks during civil wars or coups, often in countries currently in the news. Alternatively, you may be “entitled to” a share of massive inheritances that are difficult to access because of government restrictions or taxes in the scammer’s country.

Spanish Lottery Scam

An email or letter from an overseas lottery or sweepstakes company arrives advising that you have won a lot of money or fantastic prizes in a lottery or sweepstakes competition you did not enter. These scams often use the names of actual overseas lotteries (often Spanish lotteries), so may seem legitimate. However, you cannot win these lotteries without buying a ticket from an authorised distributor in the country it is from.

Money Mule scam

Spam emails, or other advertisements offering work-from-home opportunities are often fronts for illegal money laundering or attempts at identity theft. Participating in money laundering is a criminal offense.

For more detailed information about scams please follow the link to the Australian Government ”Scamwatch” Web site at http://www.scamwatch.gov.au. The Australian Competition and Consumer Commission (ACCC) runs this website to help you recognise, report and protect yourself from scams.

Your passbook is a visual record of your account with the bank. Heritage passbook accounts can be accessed via either a signature or PIN. 

  • Always protect your passbook from theft and unauthorised use
  • Keep your passbook in a safe and secure place
  • Don't give your passbook to another person for any reason
  • Never pre-sign withdrawal forms
  • Immediately notify us if your passbook is lost or stolen on 131422
Protecting you

Secure Communications Links

Encryption means converting information into a form that unauthorised parties cannot easily interpret, thereby protecting its confidentiality. Heritage Online uses Transport Layer Security (TLS) communications encryption to secure all information transferred between Heritage and our customers over the internet.

Heritage Online Security Features

  • Communication encryption to the login page as well as all online banking pages
  • The initial password must be changed on the first use of Heritage Online
  • Customers can change their password at anytime
  • We store encoded customer passwords rather than the passwords themselves
  • Passwords can be between 8 and 16 characters, and must contain letters and numbers
  • Passwords are not displayed on screen
  • A separate password can be used for Pay Anyone services
  • Automatic account lockout occurs after multiple failed login attempts
  • Automatic logout occurs when a session is left inactive for 10 minutes
  • Daily funds transfer limits and BPAY® limits are put in place
  • You have the ability to disable BPAY and / or funds transfer
  • We can send a confirmation e-mail for all balance altering transactions
  • Customers can view their Heritage Online session history

Heritage Mobile Banking Security Features

Heritage Mobile Banking is designed to be quick and easy to use on a wide variety of mobile devices. Because these devices have smaller screens, Heritage Mobile Banking has fewer features but still uses many of the same security features as our regular internet banking site. Your funds are also protected in the same way as offered by Heritage Online.

The same daily limits for transfers and BPAY that customers establish for their Heritage Online will apply when they are using Heritage Mobile Banking. Also, they will receive the same confirmation and alert email or SMS as they would for Heritage Online.

Traditional Banking

Among the ways Heritage protects customers using traditional banking systems are:

  • All Heritage cheque forms are crossed “Not Negotiable”.
  • Heritage uses a system that allows your signature to be stored invisible to the naked eye in your passbook, but readable by Bank staff.
  • Heritage passbook accounts can be accessed via a signature and an optional PIN (which Heritage recommends)
FAQs

Fraud and identity theft come in many forms, so you need to be constantly vigilant about your financial account and personal information. In particular, Heritage suggests that you:

  • Routinely check your statements for anything unusual and query the institution which issued the statement about any transactions you’re unsure of.
  • In the case of Heritage accounts, ring our Contact Centre on 13 14 22 with the details of any suspicious transactions.
  • Note unusual emails or phone calls from organisations you haven’t contacted, particularly if they ask for information about your identity.

If you do think you have been the target of fraud, you should immediately contact:

  • Heritage’s Contact Centre on 13 14 22 or email Heritage’s Fraud Team via the fraudalert@heritage.com.au email address. Have the details of your concerns at hand.
  • Your other financial institutions and advise them of your concerns.
  • The two main credit reporting agencies, Equifax Pty Ltd (www.equifax.com.au) and Dun & Bradstreet Credit Bureau (www.dnb.com.au) to get credit reports and advise them of your concerns. Both have specific services around dealing with fraud and identify theft.
  • Your local Police services. In Queensland, you can get more information about this through their web site www.police.qld.gov.au/.

The following are official Australian Web sites with more information about fraud: 

If you believe your computer may have been compromised: 

  • Disconnect your computer from the Internet.
  • Contact a reputable, local computer support company and have them fully remove any malicious software. Do not accept the assistance of someone contacting you where you haven’t initially asked for help. 
  • Contact Heritage via our Contact Centre on 13 14 22 as well as your other financial institutions as soon as possible.

Any claims resulting from such activity will be assessed on the details of each individual incident.

Heritage uses a “floating keyboard” for customers to enter their Heritage Online password to help protect customers from someone observing them enter their password.

The Heritage Fraud team monitors unusual transactions on our customer’s accounts. If you let us know that you will be overseas, we will be in a better position to determine if you are likely to be doing a transaction in a foreign country. Before leaving on your trip:

  • Check the expiry date of your card and that the magnetic strip on the reverse of the card is not damaged. If the card is due to expire while you plan to be away or is damaged, you may need to arrange with us for a new card prior to your departure.
  • Advise the Bank when and where your are travelling. We don’t require a detailed itinerary, only when you plan to travel and which countries and regions you plan on visiting.

To help protect from card fraud, Heritage suggests its customers consider the following:

  • Memorise your PIN. Don't use the same PIN for all your cards, and don't choose your date of birth or another number that might be recorded in your wallet or purse. 
  • Regularly check Heritage Online and your account statements. Call your financial institution if you see anything suspicious on your account.
  • Do not allow others to remove your credit/debit cards from your sight at anytime.
  • Card fraud has no borders, so be even more vigilant when travelling.
  • Know when your card is due to expire and look out for your new card. Call the card issuer if it doesn’t arrive. 
  • Immediately sign any new or replacement cards as soon you receive it. Ball point pen is preferred. 
  • Destroy old cards once they have expired.
  • Be sure your mail box is secure, and that only authorised people can access it.
  • Tear up/shred all credit card receipts and pre-approved card offers before you throw them away. Keep your account statements in a safe place until they are destroyed.
  • When you use your cards online, make sure you are using a secure website. For example, using Microsoft Internet Explorer look for a small key or lock symbol at the bottom right of your Web browsers window.
  • Consider using a separate card (with minimal limit/balance) for online purchases.
  • Don't give any card details unless you initiate the call or transaction.

If you believe your card has been compromised, immediately notify Heritage on 13 14 22.

Heritage suggests customers consider the following when carrying out online transactions:

  • Be very wary of opening or running files or clicking on links on untrusted websites or attached to unsolicited emails particularly if your asked for persona details or asked to carry out an online transaction.
  • Try not to do online financial transactions from public access computers, such as internet cafés. You have no way of knowing what software is on these machines or how secure they are.
  • Before logging in to a web site using an account and password, ensure that the site is secure. Different Web browsers show this in different ways. For example, in Microsoft Internet Explorer check for the following:
    • ‘https://’ is displayed at the start of the web address in your browser's address bar.
    • That your Web browser displays a padlock, indicating a secure connection.
    • The issued digital certificate from the site is valid. Double click the padlock on your browser and check the details to do this.
  • As soon as you have finished with your online transaction or when leave your computer, make sure you logout.
  • If you print statements or details from your online transaction, protect them appropriately and securely dispose of them when they are no longer required.
  • CVV numbers are used for online purchases and are printed on the back of Credit Cards. Similar to PINs, don’t record or store your card’s CVV. The only record should be the CVV on your card.
  • Consider registering for the Australian Government’s Stay Smart Online Alert Service via www.staysmartonline.gov.au.
Latest Alerts

If you ever suspect any unusual activity when using Heritage Online or the Heritage website, we would encourage you to call our Contact Centre on 13 14 22, or contact our fraud department via e-mail at fraudalert@heritage.com.au.

Security Alert: February 2018

Hoax phone calls - computer remote access

We’ve received reports that some Heritage Bank customers may have recently been targeted by hoax telephone calls from people claiming to be from Telstra. The caller may suggest there is a problem with your internet connection or phone line. They may then request remote access to your computer to ‘fix’ the issue. Once they gain access to your computer, they will attempt to obtain personal information such as your Heritage account number, card numbers, passwords and PINs. They may even try to trick you into thinking you are receiving an account credit and request that you provide account details in order to receive funds. Those who unsuspectingly provide their information to the third party may later discover their Heritage account has been accessed by unauthorised persons.

If you receive a phone call out of the blue about your computer or phone requesting remote access - hang up – even if they mention a well-known company such as Telstra. 

DO NOT provide any personal or sensitive information to the caller. If you have given information to the third party, it is most likely your device and possibly your account details have been compromised. Please immediately change ALL your Heritage online and phone banking passwords, and call Heritage Bank immediately on 13 14 22 (7:30 am - 7 pm AEST Monday to Saturday).

Security Alert: November 2017

Phone porting

Phone porting is a method used by scammers to hijack your phone number to try to gain access to your banking details.

What happens is that the scammers get hold of your mobile phone number, then arrange for it to be shifted across – “ported” - a different telco provider e.g. from Telstra to Optus. Once it is ported across, the scammer effectively gains control of your phone number.  The victim loses all service to their mobile phone and will not be able to make or receive calls or text messages. Once the scammers take control of your phone number, they can also receive two-factor verification codes such as SMS One Time Passwords sent to your phone, which can also unlock access to your bank accounts.

If you do suddenly lose access to your phone number, you should take immediate steps to contact your telco to check whether the number has been ported. If it’s confirmed that the phone number has been ported without permission, you should immediately contact your financial institutions to reset passwords and check recent transactions. 

Tips to stay cyber safe:

  • If you lose service to your mobile phone take immediate steps to contact your telco to confirm if it’s a network issue or a phone port. If ported, contact your bank immediately to reset passwords and check recent transactions.
  • Keep your anti-virus up to date on all PCs and Mobile devices. Conduct regular scans.
  • Do not give out your personal details to third parties.
  • Do not click on links or responded to emails that ask for you persons information or user names and passwords.
  • Change your passwords regularly
  • Check your transaction activity regularly and report any unauthorised activity to your bank immediately.
  • Visit www.scamwatch.gov.au to report a scam or learn more about common scams and how you can protect yourself.

For more information specifically about phone porting scams go to this link: https://www.scamwatch.gov.au/news/phishing-scam-emails-and-sms-continue

Security Alert: March 2016

Hoax emails and phishing scams

Heritage Bank customers may have recently been targeted by hoax emails, claiming to come from Heritage online and tempting the recipient to click on a link which goes to a forgery of the Heritage online website. This fake website is designed to capture personal information such as your Heritage member number, passwords and contact information. Those who unsuspectingly login to this site may later discover their Heritage online account has been accessed by unauthorised persons.

If you have received one of these emails (known as a "phishing" scam), please ignore it and simply delete it. The email in question is NOT from Heritage, do not click on the link or reply to the email. If you have followed the instructions in the hoax email and logged into the fake Heritage Online website, it is most likely your internet banking details have been compromised. Please immediately change ALL your Heritage online passwords, and also telephone Heritage Bank immediately on 13 14 22 (8:30 am - 7 pm AEST Monday to Saturday).

REMEMBER: While Heritage may send informational or confirmatory receipt emails, Heritage will NEVER send an email that would request the disclosure of any personal security details such as your PIN, Internet Banking passwords, credit card details or require you to click on links or attachments within the email to update or verify details.