At Heritage, we’re committed to protecting you from fraud. Our Fraud Management and Information Security Teams are constantly updating our processes and technologies to keep you safe.
If you suspect any unusual activity has occurred while using Heritage Online or other services please contact us on 13 14 22 or send an email to our Fraud Team at email@example.com with details of what has happened.
This page provides some more information about how we protect you from fraud, some tips on how you can protect yourself, and updates on some recent fraud examples.
Never disclose your personal or account information over the phone, unless you initiated the call.
We suggest the following tips for choosing and keeping a PIN:
Your password is the access key to your internet banking, so choose it carefully. A secure password is one that is difficult to guess, does not contain any identifying information (such as your name or telephone number), and is complex. Here’s some ideas to help make your password secure:
Identity fraud involves fraudsters using someone else’s personal information for things like opening bank accounts and applying for credit cards or loans. Those accounts and cards are then used illegally to incur debt, which can also ruin your credit rating.
Identity fraud is a growing problem worldwide, and costs billions of dollars a year in Australia. Fraudsters use a mixture of tactics to acquire information such as your date of birth, address, mother's maiden name and passwords. They could simply steal documents from a garbage bin or letter box, or they could use sophisticated computer-based software to get your data. They might then sell the data or use it themselves for identity fraud.
We use your personal information to identify you when you open or update your Heritage accounts. We will only ever ask these personal identification questions over the counter in a branch, or when you phone our Contact Centre. Do not provide the answers to your personal identification questions under any other circumstances.
If you suspect someone has stolen your identity, please refer to the FAQ section at the bottom of this page for steps on resolving the issue.
To protect your identity, and subsequently your personal reputation and credit rating, consider the following suggestions:
Fraudsters can access your credit/debit cards details in many ways (e.g. data compromise or mail theft) and use this information over the phone or online to make purchases, or to create counterfeit cards to withdraw cash at ATMs. The following suggestions may help protect your credit/debit cards:
When using an ATMs and EFTPOS terminals consider the following:
When using a computer connected to the Internet, consider the following safe computing tips:
Don’t store your member numbers or passwords anywhere in your mobile device or in the web browser of your mobile device. If someone else accesses your phone, you do not want them having these details freely available.
Where possible, keep your mobile device’s system and application software up to date and run security software if it is available.
Fraudsters who have compromised your credentials may port or transfer your mobile phone number to another provider, allowing them to receive security codes and alerts sent to that phone via SMS.
Consider the following:
Wi-Fi networks can be very convenient and are becoming more common. You need to be aware that having or using an unprotected Wi-Fi network can expose your private information and potentially allow unauthorised persons to perform malicious activities to devices connected to it. Never assume free or public Wi-Fi networks are secure. Consider using the following on your own Wi-Fi network (you may need to reference your Wi-Fi router manual or seek advice when configuring your wireless router):
More and more fraudsters are trying to “scam” people out of their hard-earned money. Scammers usually offer a product or service via spam emails that seem too good to be true or cold call asking for your personal information such as PINs or account details. We will never ring you and ask you for this information. It is impossible to list all scams currently being used as there are so many (and then, so many variations to the original scam).
Phishing’ refers to emails that trick people into giving out their personal and banking information. They can also be sent by SMS. These messages seem to come from legitimate businesses, normally banks or other financial institutions or telecommunications providers. The scammers are trying to get information such as bank account numbers, passwords and credit card numbers, which they will then use to steal your identity.
Nigerian ScamA ‘Nigerian’ scam is a form of upfront payment or money transfer scam. Called Nigerian scams because the first wave of them came from Nigeria, they can come from anywhere in the world. The scammers offer you a share in a large sum of money that they want to transfer out of their country. The money may be trapped in central banks during civil wars or coups, often in countries currently in the news. Alternatively, you may be “entitled to” a share of massive inheritances that are difficult to access because of government restrictions or taxes in the scammer’s country.
Spanish Lottery ScamAn email or letter from an overseas lottery or sweepstakes company arrives advising that you have won a lot of money or fantastic prizes in a lottery or sweepstakes competition you did not enter. These scams often use the names of actual overseas lotteries (often Spanish lotteries), so may seem legitimate. However, you cannot win these lotteries without buying a ticket from an authorised distributor in the country it is from.
Money Mule scam
Spam emails, or other advertisements offering work-from-home opportunities are often fronts for illegal money laundering or attempts at identity theft. Participating in money laundering is a criminal offence.
For more detailed information go to the Australian Government ”Scamwatch” website. The Australian Competition and Consumer Commission (ACCC) runs this website to help you recognise, report and protect yourself from scams.
Your passbook is a visual record of your account with the bank. Heritage passbook accounts can be accessed via either a signature or PIN.
Protecting your cheques is important to keep your funds safe.
At Heritage, we help you protect your finances by providing cheque books for personal cheque account members with the latest security features.
Here are some more hints on protecting your cheque facility:
Heritage Mobile Banking is designed to be quick and easy to use on a wide variety of mobile devices. Because these devices have smaller screens, Heritage Mobile Banking has fewer features but still uses many of the same security features as our regular internet banking site. Your funds are also protected in the same way as offered by Heritage Online.
The same daily limits for transfers and BPAY that customers establish for their Heritage Online will apply when they are using Heritage Mobile Banking. Also, they will receive the same confirmation and alert email or SMS as they would for Heritage Online.
We protect our customers using traditional banking systems in a number of ways, including:
Heritage Online uses Transport Layer Security (TLS) communications encryption to secure all information transferred between Heritage and our customers over the internet. Encryption means converting information into a form that unauthorised parties cannot easily interpret, thereby protecting its confidentiality.
If you ever suspect any unusual activity when using Heritage Online or the Heritage website, please contact us.
We’re aware of hoax emails and phishing scams claiming to come from Heritage Bank or link to Heritage internet banking. These emails or messages ask the recipient to click on a link which goes to a forgery of the Heritage Online website.
These fake websites are designed to capture personal information such as your Heritage member number, passwords and contact information. Those who unsuspectingly login to these sites may later discover their Heritage Online account has been accessed by unauthorised persons.
If you have clicked on link in a suspicious email or logged into a fake Heritage Online website, it’s very important that you change ALL your Heritage Online passwords, and call us immediately on 13 14 22.
When in doubt, do not click on any links contained within the email and make sure to visit the Heritage Bank website directly. You can also call us to check whether or not any communications you receive are genuine.
REMEMBER: while Heritage may send informational or confirmatory receipt emails, we will NEVER send emails that ask you to share personal security details such as your PIN, CCV number, internet banking passwords, credit card details, or require you to click on links or attachments within the email to update or verify details.
We’ve received reports that some Heritage Bank customers may have recently been targeted by hoax telephone calls from people claiming to be from Telstra. The caller may suggest there is a problem with your internet connection or phone line. They may then request remote access to your computer to ‘fix’ the issue. Once they gain access to your computer, they will attempt to obtain personal information such as your Heritage account number, card numbers, passwords and PINs. They may even try to trick you into thinking you are receiving an account credit and request that you provide account details in order to receive funds. Those who unsuspectingly provide their information to the third party may later discover their Heritage account has been accessed by unauthorised persons.
If you receive a phone call out of the blue about your computer or phone requesting remote access - hang up – even if they mention a well-known company such as Telstra.
DO NOT provide any personal or sensitive information to the caller. If you have given information to the third party, it is most likely your device and possibly your account details have been compromised. Please immediately change ALL your Heritage Online and phone banking passwords, and call Heritage Bank immediately on 13 14 22.
Phone porting is a method used by scammers to hijack your phone number to try to gain access to your banking details.
What happens is that the scammers get hold of your mobile phone number, then arrange for it to be shifted across – “ported” - a different telco provider e.g. from Telstra to Optus. Once it is ported across, the scammer effectively gains control of your phone number. The victim loses all service to their mobile phone and will not be able to make or receive calls or text messages. Once the scammers take control of your phone number, they can also receive two-factor verification codes such as SMS One Time Passwords sent to your phone, which can also unlock access to your bank accounts.
If you do suddenly lose access to your phone number, you should take immediate steps to contact your telco to check whether the number has been ported. If it’s confirmed that the phone number has been ported without permission, you should immediately contact us as well as your other financial institutions to reset your passwords and check recent transactions.
Tips to stay cyber safe:
For more information specifically about phone porting scams go to this link: https://www.scamwatch.gov.au/news/phishing-scam-emails-and-sms-continue
Fraud and identity theft come in many forms, so you need to be constantly vigilant about your financial account and personal information. In particular, we suggest that you:
If you suspect someone has stolen your identify, please take the following steps:
The following are official Australian Web sites with more information about fraud:
If you believe your computer may have been compromised:
Any claims resulting from such activity will be assessed on the details of each individual incident.
The Heritage Fraud team monitors unusual transactions on our customer’s accounts. If you let us know that you will be overseas, we will be in a better position to determine if you are likely to be doing a transaction in a foreign country. Before leaving on your trip:
To help protect yourself from card fraud, consider the following tips:
If you believe your card has been compromised, please contact us.
Before logging in to a web site using an account and password, ensure that the site is secure. Different Web browsers show this in different ways. For example, in Microsoft Internet Explorer you can check that ‘https://’ is displayed at the start of the web address. If your Web browser displays a padlock, this indicates a secure connection and that the issued digital certificate from the site is valid.
Similar to PINs, don’t record or store your card’s CVV. CVV numbers are used for online purchases and are printed on the back of Credit Cards. The only record should be the CVV printed on your card.
Some other tips to consider: