DUCA’s dedicated fraud team works to prevent, detect, and investigate fraud. Our daily business activities and due diligence practices include these security measures:
Regularly updating fraud detection and prevention systems and measures;
Ensuring our monitoring systems, controls, and security technologies are up-to-date and complemented by rigorous security procedures;
Proactive communications with Members to ensure transactions are legitimate.
DUCA’s online banking system is built upon a robust security framework so Members’ accounts and information are kept safe from unauthorized access. The following are some of the measures in place for online protection:
Increased Authentication: Increased authentication is one of the best ways to reduce the risk of unwanted access to an online account. The Member is required to select personal answers to security questions. Once the questions are set up, when access is attempted from an unrecognized device or computer, the system prompts the user to answer a security question before granting access. Failure to answer correctly after a few tries shuts out the user from further attempts and access is denied until re-instated by DUCA.
Encryption through SSL Technology: Secure Socket Layer (SSL) technology encrypts information as it moves from a Member’s computer or device to our online banking system ensuring a secure connection between a user and our banking site.
Account Alerts: Members may choose to receive alerts by email or text whenever their account is accessed for example, when log-in information is changed, if an additional payee or e-transfer recipient is added, and more. Alerts exist to ensure Members are aware of changes and can react quickly if they are not the one who initiated the change.
Multiple Levels of Security: Firewalls and multiple levels of server security are in place, internally and externally, to protect our online environment.
Use of a Personal Access Code (PAC): A PAC is your password to enter your online banking. (This is different from the PIN number used at ATMs or with a debit card at a point of sale.) The following best practices will protect your PAC:
Choose a PAC that is different from your other passwords.
Don’t include the numbers or symbols used in your PIN for ATMs or debit card purchases.
Make sure your PAC is easy for you to remember but difficult for others to guess.Don’t share your PAC.
Don’t write it down.
Don’t store it on your computer or device.
Don’t disclose your PAC in a voice mail or email.
When you input your PAC, shield it from others.
Change it regularly.
You are a primary line of defense against any fraudulent scheme. The following are a few tips that can assist in preventing fraudulent activity:
Never conduct financial transactions on behalf of strangers.
Be suspicious of any offer that sounds too good to be true.
Just because someone sends you a cheque doesn’t mean it is valid. If it is found to be NSF (insufficient funds in the account on which the cheque is drawn), it will be reversed out of your account and may put your account in a negative balance.
If you deposit a cheque, never wire funds to someone (based on the value of that cheque) until you’ve confirmed it is legitimate.
Cheque fraud, the most common financial crime, includes the following:
Counterfeit: cheque not written or authorized by the legitimate account holder
Forged: cheque signed by someone other than the account holder
Altered: cheque intercepted by someone who altered the payee and/or the amount
Minimize your risk of cheque fraud
Consider ways in which you can reduce your use of cheques, if possible. Electronic payments such as wire payments, direct deposit, and pre-authorized payments are more difficult to falsify or intercept. If you do use cheques, here is some advice:
Keep cheques in a secure location. Burglars know to search for cheques.
It’s generally wise to destroy any cheques that may be left over from a closed account.
Review chequing account statements as soon as you get them. (Or frequently check your online statement.) Contact your branch immediately if you notice anything unusual or unauthorized.
When laser-printing your own cheques, use cheque paper with permanent toner to permanently bond ink to paper.
Typical Phone Scams
Many scammers will attempt to reach you by phone and will target an individual in one of the following ways:
Tech Support Scams: This type of scam feeds off of people’s fear of computer viruses when an individual calls and falsely represents a reputable company with offers of “free security scans,” virus removal services, or anti-virus subscription renewals. After gaining the victim’s trust, the scammer may conduct a remote session on a person’s computer and then install their own products or steal personal information. Understand that major tech companies never call unless they are responding to a call you initiated. If you receive such a call, do not purchase software or services from them, provide your financial information, or share control of your computer. Instead, record the phone caller’s number and other information and then report it to your local authorities.
Tech scams also manifest as alarming – but fraudulent – pop-up warnings on your computer or emails claiming a computer is infected. Messages appear legitimate with an offer to remove a virus but the real intent is to deceive someone into providing access to their system or private information. They may also offer “services” requiring payment. As with a tech scam phone call, do not respond to these pop-up messages or emails.
The Canada Revenue (CRA) Scam: You should understand that the CRA does not initiate a conversation with taxpayers by phone. When the CRA needs to communicate, the first communication is by mail. They do not use email, text, or social media to contact taxpayers. So if someone calls, emails, or texts you claiming to represent the CRA, it’s a scam. Ignore their threats about owing back tax or the need to transfer money or provide private information. If in doubt, hang up and call the CRA yourself to see if the query is legitimate. If not, contact the police.
Fundraiser / Charity Scam: Be cautious about fundraisers or charity campaigns with which you are not familiar, especially if you are offered a generous gift in exchange for your donation. Ask for verification of legitimacy (a website, printed materials, a CRA registered charity number, etc.) before donating money for a cause.
Grandparents / Emergency Scam: Scammers know you care about your family. If someone calls claiming to be a relative in trouble who needs emergency funds, ask that person a personal family-related question that only your true relatives or close friends can answer. Or hang up and call back your relative’s phone number to see if the call is legitimate. Don’t succumb to the urgency communicated by the caller or the play on your sympathy.
Credit Card Scam: If someone calls representing himself or herself as an employee of a credit card company with news that your card or account has been compromised, and then tells you not to contact your financial institution for any reason, hang up. It’s an attempt to have you release personal information or conduct unwanted transactions. Understand that banks and credit card companies already know your account or credit card number as well as your personal details. Only trust the phone number printed on the back of your credit or bank card.
Familiarize yourself with these common scams:
Lottery Scam: If you receive a cheque accompanied by the claim you won a sweepstakes or lottery you never entered, be very skeptical. Often you’ll be told the cheque represents only part of your winnings with the remainder to be released once you “pay the tax.” This is an obvious scam as tax on lottery or sweepstakes winnings (if any) are paid directly to the government.
Overpayment Scam: With this scam, someone buys something from you but overpays for example, through an online classified listing such as Kijiji. Shortly after, you are asked to refund the difference. After, you discover the original payment to you was fraudulent and so your financial institution reversed the payment! If you already sent back the difference, you’ll be at a loss.
Earn Money from Home Scam: Be careful if someone contacts you to be a mystery shopper or an account manager from home and they “pay” you in advance. Like the “overpayment scam,” they’ll pay you too much & then ask for a refund. After you refund the difference, you’ll find the cheque for your “pay” bounced and you’re now out of pocket for the refund.
Foreign Investment Scam: Watch out if you’re asked to invest in a foreign company or property and then receive a cheque as an “advance” on future profits. Usually it’s followed by a request for you to send money for “service charges” on profits. You will then likely discover that the “advance” you deposited was fraudulent and returned, leaving you at a loss for the so-called “service changes.”
Inheritance Scam: Be suspicious if you’re contacted out of the blue (by letter, phone, text, email, or social network) by someone claiming to be a lawyer, banker, or foreign official saying you stand to inherit from a distant relative or wealthy benefactor. This is often followed by a request for you to pay “service fees” before you can inherit. That’s not how a legitimate inheritance works.
You must protect your identity because a criminal can piece together enough information about you to change your address, apply for loans or credit cards, and open accounts in your name.
Shred documents with your personal information.
Use caution when posting any personal information online.
Do not give account or card number information to anyone – in person, over the phone, or online – unless you know who you are dealing with.
Do not carry your Social Insurance Number card in your wallet unless it is necessary.
If your wallet or purse is lost or stolen, contact DUCA immediately at 1-866-900-3822 to block your accounts and cards from use.
Protect your Personal Identification Number (PIN) by blocking the view as you enter your PIN. Stay alert when you are using a bank machine by yourself.
Stay alert when you are using a bank machine by yourself.
Phishing is an attempt to trick you into disclosing personal or financial information. This could be attempted through an unsolicited email or text that appears to be from legitimate companies involved in financial services claiming your account has been breached. You are then urged to click on a link that takes you to a website which looks authentic…but it’s fake. The phony site will ask you to change your password and/or provide personal information such as credit card and account numbers, date of birth, social insurance numbers and other personal details.
Be careful of all such attempts and remember: Your financial institution already has your important information and would never request you to provide personal information via email or text. Call your financial institution yourself to verify the legitimacy of any email or text you receive, if you are suspicious.