Online Security FAQs

The Internet is a vast, largely unregulated, network of computers that spans the world. There are no laws that embrace the Internet in its entirety. The security and protection of your personal information and online transactions is therefore of paramount importance. Accordingly, we have adopted a range of security practices designed to safeguard your information from unauthorised access. Equally, online security requires your alert participation. There is a range of things you should do to minimise the risk of fraud.

We have placed the utmost importance in ensuring that your personal details, funds and account information remain secure from unauthorised access.

The Mac employs banking industry standard 128-bit encryption of confidential data sent to and from this site to ensure that no information can be intercepted and read by others. Encryption scrambles the data that is sent on the line to stop people who may try to tap into or hack into Internet communications. The closed padlock on the bottom of the Online Banking browser page indicates that the Online Banking site is secure.

Tip: To check that you are using a secure web address, look at the root of the web address following the letters "http://". In a secure site you will see "https:/". The letter "s" signifies that you are accessing a secured address. In addition, our system has various security features to safeguard your transactions and personal information.

These include:

• Secure login pages - your access information is encrypted (scrambled)
• Member chosen access codes - you can change your access code at any time
• Login name (membership number)
• Password anonymity - you are the only person that knows your access code
• The Online Banking login page is unable to be cached - this means that your personal login information is erased when you leave the login page and cannot be retrieved by anyone else using your computer
• System lock after 3 attempts - if a user enters an access code incorrectly 3 times, Online Banking will be locked and the account blocked. The system can be unlocked and your access code reset when The Mac is contacted and the person is identified as the account owner
• Timeouts for session inactivity - your Online Banking session will time out after 5 minutes if there is no activity with your banking session.

There are two things you should do:

• Become familiar with the types of online fraud you may experience.
• Adopt responsible practices for the protection of your own personal information.

Online Banking consumers can be targeted by a range of email scams involving various hoax emails. Hoax emails are usually sent to large numbers of email addresses in anticipation of reaching users of online banking facilities. Because of the large number of emails involved and the random nature of the hoax, these frauds are often called 'phishing'. The hoax emails seek to trick online banking consumers into disclosing confidential financial information such as their Online Banking login and password details, thereby providing the perpetrators of the fraud with illegal access to their accounts. The emails can look very professional and give the appearance of coming from a legitimate financial institution.

Techniques that have been used so far include:

• Asking consumers to update their login and password details for 'security' purposes. The users are directed to an authentic looking but false website. In some cases, the website address is also very close to that of the targeted financial institution. When users try to login to their accounts, their login and password details are captured.
• Luring users into opening emails or attachments that secretly install 'Trojan' virus programs. Trojans are computer programs that secretly install themselves on a user's computer without the user even knowing about it. In the case of online banking fraud, Trojans are used to log and capture key strokes (such as Online Banking usernames and passwords).
• Falsely alerting consumers to suspect transactions on their account. If the recipient follows the link embedded in the email, a virus covertly installs a Trojan program that logs key strokes.
• Directing a user to a false website (such as one email purporting to come from the federal police) where a Trojan program is installed to log key strokes.

Having used these or similar techniques to capture login and password details, fraud perpetrators are then able to illegally access accounts and withdraw funds.

The Mac will never send an email that:

• Asks for your Online Banking login details or credit card details via phone or email
• Sends you a link to an Online Banking login page
• Asks you to communicate your passwords to us in any form

If you receive a suspicious email purporting to come from a financial institution:

• Contact us to verify the email
• Delete the email immediately and do not click on any links

If you have clicked on any links in the email:

• Perform a scan for possible viruses and Trojans using your virus protection software. Should you require further information, please contact your software vendor.
• After you have completed a scan on your computer, please contact your financial institution to report the occurrence and have your Online Banking access code re-set.
• If you don’t have anti-virus protection, we recommend that you do not use Online Banking until you have up-to-date anti-virus protection.

Identity theft occurs where a criminal obtains the personal details of an individual to masquerade as that individual and, typically; transfer funds, obtain cash, secure loans and other financial benefits. The individual is then left to deal with the debts so incurred along with the associated legal implications.

Identity theft can occur when a fraudster gets access to your personal information such as your date of birth, your address, your driver’s licence number and information from utilities, phone and credit union/bank account records.

This can be obtained through:

• Email scams such as those mentioned above
• Similar telephone scams; and
• Theft of your records and/or mail.

• Be diligent with all personal information to minimise the risk of loss/theft (eg. by keeping tax records and other financial documents in a safe place);
• Minimise the risk of mail theft by securing your mailbox (eg with a padlock);
• Cancel unused credit union/bank/utility/phone accounts;
• Securely dispose of any documents that may contain personal details (such as account statements, credit card transaction slips, bills, etc);
• Regularly obtain a copy of your personal Credit File to make sure there is no unusual activity on your file

Members should also be alerted to a number of fraudulent job scams advertised on the Internet which entice users to act as money transfer agents for a third party. Consumers are duped into using their own accounts to transfer money for third parties as part of an ostensibly legitimate business transaction for a commission based on a percentage of the transfer. In fact, they become part of a money laundering operation for transferring stolen money. Again, these false job websites appear very professional and can be very convincing.

Exercise extreme caution with any online job offer where you are asked for your personal and banking details.

See our list of useful online security links.

We have sophisticated online security that automatically reviews all payments sent online and this means that payments may be placed on hold to protect your accounts. If this happens, you will receive an SMS from our Fraud Monitoring department asking you to confirm the payment. This SMS will come from either +61 437 126 492 or +61 489 988 024. You may be asked to call the Fraud Monitoring team - their number is 1300 705 750.