We take many precautions to protect our online banking environment and ensure your information is safe. Our online services offer you the best security currently available in a commercial environment so that your personal and financial information is protected while in transit between your computer and our server. This is done through the use of industry standard security techniques such as encryption. Learn more about CWB Group's approach to cyber security here.

Encryption ensures that information can’t be read or changed in transit by scrambling the data using a complex mathematical formula. Some browsers can create a more secure channel than others, owing to the 'strength' of their encryption. We use only the strongest channel available - referred to as 128-bit SSL (Secure Socket Layer). If you have a browser that only supports 'weaker' encryption such as 40-bit or 56-bit SSL, you will need to upgrade your browser before using our site. The longer and more complex the 'key' is, the stronger the encryption. The numbers refer to the length of the key. According to Internet security specialists, 128-bit encryption is trillions of times stronger than 40-bit encryption.

We also make sure that only individuals who provide an authentic Personal Access Code (PAC) can access your account information. To help protect your information, your online banking session will end automatically if there has been no activity for 20 minutes.

Access to our databases is strictly managed and systems are in place to ensure security is not breached, including the physical security of our computer hardware and communications.

For more information on the specific policies and practices that we use to safeguard your personal and financial information, please click here to view our privacy statement.

Protecting your PAC

You know that your role in making sure your home and possessions are safe is important. Your role in making sure your personal information is protected is just as important.

In order for us to ensure that you are the only one accessing your accounts, we need a unique way of knowing that it's you. Your Personal Access Code (PAC) - helps us make sure that you are the only one who can access your accounts.

It is your responsibility to ensure that your PAC  for your online banking is protected. Follow the security practices below to keep your PAC protected.

• Select a PAC that is easy for you to remember but difficult for others to guess.
• Do not select a part of your PIN (your ATM 'key') or another password.
• Keep your PAC confidential and do not share it with anyone.
• Do not write your PAC down or store it in a file on your computer.
• Never disclose your PAC in a voicemail,  email or over the telephone.
• Ensure no one observes you typing in your PAC.
• Change your PAC on a regular basis. We suggest every 90-120 days. Changing your PAC is easy and convenient. Simply log on to your online banking and select 'My Profile' and follow the directions provided.

Protecting your computer

We make sure you have a secure channel to communicate with us through online banking. Once the information has reached your computer, it's up to you to protect it.

To protect your information, you should:

• Never leave your computer unattended while logged into your online banking.
• Always exit the site using the logout button and close your browser if you step away from your computer. Your browser may retain information you entered in the login screen and elsewhere until you exit the browser.
• Prevent the browser from caching (storing) the pages that you view by using the Enhanced Security feature located on the login screen. If you have to access the online banking section of the website from a shared computer, such as at a friend's house or through a publicly-accessible computer, such as at a library or airport make sure you use this feature.
• Secure or erase files stored on your computer by your browser so others can’t read them. Most browsers store information in non-protected (unencrypted) files in the browser's cache to improve performance. These files remain there until erased. They can be erased using standard computer utilities or by using your browser feature to 'empty' the cache.
• Disable automatic password-save features in the browsers and software you use to access the Internet.
• Install and use a quality anti-virus program. As new viruses are created every day, be sure to update your anti-virus program often. We recommend you update anti-virus definitions weekly or have them set to automatically check for updates each time you use your computer. Scan all download files, programs, disks and attachments and only accept files and programs from a trusted source.
• Install and use a personal firewall on your computer to ensure others can’t access your computer through the Internet.
• Install new security patches as soon as your operating system and Internet browser manufacturers make them available.
• Install an anti-spyware program and check your computer regularly.

Protecting your information when using a public computer

Be extremely careful with your online banking  when using a public computer. Use the tips above to protect your information. Keep in mind that even popular programs, like search engines, can pose a security risk on a public computer. Certain desktop programs, like Google Desktop, cache items that you have viewed so you - or potentially, an unwelcome third party - can easily search and find those pages later again.

If you are planning to use a program like Google Desktop when using a public computer, the Enhanced Security feature located on the login screen will not stop these types of programs from caching the pages you view. Make sure you adjust the search program preferences so it doesn’t store secure pages you wish to view. If you forgot to adjust the preferences before banking online, you can remove the stored items via the Google Desktop results page by clicking on the Remove items link.

The website uses a small piece of data called a "cookie" to better serve our visitors and clients. Cookies are created by the web server and are sent to the web browser. Only the web server that created the cookie can retrieve the information contained in the cookie. There are two types of cookies, "session cookies" and "persistent cookies".

A session cookie is a temporary storage of information between the web server and web browser. No information is written or stored on a user computer. The session cookie provides us with information that enables us to ensure that each request for information really came from you and that we deliver the information only to you. The cookie also lets us know when to timeout your connection automatically if there has been no activity for an extended period of time. We use session cookies for our Internet banking service.

A persistent cookie is a small text file containing non-confidential information used by the web server and web browser, and is stored on the user's computer. The information is used to store your preferences when visiting the website in order to better serve you when you return to the Website. No contact information is stored in a persistent cookie.

Web browsers are currently unable to distinguish between "session" and "persistent" cookies. If you set your web browser to prevent cookies, you will be unable to use the website.

To ensure a safe and secure Internet session, only visit reputable sites. If you visit any questionable websites beforehand, we recommend you close your browser and restart it before proceeding to use our online banking services.

Electronic identity theft can occur when you respond to a fraudulent email that asks for your personal banking information. Armed with this information, a person may be able to access your accounts or establish credit, pay for items or borrow money using your name. You can help protect yourself from electronic identity theft by following some simple precautions.

Safety precautions for online banking:

• The easiest way to tell if an email is fraudulent is to remember that we will never ask you for your personal passwords, personal information numbers or login information in an email. Legitimate financial institutions do not include links to their online banking in email communications to clients.
• When banking online, check the address of any pages that ask you to enter personal account information. In the toolbar at the top of the page any legitimate Internet banking web site will begin with 'https' to indicate that the page is secure.
• Look for the padlock found in the lower right corner of your screen. If the page is legitimate, by clicking on the padlock, you can view the security certificate details for the site. A fraudulent site will not have these details.
• Type in our web address yourself to ensure you are transacting with our server.
• Check your bank and credit card statements regularly to ensure that all transactions are legitimate.
• If you suspect you have received a suspicious email pretending to be from Canadian Western Bank (CWB), CWB Group or Motive Financial, and that asks you to follow a provided link to a website, please report the email by forwarding it to phishing@cwbank.com. Once you have reported the phishing email, delete it without replying or clicking on any of the links provided in the email.

Contact us immediately if you suspect someone has gained knowledge of your PAC/PIN, or if you suspect any loss, theft or unauthorized use of your account.