Security is everyone's responsibility. ​It is important to be aware that when you communicate via the Internet, other people and software can also communicate with your computer or mobile device. An inadequately protected computer or mobile device can be accessed by an unknown party or a virus in a very short period of time.

Important Alert: Fraudulent Text Messaging

We have been notified that some members have received a text message with a link asking them to reset their online banking credentials.

We would never send you a text message and ask you to click on a link to verify your banking or personal information. Please DO NOT REPLY OR FOLLOW the instructions of these types of messages.

If you feel that you have been a victim of a scam or fraud or want to report a suspicious message contact us immediately at 1-855-220-2580

Security Features for Online Banking

​Our online services offer you the best security currently available and this is done through the use of industry standard security techniques, including:

Mobile Alerts

We encourage you to sign up for mobile alerts to be notified by text or email about events that have occurred in your accounts. For instance, get alerted right away anytime someone logs in to your account, if your Personal Access Code is changed or if a new payee or Interac e-Transfer recipient has been added.  You can also set up a notification when any large sums leaves your account or if your account balance falls below a certain threshold.

Types of Alerts

  • Security
  • Payments
  • Banking
  • Investments
  • Loans

How to Sign Up for Mobile Alerts on your desktop computer

  1. Login to Online Banking.
  2. Click on 'Messages and Alerts' in the left-hand Shortcuts navigation bar
  3. Select 'Manage Alerts' below
  4. Select 'Register for Alerts' 
  5. Add a mobile phone number or email address where you would like to receive your alerts
  6. Select the alerts you would like to receive

How to Sign Up for Mobile Alerts on your mobile device

  1. Open the Interior Savings mobile app
  2. Login to Online Banking
  3. Select the ‘Alerts’ icon
  4. Select ‘Manage’
  5. Select the alert(s) you would like to enable
  6. To set-up your notification preferences select ‘Settings’

Strong Personal Access Code (PACs)

In order to protect our members and Interior Savings from the ever increasing risk of fraudulent online banking usage, we now require our members to select a more secure PAC. A Strong PAC is longer and more complicated, containing a mixture of letters and numbers. Three failed attempts will automatically lock your online banking from further attempts and you will need to contact us to reset your access.

Tips for Creating a Strong PAC

  • Your PAC must include at least one uppercase letter, one lowercase letter, one number and be between 8 to 30 characters long. The following special characters ! # $ ’ ( ) , - . / : ? @ \ | are also permitted, but are optional
  • To help protect your account, avoid using names, dates or numbers tied to your identity (such as birthday, family name, pets, street).
  • Use a PAC that differs from your other banking, email, and social media accounts.
  • Creating a complex but memorable sentence or sequence of words and numbers will make it harder for others to guess your PAC.

How to Reset Your PAC

  1. Click the Online Banking tab.
  2. Click the Forgot your PAC? link to the right hand side of the PAC field.
  3. Enter your MEMBER CARD® debit card number and click Continue.
  4. Complete the Verify Your Identity form and questions. 
  5. Enter your new Strong PAC and click Continue.

Security Questions

Your security questions and answers are an important part of your online security and will be used in online and mobile banking only. We will not use them to confirm your identity over the phone or through any other banking channel.

How to Reset Your Security Questions

  1. Login to Online Banking.
  2. Enter your MEMBER CARD® debit card number, and your PAC, and click Login
  3. If you are prompted to, answer your security question(s).
  4. Once you are logged into Online Banking, select the Profile and Preferences option on the left navigation.
  5. Then select the Change Security Questions option.
  6. Select and answer your new security questions and click Next.
  7. Review your new security questions and answers, and click Next.

HIgh-Security Website Certificate

Interior Savings has enabled a high-security web certificate from Thawte Inc. that positively identifies our website, as being authentic.  Visitors to our website will see a green address and a security status bar with a pad lock that toggles between Interior Savings Credit Union [CA] and Identified by Thawte.  If you click on the security bar you’ll find more information that confirms our website is authenticated by Thawte.  


Encryption ensures that information cannot be read in transit or changed by scrambling the data using a complex mathematical formula. Some browsers can create a more secure channel than others, owing to the ‘strength’ of their encryption. We use only the strongest channel available - referred to as 128-bit SSL (Secure Socket Layer).

If you have a browser that only supports ‘weaker’ encryption such as 40-bit or 56-bit SSL, you will need to upgrade your browser before using our site. The longer and more complex the ‘key’ is, the stronger the encryption. The 40 and 128 refer to the length of the key. Since 128 is longer, than 40, it is more secure. According to Netscape, 128-bit encryption is trillions of times stronger than 40-bit encryption.

Protect Yourself

You have a responsibility to protect your personal information online. Learn how to keep your information safe below.

Protecting Your Personal Access Code (PAC)

Online credentials can be numerous as they are needed for email accounts, social networking sites, online newspapers and shopping websites. That’s a lot of usernames and passwords – and it can be tempting to use the same combination for everything. But this makes it far too easy for hackers because once they have one password, they can access all your sites. Login credentials are the keys to your accounts so don’t leave those keys around for anyone to find. For online banking, the key is your Personal Access Code (PAC). We recommend you:

  • Choose a PAC that is easy for you to remember but difficult for others to guess. Avoid using names, words, dates, or numbers that could be easily figured out.
  • Be smart and don’t save a list of your credentials on your PC. If you have to write them down, keep these details locked away somewhere only you can access or consider using password-management software, which secures and encrypts usernames and passwords and allows you to use a single master password.
  • Do not share your PAC with anyone, especially online. Employees of our financial institution will never call, email, write or ask you to provide your online banking credentials. Ever.
  • Don’t authorize browsers to memorize your credentials. Saving these on your computer allows anyone using your PC to gain access to your login-protected sites.
  • Consider changing your PAC every 90 days for optimum security.

Personal Details, e-Statements, and e-Documents

When you move, it is important to notify us of your change of address. If your mailing information isn't up-to-date, statements or letters that contain personal information will continue to be sent to your former address.


You may prefer to eliminate paper statements altogether, avoiding any possibility of mail theft. Eliminate paper documents, go electronic and be secure while doing it. Our e-Statements are a digital archive of your monthly banking activity than can be downloaded as a PDF from our secure online banking site.


Our e-Documents allow you quick and convenient online access to your financial documents: anytime, anywhere. Open the documents as PDFs and print your T5s, mortgage receipts or transaction receipts only as needed, while creating a safe and secure digital archive.

Logging In and Out

When you are finished with your banking session, always log out by clicking the “Log Out” button, as opposed to simply closing the browser window. To help protect your information, your online banking session will end automatically if there has been no activity for 20 minutes or if your visit lasts longer than 60 minutes. If your session has timed out, no further transactions can be made until you log in again. This time-out feature helps protect your accounts from unauthorized access if your PC is left unattended or if you have forgotten to log out.

​Clearing Cookies and Cache

When you spend time on the Internet, your browser stores information, such as the websites you visit, the images and files you view, and your personal information, including passwords and login details. This data is held on your computer’s hard drive and is known as ‘cache.’ Even though you may have logged out and closed your browser, this information may remain accessible. You can protect your data by clearing your browsing history regularly. This can be done in a few easy steps:

Safari Users 

  1. Click on the ‘History’ tab
  2. Select ‘Show all History’
  3. Choose the period you wish to erase and click ‘Clear History’

Chrome Users

  1. Click on the ‘kabob’ icon (3 vertical dots) on the right-hand side of the address bar (or use the ‘Ctrl-Shift-Delete’ shortcut)
  2. Select ‘History’
  3. Hover over the items you want to delete and click the box that appears
  4. After selecting the items, click ‘Remove Selected Items’

To delete all browsing history in Chrome:

  1. Select ‘All Browsing History’
  2. Choose the time frame you wish to erase
  3. Click ‘Clear Browsing Data’

Internet Explorer Users

  1. Click on the ‘Tools’ tab (or use the ‘Ctrl-Shift-Delete’ shortcut)
  2. Select ‘Delete Browsing History’
  3. Choose the options you wish to erase and click ‘Delete’

Firefox Users

  1. Click on the ‘History’ tab (or use the ‘Ctrl-Shift-Delete’ shortcut)
  2. Select ‘Show All History’ and/or 
  3. Choose the time frame you wish to erase and click ‘Delete’

Private Browsing

Some web browsers have a feature that allows you to browse the Internet without the browser storing information, such as the sites you visit, the images you see and videos you watch. This feature is sometimes used by people who share the same computer. Private browsing is a temporary option and must be selected in order for it to be activated. Private browsing, however, does not give you immunity to spyware or make you anonymous. It is still possible for your Internet service provider, employer or the websites you visit to track your online activity.

Transaction Alert System

With our Mobile Alerts feature mentioned above, you select what types of account activity you want to be notified about, and we’ll alert you through text message or email. These alerts allow you to monitor your accounts effortlessly and detect suspicious activity immediately.

While our alert messages provide balances and account activity, they will never ask for, or contain, your personal details, account numbers, login credentials or any other type of confidential information. Also, our notifications will never include any links or instructions to click or download anything.


Receive, manage and pay your bills through ePost, Canada Post’s free online service. To sign up, create an account and scroll through the list of partners to find which bills you can receive with epost. More than 100 organizations are supported as “Mailers,” including telecommunications and credit card companies and government agencies. You can also store your bills and statements securely on epost for up to seven years.  

Why use ePost™?

  • It's secure. Your bills are delivered (and stored) electronically to protect you from identity theft.
  • It's free. All of this at no cost to you.
  • It's convenient. No more filing. No more sorting. Organizing your bills is all done for you.
  • It's backed by Canada Post. The world's first electronic post office from a name you can trust.
  • It's green. Receiving your bills electronically helps the environment.

Use epost™ in 4 easy steps

  1. Create a free epost™ account. This is like creating an electronic mailbox. Follow the instructions in Online Banking to create the account that your electronic bills will be sent.
  2. Find and add "mailers". A "mailer" is a company that sends you a bill (they "mail" it to you). epost™ has over 100 mailers that you can use.
  3. Receive your bills electronically. Your bills will be sent electronically to your epost™ mailbox instead of to your home. You'll see a notice when you log in to online banking that a bill has arrived (and you can get an email, too).
  4. Pay your bill as soon as you receive it. Click "Pay" when you view your electronic bill in online banking, select the account you wish to pay from, and... your bill is paid.


You can protect yourself from these common situations by knowing how to identify and avoid these scams.

Phishing, Pharming & Scam Emails


A common way for Internet scammers to obtain your personal information is through a method called phishing. Usernames, passwords, banking information and credit card details are phished through email or instant messaging. Phishing works by sending communications, which appear to be from your financial institution, but they are not. You are asked, supposedly by your financial institution, to log in to your online banking to verify account information. Often some type of security concern is cited as the issue. The fake email instructs you to click on a link that takes you to a non-legitimate version of your online banking site – one that is largely indistinguishable from the legitimate site – and you’ll be asked to enter your credentials.

Phishing emails may include:

  • Warnings about account closures
  • Requests to update your information
  • Offers to register for a new service
  • Offers for pre-approved credit cards
  • Free virus-protection programs

Once you click on the link, which directs you to a phishing website, you’ll be prompted to enter personal or banking information. Phishing scams seek personal details, such as your address, social security number or mother’s maiden name. The details obtained will then be used for identity theft.

Scam Emails

Scam emails purporting to be from your credit card company or financial institution often have some telling signs, including:

  • Poor spelling or grammar
  • Alarmist content, warning that your account will be closed if you don’t provide your banking or personal details immediately
  • Notices that you’ve won a prize and are required to pay a fee in order to claim it

Never provide personal details or any account details in an email. Electronic messaging is not a secure form of communication. If you receive a message that you are unsure about, please contact us.


Another way for hackers to get their hands on your personals details is by pharming them. Pharming occurs when hackers use a malicious code on your PC, which compromises your computer’s host file and redirects you to fake websites. The malware hides the fraudulent URL, cloaking it in the legitimate one that appears in your browser. With pharming, the dishonest redirection of URLs happens even when you type correct URLs directly into your browser, making you think that you’re on the correct website when you are not. Once there, you are asked to enter your online banking credentials or account information, which hackers take and use for criminal activity.

​How to Avoid Phishing and Pharming Scams

We will never send you emails or communications asking you to verify or provide your online banking or personal details. The best way to protect yourself is to never use a link provided in an email to access your online banking (because we don’t send those; scammers do). Do not open emails or email attachments from unknown sources. Scan email through your anti-virus software.

Always type your financial institution’s website address directly into your browser and remember to look for confirmation that you are browsing securely. The letter “s” in ‘https’ indicates you are navigating in a secure site, in comparison to the open and unprotected ‘http’ URLs. Look for the ‘https’ when online shopping, too.

Don’t feel panicked when phishing emails caution of immediate account closures if your banking details cannot be verified. Don’t believe emails warning that your account has been compromised or that you’ll miss out on a great deal if you fail to act immediately. If you are concerned, call or visit one of our customer service representatives.

Anti-Virus Software

Install anti-virus software on your computer to protect your information, money and privacy. Such software detects viruses and cleans your computer so that harmful viruses do not spread. Set up your anti-virus to run frequent scans and update the software as soon as it is required. Ensure you have real-time scanning of every email and every file you download.


Malicious software (malware), spyware, worms and Trojans are the same class of destructive viruses; just with different names. Nobody wants a computer virus. They can steal your personal information, take over your PC and use your computer to attack other people’s computers. Your PC can become infected through email attachments, downloading infected content or visiting harmful websites.


Spyware is exactly what it sounds like – tracking software that is downloaded to your computer (without your knowledge) when you visit certain Internet sites. Secretly, it gathers information about you and your browsing habits. This information can be trivial or it can include passwords and personal data that you wouldn’t want criminals to get their hands on. It can also interfere with user controls and disable legitimate anti-virus programs.

The best way to protect your computer against spyware is smart browsing. Stay away from sites that look unsafe and avoid streaming or downloading content from untrustworthy sources. Many anti-virus products offer targeted spyware solutions that inspect your operating system, installed programs, downloads and files.

​Computers & Mobile Devices

Protect yourself at home and on-the-go.

​Operating Systems

Your computer’s operating system needs to be up-to-date in order to defend itself from viruses and malicious software (malware). If one part of your operating system develops a virus, it leaves holes in your PC’s security defences and compromises the safety of the information contained in your computer.

Keeping your software up-to-date is one of the most important ways of staying safe online because it is much harder for viruses to infect an updated operating system and software. Hackers are targeting operating systems with new viruses all the time and software companies combat these efforts with security patches. You should always download the latest security patch as soon as it becomes available.

Your operating system lets you know when updates are available by notifying you there are new security features to download. You can also upgrade your operating system to the latest version available from the manufacturer; however, you should ensure your computer has sufficient hardware capacity to support an upgrade.

Remember to back up your data. To fully eliminate a virus that has infected your machine, the re-installation of your operating system may be required. Protect yourself against the permanent loss of important data by frequently backing up your files on an external hard drive so you’ll have the data should you ever have a problem with your operating system.


Web browsers are the gateways to the Internet. Similar to having an up-to-date operating system, upgraded browsers provide more features, stability and security. Whether you use Internet Explorer, Firefox, Safari, Chrome or something else, stay safe online by using the latest version available.

The latest versions of web browsers have security features that can identify and block harmful and fake websites and pop-ups, and warn you if a site is flagged as unsafe. Some browsers also have a ‘Private Browsing’ feature, which conceals your browsing history from others.

We suggest you update your browser. Now.


A firewall protects your computer and home network from harmful websites and hackers. It sits between your computer and the Internet, scanning information that is being transmitted. It allows for safe browsing, while blocking unauthorized intrusions. Even though you may think you have no information of value on your PC, firewalls also stop your computer from being used by hackers to send malicious software to other computers.

Most computers now come with a firewall as part of the standard operating system. However, you can get the maximum protection for your computer by installing additional firewalls and ensuring they are kept up-to-date.

​Protecting Your Smartphone

Browsing the web has never been easier – it’s all at your fingertips. Smartphones let you surf, shop or bank wherever you are. Make sure your information stays secure while you’re on the move by following these smartphone-safe browsing tips:

  • Activate your phone’s password feature, which locks the screen and prevents anyone but you from accessing your phone. Set up the fingerprint, facial recognition, or password feature on your phone with a code that only you know.
  • Don’t connect to unknown networks through Wi-Fi hotspots to make financial transactions.
  • Beware of smishing – that’s phishing on phones through text messages. Never download media or images, or click on text-message links that come from unrecognizable people or phone numbers. Never provide personal details or any account details using any form of electronic messaging because this is not a secure form of communication. If you are unsure, please contact us.
  • Download apps exclusively from the official source for your smartphone’s platform, such as the Android, Apple or BlackBerry stores.
  • Install anti-virus software for your smartphone when available and update it frequently.
  • Install location finding applications, which work with your phone’s built-in GPS. These applications allow you to locate and/or remotely erase (or “wipe”) data in your phone if it is lost or stolen.
  • Update your smartphone’s operating system as soon as newer versions are available.

Wi-Fi & Online Shopping

​Using public wireless networks to access information is convenient, but not risk-free or secure. Be smart when you surf.

Protect Yourself From Wi-Fi Threats

  • Using only a trusted computer to access your online banking. Don’t use shared library or café computers.
  • Managing your online banking only from secure networks. We recommend that you don’t use unsecured public networks for anything regarding sensitive personal information.
  • Connecting only to password-protected networks. If there are several networks available, ask employees of the organization which network they operate.
  • Never leaving your computer unattended, especially if you are logged into your online banking.
  • Using different PACs and security questions as login credentials. If someone obtains your credentials for one site, such as a social networking site, you don’t want them to be able to access your other ones.
  • Ensuring you log out before you close your browsers.

Shopping Online

Online shopping is the epitome of convenience. There are no lines and no crowds, but it can also be a haven for fraudsters. Consider the following tips when using your credit cards online to ensure your information stays secure:

  • Make sure that you are shopping at a trusted retailer when you enter your credit card details online.
  • Provide retailers with only the necessary details to complete the transaction. These include your credit card number, expiry date, the security code on the back of the credit card and the card’s billing address. Never provide your social insurance number, account details or your mother’s maiden name. For shopping sites that require you to register with a username and password, we recommend you do not use your online banking PAC.
  • Use your credit cards only on e-commerce websites that use secure browsing technology on the screens where you enter your card information. Ensure the web address begins with ‘https’ (as opposed to ‘http’) and has a closed padlock icon on the screen.
  • Ensure that smaller retailers requesting credit card details have reputable contact details, a physical address and you feel comfortable with providing them your card information.
  • Never give your account or credit card details to anyone on eBay or Craigslist. 

Questions or Concerns?

Please contact us and we'll be happy to answer any questions or concerns you may have.