Electronic Banking Security Guidelines

Card security

To help protect the security of your card, you must:

• Sign the back of your card immediately on receipt;
• Destroy the card when it expires by cutting it diagonally in half (including any embedded microchip on the card, magnetic strip and card validation code);
• Not let anyone else use your card;
• Ensure you retrieve your card after every transaction;
• Take reasonable steps to protect your card from loss or theft; and
• Notify Australian Unity Bank immediately if you become aware that your card or card details (such as the card number and expiry date) has been lost, stolen, or has been used by someone else.
  
  

Internet Banking and Mobile App security

To help you protect your internet banking and mobile banking app

• Always log out of your internet banking or mobile app when not in use;
• Do not allow another person to use your internet banking or mobile banking app password to make purchases or payments;
• Notify Australian Unity Bank immediately if you are unable to log in to your internet banking or mobile banking app using your password; and
• Remove internet banking links or the mobile banking app prior to disposing of your phone, computer, tablet or other device.
  
  

Other important recommendations

To help you protect your PIN and keep passcodes safe

• Do not voluntarily disclose any of your PINs or passwords to anyone. You may disclose your telephone banking password to an Australian Unity Bank consultant;
• Do not write or keep a record of your PIN or password without taking reasonable steps* to protect it;
• Never enter your PIN or password into a web page which has been accessed by a link from an email or SMS, even if that email or SMS appears to have been sent from Australian Unity Bank, an Australian Government department or a utilities service provider;
• Take care to prevent other people seeing you enter your PIN or password; and
• * Taking reasonable steps to protect your PIN or passcode means disguising your PIN or password so it is difficult for another person to work out what it is. Consider avoiding:
  • Recording your PIN or password in reverse order;
  • Recording your PIN or password as a telephone number where no other numbers are recorded or where the numbers are in the correct sequence;
  • Recording your PIN or password as a date; or
  • Recording the PIN or password in an easily understood code such as A = 1, B = 2.
    
    

Definition

“Access Facility” means a facility we authorise for you to use as evidence of your authority to make an Electronic Transaction or to access information about your Account that does not require a manual signature and includes, but is not limited to:

- In the case of Telephone Banking or Internet Banking - any combination of your customer number, secret code or password;

- In the case of BPAY - any combination of your customer number, secret code or password; and

- In the case of Visa Card - your Visa Card and PIN used at an EFTPOS Terminal or ATM.

• The security of your cards, PINs, secret codes and passwords is very important because they give unrestricted access to your Account. You must make every effort to protect your cards, PINs, secret codes or passwords from theft, loss or unauthorised use, to help to prevent fraudulent or unauthorised use.
• You must not disclose your PIN, secret code or password to anyone (this includes family members or friends) or expose yourself to them being obtained, such as allowing a family member or friend to see you enter a PIN or password into an ATM or on a computer.
• You must not select a PIN, secret code or password that represents your birth date or a recognisable part of your name. If you do select a PIN secret code or password, such as your name, a recognisable part of your name or your birth date, you may be liable for any losses that occur as a result of unauthorised use of the PIN, secret code or password before you notify us that the PIN, secret code or password has been misused or has become known to someone else. We will advise you of this at the time of providing you with an Access Facility in which you will need to select a PIN, secret code or password and make a record of this.
• You must not record the PIN, secret code or password with any Access Facility or keep a record of the PIN, secret code or password on anything that is kept with or near any Access Facility that may be lost or stolen simultaneously, unless reasonable steps have been taken to carefully disguise the PIN, secret code or password, such as by hiding or disguising them among other records, hiding or disguising them in places where they would not expect to be found, keeping them in securely locked containers, or preventing unauthorised use of electronically stored PINs, secret codes or passwords.
• You must not act with extreme carelessness in failing to protect the security of your PINs, secret codes or passwords. Extreme carelessness means a degree of carelessness that greatly exceeds what would normally be considered careless behaviour, such as keeping a record of your customer number and password to access Internet Banking in your wallet or purse where you have also written ‘customer number and Internet Banking password.’

Customer Telecode to Authorise Transactions and Account Information

When opening an Account, you may provide us with a Telecode that we may accept as proof of identity and your authority for us to carry out certain transactions verbally via telephone. The use of the Telecode is voluntary; however, without it we may not be able to identify you to assist in carrying out certain transactions on your behalf. The type of enquiries, transactions or account information requests in which we may accept your Telecode to establish the identification of the person we are communicating with is listed on our website.

Telecode security

• You must not disclose your Telecode to anyone other than an authorised employee of Australian Unity.
• If at any time another person knows your Telecode, you should immediately contact us to change it. If you do not cancel the Telecode, you may be liable for any unauthorised transactions made on your Account.
• You must never write down your Telecode without taking reasonable measures to disguise it. The Telecode may be a combination of words or letters and should not be one that would be recognisable by others to complete unauthorised transactions (e.g. children's names, pet's names, a nickname or date of birth).
• Where there is a loss as a result of fraud or negligence by our employees or agents, you will not be liable for that loss.

We may at any time without notice cancel your Telecode if we suspect there is a risk to the security of your Account/s.

SMS One Time Passwords (OTP)

We provide an additional layer of protection to our customers using Internet Banking through SMS OTP. This means that once you register for this service, transactions can only be performed and completed if they are authenticated by an OTP.

The password is sent to your registered mobile phone number via SMS and each password is valid for approximately 5 minutes before your Internet Banking session times out.
In order to receive your OTP, you must register a valid Australian mobile number with us.
It is your responsibility to inform us of any changes to your nominated mobile number for OTP notifications.

You can register for an OTP by logging into Internet Banking and selecting the ‘Features’ menu option. Alternatively, you can contact us. Your OTP must never be given to another person. If you give your OTP to another person you may be liable for any losses that occur as a result of unauthorised use of the OTP.

Attempts to gain your personal information, banking information or transactions

Unfortunately, there are a lot of unscrupulous people who will try to trick you into giving out your personal information such as your full name, date or birth, account number or your financial information, and will try to trick you into transferring money to them.

To help protect yourself you should be aware of some of the different scams which might be used in an attempt to gain your sensitive information. The Scamwatch website is a good way of learning about the different types of scams and keeping yourself up-to-date and mindful of current scam warnings.

Some common scams are mentioned below and ways in which you can help protect yourself:

• Phishing:
  • Scammers may trick the person into providing bank or credit card details and paying them money.
  • Do not click on links contained within an email, SMS or web page and provide your personal or financial information. Australian Unity Bank will never ask you to provide you financial information via a link.
  • If you receive an email, SMS or call purporting to be from Australian Unity Bank, an Australian government department (such as the Australian Taxation Office or the Department of Health and Human Services) or another organisation that claims you owe money and need to pay it back, never respond to the request without independently verifying that the request is legitimate. For example, you might be able to verify the request by phoning or emailing the organisation directly on the phone number or email address published on their website.
• Remote access scams: if you receive a call, email or alert on a device claiming that you have an internet or computer problem do not allow an unknown person to access your computer to find out what the problem is. A scammer will either try and trick you into paying for a service you don’t need, ask for your bank details or credit card details which they may use to perform unauthorised transactions, plant a virus in your computer when they access your computer, or ask you to log on to your internet banking and steal your password. If you have a problem with a computer take it to a reputable computer service to be fixed.
• Romance scams: scammers may target people on dating sites. They gain their victims trust before asking for the person to send money, usually saying it is needed for a personal emergency or they may ask them to buy them gifts.
• Job and employment scam: this scam is intended to trick you into handing over your money by offering you a ‘guaranteed’ way to make fast money or a high-paying job for little effort. You may receive an email, letter or phone call offering you a false job opportunity to make money quickly. The job offer may require you to have money paid into your account and to then pass on a portion of this money into another bank account. The scam tricks a person into becoming a money mule for the scammer and the activity is likely to be a form of money laundering where a scammer is passing illegally gained money through a person’s bank account. Money laundering is a criminal offence.
  
  

If you believe an Electronic Transaction is wrong or unauthorised or your statement contains any instances of unauthorised use or errors, you must immediately notify us by phone on 1300 790 740 or email to the bankingsupport@australianunity.com.au and give us the following information:

• Your name, Account number and Visa Card number;
• The error or the Electronic Transaction you are unsure about;
• A copy of the statement in which the unauthorised Electronic Transaction or error first appeared;
• An explanation, as clearly as you can, as to why you believe it is an unauthorised Electronic Transaction or error; and
• The dollar amount of the suspected error. If your complaint concerns the authorisation of an Electronic Transaction, we may ask you or your Authorised User to provide additional information.