Security is everyone's responsibility

What we are doing to protect your security

We take many precautions to protect the online banking portion of our environment and ensure your information is safe. Our online banking services offer you the best security currently available in a commercial environment so that your personal and financial information is protected while in transit between your computer and our server. This is done through the use of industry standard security techniques such as encryption. Encryption ensures that information cannot be read in transit or changed by scrambling the data using a complex mathematical formula. Some browsers can create a more secure channel than others, owing to the 'strength' of their encryption. 
We use only the strongest channel currently available - referred to as 128-bit SSL (Secure Socket Layer). If you have a browser that only supports 'weaker' encryption such as 40-bit or 56-bit SSL, you will need to upgrade your browser before using our Internet banking site. The longer and more complex the 'key' is, the stronger the encryption. The 40 and 128 refer to the length of the key. Since 128 is longer than 40, it is more secure. According to Netscape, 128-bit encryption is trillions of times stronger than 40-bit encryption.

We also ensure that only individuals who provide an authentic Personal Access Code can access your account information. To help you protect your information, your online banking session will end automatically if there has been no activity for 15 minutes.  Access to our databases is strictly managed and systems are in place to help ensure security is not breached, including the physical security of our computer hardware and communications.

For more information on the specific policies and practices that we use to safeguard your personal and financial information, click on the Privacy tab on the bottom of this page.

Internet Security

The Internet has changed the way financial institutions do business. Internet banking provides convenient access to information and the ability to perform transactions from home, work or other locations. It is important to be aware that when you communicate via the Internet, other people and software can also communicate with your computer. Through the use of various techniques and technologies, fraudsters trick unsuspecting internet users into divulging personal and financial information. An inadequately protected computer can be accessed by an unknown party or a virus in a very short period of time.

What you need to do to protect your computer and PAC

Just as you play a vital role in ensuring the security of your home and your possessions, you too share in the responsibility for ensuring that your personal information is adequately protected. While we take strong measures to protect the security and privacy of your information, there are important steps that you should take to help protect your information when using the internet.

Protecting your Personal Access Code (PAC)  
In order for us to ensure that only you are accessing your accounts, we need a unique way of knowing that it's you. Just as the key to your home protects unwanted entry, the online banking 'key' - your Personal Access Code (PAC) - ensures that only you can access your accounts.

It is your responsibility to ensure that your 'key' to MemberDirect is protected. Please observe the following security practices:  

  • Select a PAC that is easy for you to remember but difficult for others to guess. 
  • Do not select a part of your PIN or other password as your PAC. 
  • Keep your PAC confidential and do not share it with anyone. 
  • Do not write down your PAC or store it in a file in your computer. 
  • Never disclose your PAC in a voice mail or e-mail, or over the phone.
  • Ensure that no one observes you typing your PAC. 
  • Change your PAC frequently (every 90-120 days).

Protecting your Computer, Laptop, and Tablet

We have provided a secure channel for our Members to communicate with MemberDirect. Once the information has reached your computer, however, it's up to you to protect it. To protect your information, you should:   

Use a Firewall

When connected to the internet, users are particularly vulnerable to computer intrusions
and attacks because the internet connection provides "always-on" connection capability. The likelihood of a malicious individual accessing your computer increases significantly the longer your computer is on and connected to the internet. Remember – you can work offline and only access the internet when you need it.

Ensure your computing system has an up-to-date firewall to prevent others from accessing your computer and your information through the internet.

Always ensure your firewall is enabled and up-to-date.

Install Security Patches

Malware programs commonly target security gaps in operating systems such as Windows and Android, and secondary software such as Oracle Java, Adobe Acrobat/Flash, and Internet Explorer. Installing security patches is an important layer of security in addition to the steps below.

Configure operating system and secondary software to regularly install security patches as soon as they become available, and consider removing secondary software programs that you do not use.

Use Anti-Virus Software

Anti-virus software can protect you from "trojan horses" or other types of viruses, which are programs that allow others to gain control of your computer system remotely without your knowledge or consent. These programs are used to capture and transmit your personal information.

Ensure your anti-virus software is enabled and configured to run daily updates and regular virus scans.

Use Anti-Spyware

Spyware monitors internet surfing habits and collects personal information from the
computer. Typically, spyware is secretly installed and can be difficult to detect.

Anti-spyware software can remove and detect spyware, but is most effective when
combined with a firewall and anti-virus software. Ensure your anti-spyware is
enabled and configured to run daily updates and regular spam scans.

Choose Unique Passwords

Choose passwords that are a minimum of eight characters long and include a combination of letters, numbers, and special characters.
Use a unique password for each login ID.
Disable the web browser auto-complete function of your login IDs or passwords to prevent others using your computer from having instant access.
Keep your passwords confidential.
Change your password regularly, especially if you might suspect it has been guessed or seen by someone else.

Never leave your computer unattended while using MemberDirect. 

Always exit MemberDirect using the “log out” button and close your browser if you step away from your computer. Your browser may retain information you entered in the login screen and elsewhere until you exit the browser.  The log out button also clears the browser cache.

Prevent the browser from caching (storing) the pages that you view by taking advantage of the Enhanced Security feature.  In order to take advantage of this feature, you must use the logout button when you exit our Internet banking site.  Please note that the log out button does not clear the caching of .pdf files.  Therefore, it is strongly recommended that you manually delete cached files (as further described below) from your computer after each use of our Internet banking site.  

Secure or erase files stored on your computer by your browser so others cannot read them. Most browsers store information in non-protected (unencrypted) files in the browser's cache to improve performance. These files remain there until erased. They can be erased using standard computer utilities or by using your browser feature to "empty" the cache. 

Disable automatic password-save features in the browser and software you use to access the Internet. 

Do not use Memorize Account feature on publicly available computers.  Our Internet
banking site provides you the option of having your card number automatically filled in.  You should not select this option on publicly available computers. 

Protecting your information when using a public computer

The practice of accessing your account information through publicly accessible computers and public wireless networks is strongly discouraged. The use of computers at locations such as Internet cafes, public libraries, hotel lobbies and public wireless networks such as “hotspots” to name a few examples, greatly increases the risk of possible unauthorized access to your accounts. Use of these access points are to be avoided and if it is determined to be the compromise point, this would have a negative impact on your ability to be compensated for your losses. 

You should be extra vigilant when using publicly available computers. Even if you adopt the tips above to protect your information, you need to bear in mind that even benign programs, like popular desktop search programs, can pose a security risk. Certain programs, such as Google Desktop, cache items that you have viewed so you – or potentially, an unwelcome third party – can easily search and find those pages again later.

If you come across a program like this when you are using a public computer, the Enhanced Security feature will not stop these types of programs from caching the pages you view. You can adjust the search program preferences so it does not store secure pages you wish to view. If you forgot to adjust the preferences before banking online, you can remove the stored items via the Google Desktop results page by clicking on the Remove items link.

To learn more about browser security, please visit the Netscape and Microsoft web sites (as applicable). To ensure a safe and secure Internet session, only visit reputable sites. If you visit any questionable web site before accessing our Internet banking site, we recommend you close your browser and restart it before proceeding to our Internet banking site.

Mobile Phones

  • Protect Your Password
  • Protect your data from theft - enable the auto-lock function of your mobile phone to ensure that it locks after a short period of dormancy.
  • Do not continue using the default factory password – customize your password immediately using a minimum of eight characters including a combination of letters, numbers, and special characters.

Update Your Operating System
Your operating system (OS) is specific to your device, with BlackBerry, Android, iPhone, and Windows Mobile as examples of various OS. Check your mobile provider’s website regularly for OS security updates specific to your device make and model, install security patches as soon as they become available.

Do not ‘jailbreak’ your device by trying to remove limitations imposed by the manufacturer. This practice will disable or bypass security measures of your mobile OS, making you vulnerable to malware and prevent your mobile from receiving future OS upgrades.

Use Anti-Virus, Anti-Spyware, and Firewall Software
If available for your make and model, install this software on your mobile. Configure to run automatic updates and virus scans.

Download Apps Only from Trusted Sources
Apps that seem legitimate can contain malware or be used to collect your personal data for gain. Beware of apps that provide little company, contact, or website information.

Research app customer reviews and requested permissions carefully before installing – if the data requested does not align with app functionality, do not install.

Avoid Connecting to Unknown or Non-Password Protected Wi-Fi Networks
Wi-Fi predators scan public networks for unsecured devices to target and infiltrate through hacking and malware. Only connect to public Wi-Fi you know and trust, and are confident is secure and password protected.

Disable settings that automatically search for Wi-Fi networks.
Avoid Activating Bluetooth in Crowded or Public Areas
The moment you set your Bluetooth to discoverable, hackers within range can ‘see’ and possibly hack your device - mobile viruses can also be spread through Bluetooth technology.

Never connect to unknown, untrusted or suspicious Bluetooth sources and strangers, and never accept files from these devices. 
Immediately delete lost/stolen Bluetooth device pairings from your remaining Bluetooth devices to prevent data compromise.

Online User Tips
  • Do not click links in unsolicited email – the link may take you to a counterfeit website that will solicit your sensitive data, known as ‘phishing’ and cause malware infection.
  • Never open MMS attachments from unknown or untrusted sources - even if they purport to be coming from your credit union or mobile provider.
  • Delete unsolicited email or text messages without opening.
  • Be aware of ‘evil twin’ Wi-Fi hotspots that bait unsuspecting users by impersonating legitimate networks - always confirm you are connecting to the correct network.
  • Store only data that your require on your mobile and erase everything else.
  • Watch for signs of mobile infection: sudden unexplained increase in your phone bill; unexplained messages in your email and social network ‘sent' folders, unexplained user interface change you didn't initiate. Contact your device manufacturer or service provider for instructions to remove malware if you suspect your mobile is infected.
  • Verify the legitimacy of free apps, software, tools, online services before you use them – research in your search engine and scan the results.
  • Do not click on pop-ups windows that say “you're a winner if you click here" – these can lead to spyware and malware downloads.
  • Be wary of ‘freeware’ or free services online – even innocent looking screen savers, fun cursors and Internet pets can be contain hidden malware.
  • Do not forget to log off.

Fraud: Recognize it. Report it. Stop it.

Electronic identity theft
can occur when you respond to a fraudulent email that asks for your personal banking information. Armed with this information, a person may be able to access your accounts or establish credit, pay for items or borrow money using your name. You can help protect yourself from electronic identity theft by following some simple precautions.   

Safety precautions for online banking 
  • The easiest way to tell if an email is fraudulent is to bear in mind that we will never ask you for your personal passwords, personal information numbers or login information in an email. 
  • When banking online, check the address of any pages that ask you to enter personal account information. In the toolbar at the top of the page, any legitimate Internet banking web site will begin with ‘https’ to indicate that the page is secure.
  • Look to the padlock on your screen. If the page is legitimate, by clicking on the padlock, you can view the security certificate details for the site. A fraudulent site will not have these details. 
  • Type in our web address yourself to ensure you are transacting with our server. 
  • Check your account and credit card statements regularly and carefully to ensure that all transactions are legitimate.

Notify Cornerstone Credit Union immediately upon discovering or suspecting that unauthorized activity has occurred or that your PAC or PIN may have been compromised.

For more tips on computer safety and to avoid other kinds of fraud, visit the Government of Canada Get Cyber Safe and Canadian Anti-Fraud Centre websites. 


Find Branch/ATM

Enter address, postal code or branch name