Skip to main content

Security is everyone's responsibility.

There are many things you can do to minimize risks to you and your money.

Learn how we protect you
Learn ways to protect yourself
Use alerts to monitor your account
Choose a strong Personal Access Code
Identify and prevent scams
Browse the Internet safely
Keep your devices safe

Online banking provides convenient access to information and the ability to perform transactions from any internet connection. G&F Financial Group maintains a secure and monitored environment; we continually take steps to improve our systems to safeguard the personal information of our members. For more information on the specific policies and practices that we use to safeguard your personal and financial information, please see our Privacy Policy.

Ways that we protect you:

​Sending automated Alerts about activities that occur in your accounts

Alerts allow you to receive email and/or text message notifications when various activities occur in your accounts. While balance and account information can be viewed in the Alerts message, no personal information, account numbers or any data that could be used to identify accounts or members can be retrieved, which ensures a high level of protection.

  • Security Alerts provide an additional layer of protection by allowing you to detect possible fraud quickly and take appropriate action
  • Balance and Activity Alerts can help you to better manage your finances and budget. There is no fee to sign up for Alerts and no fee to receive them. However, your mobile phone service provider may charge you for receiving text messages and for data usage.

Controlling access to your accounts

Your accounts can only be accessed by providing the correct login credentials and Personal Access Code (PAC), which only you know. Our employees never know these details and will never ask you to provide them with this information.

For security reasons, we track the number of login attempts used to access your online banking. After you make a number of incorrect attempts to enter the correct PAC or answer security questions, your online access will be disabled. To regain access, please call us at 604-419-8888.

Closing inactive online banking sessions

To help you protect your information, your online banking session will end automatically if there has been no activity for 20 minutes. Access to our databases is strictly managed and systems are in place to ensure security is not breached, including the physical security of our computer hardware and communications.

Encrypting data – providing a safe online banking environment

Internet encryption protects your information while it is in transit between your computer and our systems. Encryption ensures that data cannot be read or altered because the information is scrambled. Our online banking website uses a 128-bit SSL, encrypting both request and response transactions, through a secure connection. To establish a secure connection, verify that the prefix of our website address in your browser reads 'https' (and not simply 'http').

All the browsers we support meet this requirement. 

​Identifying internet scams and sharing what we know

We take phishing and smishing attempts on our members very seriously. If you receive correspondence that you think may not be from G&F, please report it to us by emailing inquiry@gffg.com or calling us at 604-419-8888.

Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising as a trustworthy entity in an electronic communication – i.e., email.

Smishing is the fraudulent practice of sending text messages purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords or credit card numbers.

​Supporting e-Statements and e-Documents to share your information safely

e-Statements

You may prefer to eliminate paper statements altogether, avoiding any possibility of mail theft. G&F’s e-Statements are a digital archive of your monthly banking activity than can be downloaded as a PDF from our secure online banking site.

e-Documents

G&F’s e-Documents allow you quick and convenient online access to your financial documents: anytime, anywhere. Open the documents as PDFs and print your T5s, mortgage receipts or transaction receipts only as needed, while creating a safe and secure digital archive.

Working to prevent card skimming

Debit card use has given way to a type of fraud called “card skimming”. This occurs when criminals copy the data of a MemberCard debit card to make counterfeit cards and obtain a member’s PIN through hidden electronic devices, thus gaining access to the member’s account through the counterfeit card.

To combat this type of criminal activity, G&F Financial Group continues to review existing procedures and establish new security measures to lower the risk of card skimming.

The following measures are just a few examples of our ongoing efforts to protect our members:

  • Monitoring large and frequent ATM and point of sale (POS) transactions which could indicate fraudulent use.
  • Changing daily ATM and POS transaction limits to reduce unnecessary exposure to accounts.
  • Investing in long-term solutions to make our ATMs and MemberCardmore secure.
  • Monitoring all our ATMs for suspicious activity 24 hours a day, seven days a week.

More importantly, you are responsible for protecting your PIN and following MemberCard safety tips in order to minimize the risk of card skimming. If you suspect that your account or PIN has been compromised, or if your MemberCard is lost or stolen, please call 1-888-277-1043 (within Canada or the continental USA). If you are outside Canada or the continental USA, please call 1-306-566-1276 collect. 

You can also contact our Member Hub for assistance: 604-419-8888 (local). If you are travelling, call 1-866-736-4334 (toll-free). You'll find these and other helpful numbers listed on our Contact page.

Understand how you can minimize risks when you do your banking.

If you ever suspect your personal information may be compromised – or you think you may be a victim of fraud – it’s your responsibility to get in touch with us immediately at 604-419-8888 or contact your G&F branch.

We have provided many tips for being safe online. Below is a brief summary of safety precautions to practice while you are doing your banking:

  1. Don’t click or open anything you weren’t expecting to get without being certain of its safety, including being skeptical of links or attachments from friends or family. An email-FROM address can easily be spoofed and look like it’s from a friend.
  2. Deactivate autoplay. Autoplay allows applications to open digital media instantly and ransomware can exploit this and trick computers into running a program.
  3. Stay up to date. Accept and install updates to your computer’s operating systems, browsers and plug-ins when received from a legitimate and recognized source.
  4. Check your bank and credit card statements regularly to ensure that all transactions are legitimate.
  5. Ensure your home computer is running up to date anti-virus software.

Protect your identity.

Recovery from identity theft is a long and traumatic experience. You can find helpful tools and information on identity theft at the Canadian Anti-fraud Centre website or at the Get Cyber Safe website. The RCMP also provides information on handling identity theft on their website.

Learn more:

Be cautious when sending e-transfers.

​When you are making an e-Transfer, a notification is typically sent from Interac to your recipient's email account. You need to be aware that criminals can attempt to intercept transfers by hacking email accounts. Once they are inside an account, criminals can see the notification from Interac and use the deposit link to redirect funds into a different account by answering the security question. 

Here are some tips to prevent the e-Transfer notification from being intercepted:

  • Select a question and answer that are not easy for a third party to guess. If the notification is intercepted, it will be harder for a criminal to answer and steal the funds. 
  • Never communicate the answer to your security question via email.  Call and/or text the recipient with the password.
  • Be cautious not to click on any phishing links in your emails.
  • Ensure that you are only making transactions with websites, vendors and people that you trust.
  • Immediately notify G&F if you sense anything suspicious about your transaction.    

Monitoring your account with alerts

Monitoring activities in your account will ensure that you spot any incorrect or fraudulent transactions as soon as they occur. If your card has been skimmed (when the card's magnetic stripe and PIN are fraudulently copied by embedded devices at ATMs or point-of-sale devices) or unauthorized transactions have been made, you will want to catch this as soon as possible.

A great way to monitor your account is to sign up for Alerts through online banking. 

Alerts allow you to receive email and/or text message notifications when various activities occur in your accounts.  Alerts also help you better understand your finances and cash flow, organize your money and ensure that you have maximum control over your financial situation

Set up Alerts today and start monitoring your accounts.

  1. Login to online banking.
  2. Click on Messages and Alerts in the shortcuts menu on the left side of the page.
  3. Click on Get Started Today or Manage Alerts in the shortcuts menu on the left side of page.  Follow the steps as outlined.

You can also set up your Alerts by using the G&F mobile app on your smart phone.

Choose what you want to be notified about.

You can choose to receive the following alerts:

  • Security Alerts provide an additional layer of protection by allowing you to detect possible fraud quickly and take appropriate action
  • Balance and Activity Alerts can help you to better manage your finances and budget

G&F's Alerts are free.

There is no fee to sign up for Alerts, and no fee to receive them. However, your wireless carrier may charge you for receiving text messages and for data usage. Please check with your wireless carrier for details about your mobile phone package.

Frequently asked questions about Alerts

 How can you tell it’s a G&F Alert and not phishing or smishing?

G&F’s alert messages provide balances and account activity.  We will never use an alert to ask for, or send, your personal details, account numbers, login credentials or any other type of confidential information. Our notifications will never include any links or instructions to click or download anything.

If you receive a correspondence that you think may not be from G&F, please report it to us by sending the email to inquiry@gffg.com or calling us at 604-419-8888.

​What happens to Alerts when my phone or email isn't working for a while?

If you happen to be out of range or experiencing service interruptions when an Alert is sent, you can still view your Alerts history for the past 30 days under the Alerts History page through online banking.

​Am I guaranteed to receive Alerts sent to me?

Alerts cannot be guaranteed simply because we cannot guarantee the stability of the wireless and internet networks being used. Service interruptions to networks or being out of the service range, can cause a delay in receiving text messages. You can check the Alerts sent to you on the Alerts History page of online banking—there you'll find all the Alerts sent to you within the last 30 days.

​Why do I see two CHQ0s in my Alerts?

For Alerts on multiple accounts, if account 1 has a Chequing 0 and account 2 has a Chequing 0, both will default to the same name. To change this, click Manage Alerts Contacts and Mobile Nicknames, click Edit Nickname and rename the applicable account with a new nickname.

​Why isn't my mobile phone carrier listed in the carrier dropdown menu for Alerts?

Some discount carriers do not offer short code program functionality on their mobile phones. Unfortunately this is out of our control and is limited by the carrier.

​What if I no longer wish to receive an Alert?

Log in to online banking and select Manage Alerts. Click on the Active Alert that you no longer wish to receive and click Delete.

​Who should I contact if I notice an unauthorized withdrawal on my account?

Contact G&F immediately by emailing inquiry@gffg.com or calling us at 604-419-8888.

Your personal access code is one of your best defenses against theft.

Online credentials can be numerous as they are needed for email accounts, social networking sites, online newspapers and shopping websites. That's a lot of usernames and passwords – and it can be tempting to use the same combination for everything. But this makes it far too easy for hackers because once they have one password, they can access all your sites. Login credentials are the keys to your accounts so don't leave those keys around for anyone to find. For online banking, the key is your Personal Access Code (PAC). 

Choose a PAC that is easy for you to remember but difficult for others to guess. Avoid using keyboard strings (qwerty), repetitive letters or numbers, dates, common words (e.g. password, winter, etc.), personal information (e.g. name, date of birth, phone number, city names, etc).

Characteristics of an effective strong PAC include an alphanumeric combination, with a combination of upper and lower case letters, and special characters. Phrases that are extended in length but easy for you to remember would create a stronger PAC. A good example may be: My2dogshave5brownspots!!

What to do

  • Change your PAC on a regular basis, we suggest every 90–120 days.
  • Make sure your PAC is not the same as other online website passwords you may have.
  • Make sure no one observes you typing in your PAC.
  • Consider using password-management software, which secures and encrypts usernames and passwords and allows you to use a single master password.
  • Keep any written passwords locked away in a place only you can access.

What not to do

  • Do not share your PAC with anyone, especially online. Keep it confidential. Understand that employees of our financial institution will never call, email, write or ask you to provide your online banking credentials. Ever.
  • Do not use a part of your bank or debit card PIN or another password.
  • Do not disclose your PAC in a voicemail or email and do not share it with a person you are talking to on the phone.
  • Do not authorize internet browsers (such as Chrome, Internet Explorer, etc.) to memorize your username and passwords. Saving these on your computer allows anyone using your computer to gain access to your login-protected sites. Be aware: criminals have ways of tricking you into letting them log onto your computer remotely, giving them access to any list of passwords you may have stored there. Some may pose as computer repair persons and insist that they need to fix your computer. This is a common scam in Canada.

Identify and prevent scams

While pickpockets can only target a few people each day, Internet fraudsters cast their nets much wider, using the anonymity and reach of mass emails and fake websites. You can protect yourself from these situations by knowing how to identify and avoid these scams.

We take attempts to defraud our members very seriously. If you receive correspondence that you think may not be from G&F, please report it to us by emailing inquiry@gffg.com or calling us at 604-419-8888.

Quick tips to avoid scams:

  • Never use a link provided in an email or text to access your online banking (because we don't send those, scammers do).
  • Do not open emails, texts or attachments from unknown sources.
  • Scan your emails using anti-virus software.
  • Read before you click! It is important to understand that electronic messaging is not a secure form of communication. 

G&F will never send you an unsolicited email or text message that asks you to provide sensitive personal information like your social security number, bank account number, and credit card information, ID questions like your mother's maiden name or your password.

Ways to identify and prevent scams:

Choose secure 'https' websites.

Look for the 's' in the website address: https://examplewebsite.com. 

Fraudsters have been known to set up websites that look nearly identical to websites belonging to legitimate financial institutions. Make sure you are at the correct website. Always type your financial institution's website address directly into your browser and remember to look for confirmation that you are browsing securely. 

The letter "s" in 'https' indicates you are navigating in a secure site, in comparison to the open and unprotected 'http' URLs. Look for the 'https' when online shopping, too. Don't feel panicked when phishing emails caution of immediate account closures if your banking details cannot be verified. Don't believe emails warning that your account has been compromised or that you'll miss out on a great deal if you fail to act immediately. 

Understand pharming.

Pharming is another way for hackers to get their hands on your personals details is by pharming them. Pharming occurs when hackers use a malicious code on your PC, which compromises your computer's host file and redirects you to fake websites. The malware hides the fraudulent URL, cloaking it in the legitimate one that appears in your browser. With pharming, the dishonest redirection of URLs happens even when you type correct URLs directly into your browser, making you think that you're on the correct website when you are not. Once there, you are asked to enter your online banking credentials or account information, which hackers take and use for criminal activity.

​Understand phishing and smishing.

A common way for Internet scammers to obtain your personal information is through a method called phishing.

Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising as a trustworthy entity in an electronic communication – i.e., email.

Smishing is similar to phishing in that it is a fraudulent attempt to obtain sensitive information. Smishing is done using text messages purporting to be from reputable companies.

Phishing and smishing messages may appear to be from your financial institution, but they are not. You may be asked, supposedly by your financial institution, to log in to your online banking to verify account information. Often some type of security concern is cited as the issue. The fake email or text message instructs you to click on a link that takes you to a non-legitimate version of your online banking site – one that may look a lot like the legitimate site – and you'll be asked to enter your credentials.

How to spot a suspicious email or text message

Phishing and smishing messages may include:

  • Warnings about account closures
  • Requests to update your information
  • Offers to register for a new service
  • Offers for pre-approved credit cards
  • Free virus-protection programs

Once you click on the link, which directs you to a phishing website, you'll be prompted to enter personal or banking information. Phishing scams seek personal details, such as your address, social security number or mother's maiden name. The details obtained will then be used for identity theft.

How to know it's not your bank writing you

Scam emails purporting to be from your credit card company or financial institution often have some telling signs, including:

  • Poor spelling or grammar
  • Alarmist content, warning that your account will be closed if you don't provide your banking or personal details immediately
  • Notices that you've won a prize and are required to pay a fee in order to claim it

Remember: G&F will never send you an unsolicited email or text message that asks you to provide sensitive personal information. 

We take attempts to defraud our members very seriously. If you receive correspondence that you think may not be from G&F, please report it to us by emailing inquiry@gffg.com or calling us at 604-419-8888.

Keep an eye out for malicious software.

Spyware

Spyware is exactly what it sounds like – tracking software that is downloaded to your computer (without your knowledge) when you visit certain Internet sites. Secretly, it gathers information about you and your browsing habits. This information can be trivial or it can include passwords and personal data that you wouldn't want criminals to get their hands on. It can also interfere with user controls and disable legitimate anti-virus programs.

The best way to protect your computer against spyware is smart browsing. Stay away from sites that look unsafe and avoid streaming or downloading content from untrustworthy sources. Many anti-virus products offer targeted spyware solutions that inspect your operating system, installed programs, downloads and files.

Malware

Malicious software (malware), spyware, worms and Trojans are the same class of destructive viruses; just with different names. Nobody wants a computer virus. They can steal your personal information, take over your PC and use your computer to attack other people's computers. Your PC can become infected through email attachments, downloading infected content or visiting harmful websites.

Scareware

Scareware scams pop-up on your screen and display alarmist warnings, telling you a virus has invaded your computer. Scareware prompts you to download (and often pay for) fake anti-virus software to remove the non-existent viruses. Scareware is a scam that tries to trick you into paying money in exchange for nothing.

You can protect against scareware by keeping your anti-virus program up to date and by being careful about what you choose to download to your computer. You should also get familiar with your anti-virus program so you won't be fooled if a scareware pop-up appears.

Browse the internet safely

When visiting a branch, you can feel confident that your money is safe and secure, with the premises adorned by vaults, locked doors, security and surveillance. We are keeping you just as safe when you bank online but once your information reaches your computer, you have a responsibility to protect it.

Log out of G&F online banking, every time.

When you are finished with your banking session, always log out by clicking the Log Out button, as opposed to simply closing the browser window. To help protect your information, your online banking session will end automatically if there has been no activity for 20 minutes or if your visit lasts longer than 60 minutes. If your session has timed out, no further transactions can be made until you log in again. This time-out feature helps protect your accounts from unauthorized access if your PC is left unattended or if you have forgotten to log out.

Use the latest Internet browser.

Web browsers are the gateways to the Internet. Similar to having an up-to-date operating system, upgraded browsers provide more features, stability and security. Whether you use Internet Explorer, Firefox, Safari, Chrome or something else, stay safe online by using the latest version available.The latest versions of web browsers have security features that can identify and block harmful and fake websites and pop-ups, and warn you if a site is flagged as unsafe. Some browsers also have a 'Private Browsing' feature, which conceals your browsing history from others. We suggest you update your browser. 

Choose private browsing.

Some web browsers have a feature that allows you to browse the Internet without the browser storing information, such as the sites you visit, the images you see and videos you watch. This feature is sometimes used by people who share the same computer. Private browsing is a temporary option and must be selected in order for it to be activated. Private browsing, however, does not give you immunity to spyware or make you anonymous. It is still possible for your Internet service provider, employer or the websites you visit to track your online activity.

Learn more ways to browse the Internet safely.

Clear the data stored in your browser.

When you spend time on the Internet, your browser stores information, such as the websites you visit, the images and files you view, and your personal information, including passwords and login details. This data is held on your computer's hard drive and is known as a 'cache.' Even though you may have logged out and closed your browser, this information may remain accessible. You can protect your data by clearing your browsing history regularly. This can be done in a few easy steps:

Internet Explorer users

  1. Click on the Tools icon in the upper right corner (or use the Ctrl-Shift-Delete shortcut)
  2. Select Delete Browsing History
  3. Choose the options you wish to erase and click Delete

​​Firefox users

  1. Click on the History tab (or use the Ctrl-Shift-Delete shortcut)
  2. Select Show All History
  3. Choose the time frame you wish to erase and click Delete

​Safari users

  1. Click on the History tab
  2. Select Show all History
  3. Choose the period you wish to erase and click Clear History

​Chrome users

  1. In the top-right corner of Chrome, click the Chrome menu.
  2. Select More tools > Clear browsing data.
  3. In the dialog that appears, select the checkboxes for the types of information that you want to remove.
  4. Use the menu at the top to select the amount of data that you want to delete. Select beginning of time to delete everything.
  5. Click Clear browsing data.
  6. Delete specific items from your browsing data. Instead of deleting entire categories of your browsing data, you can pick specific items to delete.

​Control how you use free Wi-Fi.

You can find free Wi-Fi at coffee shops, hotels, restaurants, malls, and airports. Using wireless networks to access information is convenient, but not risk-free.

Be smart and protect yourself from threats by following these tips:

  • Using only a trusted computer to access your online banking. Don't use shared library or café computers for banking.
  • Managing your online banking only from secure networks. We recommend that you don't use unsecured public networks for anything sensitive.
  • Connecting only to password-protected networks. If there are several networks available, ask employees of the organization which network they operate.
  • Never leaving your computer unattended, especially if you are logged into your online banking.
  • Using different PACs and security questions as login credentials. If someone obtains your credentials for one site, such as a social networking site, you don't want them to be able to access your other ones.
  • Ensuring you log out and close your access to the Wi-Fi connection before you close your internet browser.

​Be careful using your credit card online.

Online shopping is very convenient. There are no lines and no crowds, but it can also be a haven for fraudsters.

Consider the following tips when using your credit cards online to ensure your information stays secure:

  • Make sure that you are shopping at a trusted retailer when you enter your credit card details online.
  • Provide retailers with only the necessary details to complete the transaction. These include your credit card number, expiry date, the security code on the back of the credit card and the card's billing address. Never provide your social insurance number, account details or your mother's maiden name. For shopping sites that require you to register with a username and password, we recommend you do not use your online banking PAC.
  • Use your credit cards only on e-commerce websites that use secure browsing technology on the screens where you enter your card information. Ensure the web address begins with 'https' (as opposed to 'http') and has a closed padlock icon on the screen.
  • Ensure that smaller retailers requesting credit card details have reputable contact details, a physical address and you feel comfortable with providing them your card information.
  • Never give your account or credit card details to anyone on eBay, Craigslist, or any other public “buy and sell” website.

Keep your devices safe.

It's a good idea to protect and maintain the devices you use to do your banking. This can involve upgrading the software and other practices as outlined here.

​Protect your phone. 

Make sure your information stays secure while you're on the move by following these safe browsing tips for your phone:

  1. Activate your phone's password feature, which locks the screen and prevents anyone but you from accessing your phone. Set up the password feature on your phone with a code that only you know.
  2. Don't connect to unknown networks through Wi-Fi hotspots to make financial transactions.
  3. Beware of phishing messages you may receive on your phone. Never download media or images, or click on text-message links that come from unrecognizable people or phone numbers. Never provide personal details or any account details using any form of electronic messaging because this is not a secure form of communication. If you are unsure, please contact us.
  4. Download apps exclusively from the official source for your phone's platform, such as from Google Play for Android phones or the App Store for iPhones.
  5. Install anti-virus software for your smartphone when available and update it frequently.
  6. Install location finding applications, which work with your phone's built-in GPS. These applications allow you to locate and/or remotely erase (or "wipe") data in your phone if it is lost or stolen.
  7. Update your phone's operating system as soon as newer versions are available.

​Protect your computer.

Your computer's operating system needs to be up-to-date in order to defend itself from viruses and malicious software (malware). If one part of your operating system develops a virus, it leaves holes in your computer's security defenses and compromises the safety of the information contained in your computer.

Keeping your software up-to-date is one of the most important ways of staying safe online because it is much harder for viruses to infect an updated operating system and software. Hackers are targeting operating systems with new viruses all the time and software companies combat these efforts with security patches. You should always download the latest security patch as soon as it becomes available.

Your operating system lets you know when updates are available by notifying you there are new security features to download. You can also upgrade your operating system to the latest version available from the manufacturer; however, you should ensure your computer has sufficient hardware capacity to support an upgrade.

Back up your data.

To fully eliminate a virus that has infected your machine, the re-installation of your operating system may be required. Protect yourself against the permanent loss of important data by frequently backing up your files on an external hard drive so you'll have the data should you ever have a problem with your operating system.

Install anti-virus software on your computer.

Install anti-virus software on your computer to protect your information, money and privacy. Such software detects viruses and cleans your computer so that harmful viruses do not spread. Set up your anti-virus to run frequent scans and update the software as soon as it is required. Ensure you have real-time scanning of every email and every file you download.

Use a firewall on your computer.

A firewall protects your computer and home network from harmful websites and hackers. It sits between your computer and the Internet, scanning information that is being transmitted. It allows for safe browsing, while blocking unauthorized intrusions. Even though you may think you have no information of value on your computer, firewalls also stop your computer from being used by hackers to send malicious software to other computers.

Most computers come with a firewall as part of the standard operating system. However, you can get the maximum protection for your computer by installing additional firewalls and ensuring they are kept up to date.