Online and Mobile Security

We’re one bank with one commitment to security. No matter how you choose to access your accounts, you can count on us to provide 100% security at all times.

How We Protect You

1. Leading Edge Online Security

Zag Bank is committed to protecting your personal information using fraud prevention and security systems with the strongest general encryption technology and secure email communications.

2. Zag Online Security Guarantee

You are not responsible for any online banking transactions that you did not authorize on your account and that are conducted in a fraudulent manner. If you suspect or know that your password, security questions or answers have been stolen or compromised, you must talk to a Client Services Representative immediately by calling 1-844-ZAG-BANK (1-844-924-2265). Any fraudulent transactions that take place after you have notified us will immediately be reimbursed to your account.

3. Monitoring for Unusual Activity

Zag Bank uses many layers of security scans to be on the lookout for unusual activity in accounts. We will notify you immediately if we suspect fraud and you can always use online banking to confirm transactions as either valid or fraudulent.

4. Session Time-Out

For your added protection, we will log you out after a short period of inactivity. If you wish to continue accessing Zag Online or Zag Mobile, you can simply login again.

5. Secure Login

Zag Bank uses multi-factor authentication to confirm your identity when you login to Zag Online or Zag Mobile. Specifically, you will be required to set up a series of security questions and answers when you first login. Afterwards, the system will prompt you to answer one of your personalized security questions to login, in addition to your user ID and password.

What You Can Do

1. Anti-Virus Protection

Install reputable anti-virus and anti-spyware software and equip your computer with a firewall to protect yourself from hackers and other threats. Last but not least, make sure to keep the software updated at all times.

2. Keep Tabs on Your Activity

It is easier to detect fraud if you check your account activity frequently. Use our Alerts feature to set up notifications that will help you stay on top of your balances and transactions. When you do get a notification, look over it immediately.

3. Keep Your Credentials Secret

Never disclose your PIN, password, security questions or any other security feature used to access Zag Online or Zag Mobile. Memorize them and never write them down.

4. Create Strong Passwords

Use numbers and letters to create a password that is more than 8 characters long. Use upper case and lower case and even a special character (such as @,#,$) to make it harder for a hacker to figure out your password.

5. Look for the Lock Icon

Before entering personal information on a website, look for the "lock" icon in your browser. A closed lock or padlock indicates that the website you are on is secure.

6. Log Out When You Are Done

Once you are finished with your online or mobile banking, log yourself out instead of just closing the browser, especially if you are using a public or shared computer.

7. Clear Your Browser's Cache

A cache keeps a copy of recently viewed web pages. Before closing your browser, make sure to clear the cache. Check your browser’s help files to find out how to clear the cache.

8. Do Not Save Your Passwords

If your browser offers to save your password, click “No”. Otherwise, anybody using your computer could easily access your account.

Online Fraud Examples

Do Not Be Fooled

Zag Bank will NEVER ask you to reset your credentials or disclose information via email, telephone, text messaging or otherwise. When in doubt, do not respond to questions, click links, open documents or dial numbers provided to you by a suspicious source. Instead, open a new browser window, type in our URL (https://www.ZagBank.ca) and login. If there is an issue with your account, contact us by phone at 1-844-ZAG-BANK or by using our secure email channel through logging in to Zag Online.

Phishing

Phishing is when an email or text message is made to look as though it comes from a reliable brand or trustworthy entity to trick you into revealing personal information such as passwords, PINs and credit card numbers, etc. If it looks suspicious, simply email it to us at abuse@zagbank.ca or dial 1-844-ZAG-BANK (1-844-924-2265).

1. Email Fraud

Be suspicious of emails from unknown senders or that just do not sound right. Never open attachments, click links or respond to the email as it may activate malware, keyloggers and other programs designed to steal your personal information.

2. Telephone Fraud

Sometimes friendly and at other times aggressive, these phone calls are designed to trick you into revealing personal information over the phone. They may call you directly or send you an email with a phone number to dial.

3. Text Messaging Fraud

Fraudsters also use texts and SMS (short message service) technology to try and steal your personal information. The text message usually includes a website URL or a telephone number from which they will try to trick you into revealing your personal information.

4. Spoofing

Spoofing is the forgery of data on websites, call-displays on phones and sender information in emails to make you think they are something or someone they are not.

5. Dumpster Diving

Digging through your garbage is still the most popular method of stealing your personal information and a great reason to invest in a shredder. Always tear up or shred any personal information before discarding it, such as receipts, bank statements and pre-approved credit card offers.

Mobile Banking Security

Here are a few more things to consider when you are using Zag Mobile banking:

1. Think Before Installing an App

Download apps only from recognized sources such as the Apple App Store or Google Play.

2. Keep Your Device Safe

Do not leave your mobile device unattended or allow other people to use it.

3. Lock Your Device

Password-protect your device and enable auto-lock. Choose the strongest password that your device can support.

4. Do Not Hack Your Device

Hacking or ‘jail-breaking’ a device to free it from the limitations set by a provider can leave you more vulnerable to intrusion.

5. Beware of Public Wi-Fi

Keep in mind that hackers who are looking for personal information to commit fraud can more easily intercept public Wi-Fi. Use a VPN (Virtual Private Network) connection when possible.

6. Turn off Wi-Fi and Bluetooth

Fraudsters often look for unsecured devices using Wi-Fi and Bluetooth signals. To prevent this kind of intrusion, deactivate the Wi-Fi and Bluetooth features on your device when you are not using them.

7. Update Your Device Regularly

Always download software updates on your mobile device to have the latest security protection. Otherwise, hackers may exploit breaches to steal sensitive information.

Types of Mobile Fraud

1. Fake Mobile Banking App

The Zag mobile app is available free of charge and ONLY via the official app store of your device.

2. Lost and Stolen Devices

Fraudsters are very good at extracting sensitive information from your device. Immediately notify your service provider and the police if your device is lost or stolen.

Email Fraud

One of the goals of a phishing email is to obtain your account logging credentials or other security question answers to subsequently take over your account and commit fraudulent transaction(s). Cyber-criminals can achieve this by installing malicious software on your computer that will steal your personal information. To protect yourself, it is helpful to be aware of the following characteristics of a ‘phishing’ email:

  • spelling mistakes, typos and poor grammar
  • threats that your account will be closed if you do not respond
  • the ‘From’ line in the sender’s address may include an official-looking address that mimics a genuine one
  • impersonal greetings like "Dear User," or your email address
  • a false sense of urgency (i.e. that your account will be in jeopardy if something critical is not updated right away)
  • fake links (hover over any URL in an email and if it looks suspicious or does not match the URL in the browser, do not click)

If you believe you have received a suspicious email, do not respond to it or open any links it includes. Instead, forward it to us at abuse@zagbank.ca or dial 1 844-ZAG-2265 (1 844-924-2265).