What You Need to Know:

  • Banks are leaders in Canada in cyber security and have invested heavily in cyber security to protect the financial system and the personal information of their customers from cyber threats.
  • While banks work hard to prevent fraud, there are simple steps that you can take to protect yourself.
  • If you are a victim of fraud, your bank will launch an investigation and, in many cases, you will be reimbursed for any money that was stolen.

Protecting Your Data, Privacy and Personal Information

Safeguarding customer data is a fundamental priority for banks. Banks are recognized for their leading cyber security practices and are investing heavily in technology and security measures.

In the unlikely event of a breach of their security safeguards, banks in Canada are obligated to notify the Office of the Privacy Commissioner, any impacted individuals, and any other organization or government institution that may be able to mitigate harm or reduce the risk of harm from the incident.

The financial system is part of Canada's critical infrastructure; as such, banks work closely with each other and with regulators, law enforcement and all levels of government to continuously share best practices and information to address the growing challenges posed by cyber crime.

Banks in Canada take the issue of fraud, cyber security and data protection very seriously and they are working around the clock to safeguard your money and your personal information.

There are also simple steps that you can take to better recognize fraud and protect yourself.

Protect Your Computer and Mobile Devices

  • Protect your devices against malicious software by installing anti-virus, anti-spyware and Internet firewall tools on all your devices. Make sure that you keep these programs active and updated to keep your information protected.
  • Be cautious when using free public WiFi to conduct financial transactions. Criminals may be able to access your information
  • Only download banking apps directly from your bank or a reputable app store that your bank directs you to. Criminals are able to create legitimate looking banking apps that can steal your personal and financial information.

graphic of a cellphone

Use Unique Passwords

  • Choose secure passwords. And don’t reuse passwords on multiple websites. Why? Cyber criminals are counting on using your stolen passwords to access other sites in a technique known as “credential stuffing.” When customer data is stolen, in a cybersecurity breach or theft, information including usernames and passwords can be leaked or sold to other hackers.
  • Credential stuffing occurs when cyber criminals “stuff” stolen login credentials into a program that attempts to fraudulently log in to other sites, including your bank account. And if you’re using the same login credentials across a number of websites, this increases the chances that fraudsters will be successful in accessing your accounts.
  • The best way to protect against credential stuffing is to develop a unique password for each of your online accounts, especially sensitive accounts like your bank account and your main email account. A security breach at one site means your password could be handed to criminals who may try to use it at other sites where you’ve used the same login.

Safety and the Internet of Things

The Internet of Things (IoT) is a term used to describe the large number of devices that connect to the Internet. IoT devices include smart TVs, gaming systems, speakers, smart thermostats, home security systems, and garage door openers. There are even smart home appliances like fridges, coffee makers and vacuums. Your fitness tracker and blood pressure monitor, if they connect to the Internet, are also part of the IoT. And anything that connects to the Internet means that your information could be available to hackers if it’s not properly protected. Here are a few tips from Public Safety Canada:

  1. Ensure your home network WiFi password is strong and can’t be easily be guessed by anyone.
  2. Change the manufacturer’s default user names for all of the devices that connect to the internet and change the passwords. Be sure to create a strong, unique password. Check the manufacturers site for security features, tips, and ‘how-to’ videos.
  3. Consider setting up a guest network at home for your IoT devices, separate from the main network for your computer and phone. Be sure to regularly check to see which devices are connected to your WiFi.
  4. Periodically (at least annually), check for updates to the software on all of your IoT devices and if you don’t know how, ask for help from a friend, relative or paid professional.

Fraudulent Emails

Email fraud — sometimes called “phishing”— uses fraudulent email messages and websites that look like they are from a legitimate organization, such as a bank, credit card company, online retailer or government agency. The email you receive may look real, with company logos and branding, but you may have actually received this spam or mass email from a criminal.

Here are some simple steps that consumers can take to protect themselves:

  • Be skeptical. Fraudulent emails can look like they come from a real bank email address. If you have any doubts about whether an email is from your bank or a reputable organization, contact them before responding to ensure that it is legitimate.
  • Never send or confirm your personal or financial information by email.
  • Always enter your bank’s website using the website address (URL) that you know is accurate. Contact your bank to get the correct website address if you’re unsure.
  • Check the domain name shown as the link in the email. When you click the link, if it does not match the name that appears in the browser at the top of the screen, then it may be a fraudulent website.
  • Regularly review your bank and credit card statements to ensure that all transactions were made by you.
  • Check your credit report at least once a year by contacting credit reporting agencies Equifax Canada or TransUnion Canada.

The CBA website has four short videos on the common red flags of a phishing scam. You can watch them at: https://cba.ca/how-to-spot-a-phishing-scam.

Credit and Debit Card Fraud

Banks and credit card companies take significant steps to protect customers and minimize fraud as much as possible. For example, did you know that:

  • Banks’ systems can automatically detect unusual activity in a customer’s account? This means that steps can be taken to prevent fraud from occurring.
  • Visa, MasterCard, American Express and Interac have zero liability policies in the case of unauthorized transactions? This means if you are a victim of fraud, you won’t be held responsible.

There are steps you can take to protect yourself, including:

  • Report a lost or stolen card as soon as you notice it is gone.
  • Regularly check your transactions online or on your monthly statement. If there are any transactions that you didn’t make, report them to your bank or card issuer right away.
  • Never give out your card number over the phone or online unless you know you are dealing with a reputable company.
  • Scammers will try to trick people into revealing information about their credit cards either over the phone or through email. It’s important to know that your bank or credit card company would never call or email to ask for personal information like your credit card number, expiry date, PIN, or the security number on the back of your card.

The Canadian Bankers Association website has articles on how to safeguard your money including:


If you have general questions about banking in Canada, call the Canadian Bankers Association’s Banking Information Line at 1-800-263-0231 or send an email to inform@cba.ca.

(Please note that if you believe that you have been a victim of fraud, you should contact your bank immediately.)

More Information

The Canadian Bankers Association website has extensive information on fraud prevention

The CBA also distributes regular free fraud prevention tips by email. Sign up!