Security Centre

Security Centre

Easy Ways to Help Protect Your Identity and Help You From Becoming a Victim of Fraud

Don't share your personal information

  • Beware of random solicitations for your personal information such as passwords, date of birth, Social Insurance Number (SIN) or Personal Identification Number (PIN)
  • Store your SIN in a safe place at home (not in your wallet or purse)
  • Select a PIN that is easy to remember and hard for others to guess
  • Do not write down or share your PIN or passwords. Your financial institution uses this information to identify you during financial transactions

When purchasing from a 3rd party website, check the company's homepage for a list of authorized retailers.

  • If the retailer is not listed you may be buying counterfeit goods or materials that may not be as described.

Be savvy to offers that appear too good to be true

  • Fraudsters entice victims by seemingly providing something for nothing. This makes it more important than ever to be wary of all unexpected solicitation by persons you meet online. Any fraudulent activity should be reported to the authorities as soon as possible.

Review your monthly statements carefully

  • Watch for suspicious transactions on your credit card and financial account statements
  • If you don't receive your statements, call your financial institution immediately
  • Shred all documents and monthly statements that you wish to discard

Canadian Tire Bank is your partner in protecting your personal information, and will not initiate contact to verify or update personal information. Any such request that you receive via email or over the Internet is not legitimate.
If you suspect you may be a victim of identity theft or another financial scam, please contact your bank immediately for assistance.

RECOGNIZING SCAMS – PHISHING, SMISHING & VISHING
GENERAL
INFORMATION

New scams are invented every day. Someone could try to scam you by email (phishing), SMS to your cell phone (smishing), or a scam voice call (vishing). Figuring out what's a scam can be tough, because the businesses you deal with, including CTFS, may also try to reach you by email, SMS, or voice call.

No matter how a scammer tries to reach you, there are some common things scammers often do in their messages:

  1. They may contact you and immediately want detailed personal and financial information.
  2. They may try to scare you into acting quickly without questioning.
    1. "I'm with CRA and I'll have you arrested for owing taxes."
    2. "I'm with Immigration and I'll have you deported for owing fees."
    3. Calling at 3 a.m. "from MasterCard fraud department" and demanding your CVC2.
  3. They may say you're going to miss out on a good deal if you don't act right now.
    1. "You've won! All you need to do is pay a fee today."
    2. "Become a Mystery Shopper now, earn $500 a week."
    3. "Luxury purse sale $10 today only!"
  4. They may try to make you curious or worried about what's in an attachment or website, hoping that you click. If you click, you may be taken to a site that asks for detailed personal and financial information, or you may have your computer or phone infected with a virus that steals your information.
    1. "Attached invoice for your $2,500 purchase."
    2. "Download this video, funny cats!"
    3. "You should take your kid's photos off this site..."
  5. They may abuse brand names you recognize to get your trust.
    1. "You have viruses on your computer, we work with Microsoft to fix that."
    2. "We are with MasterCard and Visa and we can lower your interest rates."
    3. Squatting one digit away from a real customer service number.

PHISHING
ABOUT PHISHING

Phishing is a type of scam when somebody is trying to trick you into giving your personal information to them. People have been tricked into giving such things as credit card numbers, PINs, passwords and birth dates by these fake emails.

The fake email could:

  1. Phishing e-mails will try to scare you so you act quickly without questioning
  2. The message is something about your account and doesn't make sense in dealing with your account. With respect to your regular activity. The message is telling you something that you know isn't true about your account. Like - I don't have an account with you, why are you contacting me.
  3. Have a link that will take you to a web page;
  4. Ask you to open a file that's attached and opening the file could put a virus on your computer or have other bad effects;
  5. Ask to you to reply to the email to send your information.

These emails may look real and could have brand name logos that you recognize but may not be from the real company.

EXAMPLES Phishing Example
SMISHING
ABOUT SMISHING

SMISHING is short for SMS Phishing. It is a type of phishing scam where somebody sends fake text messages instead of emails.
Smishing scams could:

  1. 1. Ask you to click a shortened link to a website (URL).
  2. The URL could hide a file that puts a virus on your phone or have other bad effects.
  3. The text message could ask you to click on a link to visit a website or click on a link to call a phone number where you could be asked to provide your credit card, your PIN or other personal information. If you call the phone number, it will likely sound very official and ask you to provide some personal information.

These text messages will claim to be from a real company that you could know and do business with but they might not be from the real company.

EXAMPLES

Phishing ExamplePhishing ExamplePhishing Example

VISHING
 

Vishing (or voice phishing) is the voice version of phishing and smishing. It is a way of tricking people over a telephone system to get access to personal or financial information.
In vishing scams:

  1. You could be contacted unexpectedly by someone who asks you for your personal information. Your real credit card company might contact you if there is an unusual pattern to your credit card use. They might let you know that somebody else is using one of your accounts. These phone calls will ask you to confirm if you've made a specific transaction but they will not ask for your credit card number or other personal information.
  2. You could receive a message or someone could call you to say that you've won a prize even if you didn't not enter any contests or promotions (for example, "Congratulations, you've earned 3,000 travel points. To claim your prize, please press "1").
  3. Be suspicious of messages telling you about a security problem on your account. Never call the number provided to you in a voicemail message. If you have received such a message, call back using the phone number for this business in the phone book, found on your billing statement or using the number on the back of your credit card to verify the security concern.

These text messages will claim to be from a real company that you could know and do business with but they might not be from the real company.

EXAMPLES

Example 1:
Congratulations, you've won $100 dollars in Canadian Tire money. To claim your prize we just need to confirm your personal information. What is your full name, date of birth and social insurance number and finally, what's your current home address so we can mail you your prize?

Example 2:
Hello I'm from Canadian Tire. We've noticed some suspicious activity on your bank account. In order to confirm I'm speaking to the account owner, I will need some information from you. What is your Canadian Tire credit card number? What is your PIN number? What is your full name?

REPORT SUSPICIOUS COMMUNICATION

In the event you suspect you've received a phishing e-mail, smishing text or vishing call please contact Canadian Tire Bank immediately through one of our Fraud Security Representatives 1-800-965-5585 or by e-mail security@ctfs.com

Remember, never reply to or click on any links within the suspicious e-mail.

HOW TO HELP PROTECT YOURSELF

Canadian Tire takes your security very seriously. In addition to the efforts we make to protect your information we suggest you take a number of steps to protect yourself, as well. If you ever have any questions about your security online you can always call
1-800-459-6415.

Your Password is Important Information Don’t disclose your password(s) to anyone or save it on your computer.  Choose a password that is unique and memorable but not easy for others to guess (e.g. birthdays, telephone numbers, or sequential numbers are not good choices).  Disable memorized password functions on your browser.

Use Anti-Virus Measures and a Firewall Use of anti-virus software installed on your computer can help protect you against viruses received through email attachments, downloads from the Internet or other sources.  Keep your anti-virus software updated to help protect against the constant threat of new viruses.  Firewalls filter information your computer can receive from the Internet, and help prevent unauthorized access to or from your computer.  Use a firewall to protect your computer from intrusion by hackers.

Use a Supported Browser and Take Advantage of Software Updates Software updates help reduce your vulnerability to unauthorized access of your computer and hacker attacks. Use a web browser that supports at least 128-bit encryption to access myCTFS.com.  Encryption converts information into a more secure format for transmission.  Most browsers come with 128-bit encryption.

Be Vigilant When Opening and Responding to Emails Canadian Tire Bank does not, and will not, send you emails asking you for information or details around your online banking information. Never give out your online banking customer number or password in response to an email. If you have given us your email address, and have opted into receiving promotional emails, you may sometimes receive email from us that will inform you about Canadian Tire products or promotions. These emails will never ask you to give us personal information related to online banking. If you have received an email that appears to be from Canadian Tire asking you for online banking details, please do not click on any links or reply to the email. Call us immediately at 1-800-459-6415.

More Tips to Help Protect Your Security:

  • Always check the website address when logging in to online banking to ensure the address line contains ‘ctfs.com’.
  • Always log-out of online banking.
  • We will log you out of online banking automatically after 20 minutes of inactivity on your computer, however, you should always log-out at the end of your banking session.

How do I report a fraudulent email message?

Canadian Tire Bank (CTB) does not, and will not, send you emails asking you for information or details around your online banking information. Never give out your online banking customer number or password in response to an email.

If you have given us your email address, and you have opted into receiving promotional emails, you may sometimes receive email from us that will inform you about Canadian Tire products or promotions. These emails will never ask you to give us personal information related to online banking.

If you have received an email that appears to be from Canadian Tire Bank asking you for online banking details, please do not click on any links or reply to the email. Instead, call us immediately at 1-800-459-6415.

How can I help keep myself safe online?

Canadian Tire Bank highly recommends that you always perform all recommended updates from your web browser and operating system. Keeping up to date with the most current security standards will help support the security of your computer and personal data. 

What security measures does Canadian Tire Bank use to protect my privacy?

Canadian Tire Bank knows that you are concerned about the privacy and security of your personal information. We collect only the personal information that is necessary to process your applications or enrolments. To provide you with a safe and secure online experience, we use highest level of security available. To optimize the benefits of this encryption, it is best if you manage your online account using browsers that support this level of security. The most common of these browsers are Internet Explorer 9.0 or higher, Google Chrome or Mozilla FireFox.

SITE SECURITY: HOW YOU'RE PROTECTED

Security Features

  • Customer authentication prevents unauthorized access to your data by asking questions that only you know the answers to
  • Phishing protection ensures you are not providing personal information on fraudulent web sites (phishing is the act of setting up fake emails and web sites to "phish" for someone else's account information)
  • 128-bit encryption provides state-of-the-art protection for your personal and financial information, so you can feel secure

 Customer Authentication

Before you access your account, you must first register it to help protect against fraud.

  • Simply answer a few questions based on information nobody else will be able to answer
  • Since only you will know this information, we can help ensure that nobody other than you is accessring your account information online

Anti-Phishing Features

  • To protect you against phishing scams, we'll ask you to set up a unique combination of information including challenge questions, an image and a personalized caption (eg. Camping is great)
  • Look for you challenge question when you log in. (If you feel your computer is secure, you can register it and skip your challenge question)
  • When you see your image and unique caption, it confirms that you're on our secure web site

 IMPORTANT: If you don't see you personalized challenge question, image or caption when you first sign on, do not provide any login information.

Site Encryption

All your personal and financial information is encrypted before it travels between your computer and ours. That way it can't be intercepted, read or changed by unauthorized users.

  • We use 128-bit encryption, the strongest protection available to keep your data secure
  • You will need to upgrade your browser if it only supports "weaker" encryption technologies like 40-bit or 56-bit
  • To ensure you have a secure connection, look for the encryption key at the bottom of your browser window

For added protection, you will automatically be logged out of any online banking session that sits idle for 20 minutes.