Privacy & Security Statement
We are committed to protecting your privacy and safeguarding your personal and financial information.
While the internet is revolutionizing the way that we do business – providing convenient access to financial services from your home or office – we also recognize that it may bring legitimate concerns about privacy and security.
How is my Information Used & Collected?
This section describes in general terms how your personal information is collected and used within the online account services section of our website. This area of the website requires you to use your User ID and Passcode to enter.
Controlled Access to your Information
To ensure you are the only person accessing your personal financial information, we restrict access to the online account services section of the website by requiring that you enter your User ID and Passcode to login. Only you know your Passcode. Our employees do not have access to your Passcode, and they will not ask you to reveal it. If someone does ask you to provide your Passcode to them, we ask that you refuse to do so and contact us immediately.
Our online account services features many transactional functions such as transfers between accounts and bill payments. These transactions are all logged to ensure your accounts are debited or credited appropriately, and a history of each transaction is available to verify your account information. We store and use your transactional information in the same fashion as if you performed the transaction at a branch or through any other service channel. We may also use transactional information for servicing your account – for example, billing you for the particular transactions that you perform, or for the services you use.
Creating a Secure Channel
We create a secure channel between your browser and our server to protect your information when you use our website.
To provide you with a convenient method for changing account information or purchasing financial services products such as cheques, we may provide secure online application forms. These forms capture personal information that we use to provide you with the products and services you request. This information is processed in a similar way to application forms received through our other channels.
Website Usage Statistics
To continually improve our site, we often collect statistics about how our Members are using it. These statistics are only viewed in the aggregate and are not associated with you as an individual. We use this information for purposes such as improving the pages where our Members are having difficulties. The information collected may include your IP address, your browser type and your operating system, as well as data such as the number and types of pages visited and the length of time spent per page and on the site overall.
We also use a key web technology called cookies. A cookie is a small information token that sits on your computer. As you use this site, cookies are passed back and forth between our server and your browser.
Specifically, we use two kinds of cookies — session cookies and persistent cookies. A session cookie exists only for the length of your browsing session and is deleted when you close your browser. A persistent cookie stays on your computer after you close your browser. A persistent cookie may or may not expire on a given date.
We use a session cookie to maintain the integrity of your online account session. With each page you visit, the cookie is passed back and forth between our server and your browser. We use the cookie to distinguish your session from the many others that may be happening at the same time. Our session cookies never store any personal information, such as your name, date of birth, or financial information, such as your accounts and balances.
Most recent browser versions allow you to set some level of control over which cookies are accepted and how your browser uses them. For example, it may be set to notify you when it is receiving a cookie so that you accept cookies from only known, reliable sites such as this one. If you are concerned about cookies, we encourage you to upgrade your browser to a recent version and review the Help section of your browser to learn more about its specific control features.
Automatic Session Time-outs
In the event that you leave your computer without logging out, the online account services feature of this site has been designed to end your session automatically if our system detects you haven’t provided any instructions or used the browser buttons to navigate for several minutes. To restart the session, you will need to provide your PAC again.
To communicate with us electronically, we strongly recommend that you use our Contact Us feature. This feature provides a secure channel for sending us comments, questions or instructions.
Lighthouse’s dedicated fraud team works to prevent, detect, and investigate fraud. Our daily business activities and due diligence practices include these security measures:
- Regularly updating fraud detection and prevention systems and measures;
- Ensuring our monitoring systems, controls, and security technologies are up-to-date and complemented by rigorous security procedures;
- Proactive communications with Members to ensure transactions are legitimate.
Lighthouse’s online banking system is built upon a robust security framework so Members’ accounts and information are kept safe from unauthorized access. The following are some of the measures in place for online protection:
- Increased Authentication: Increased authentication is one of the best ways to reduce the risk of unwanted access to an online account. The Member is required to select personal answers to security questions. Once the questions are set up, when access is attempted from an unrecognized device or computer, the system prompts the user to answer a security question before granting access. Failure to answer correctly after a few tries shuts out the user from further attempts and access is denied until re-instated by Lighthouse.
- Encryption through SSL Technology: Secure Socket Layer (SSL) technology encrypts information as it moves from a Member’s computer or device to our online banking system, ensuring a secure connection between a user and our banking site.
- Account Alerts: Members may choose to receive alerts by email or text whenever their account is accessed. For example, when log-in information is changed, if an additional payee or e-transfer recipient is added, and more. Alerts exist to ensure Members are aware of changes and can react quickly if they are not the one who initiated the change.
- Multiple Levels of Security: Firewalls and multiple levels of server security are in place, internally and externally, to protect our online environment.
- Use of a Personal Access Code (PAC): A PAC is your password to enter your online banking. (This is different from the PIN number used at ATMs or with a debit card at a point of sale.) The following best practices will protect your PAC:
- Choose a PAC that is different from your other passwords.
- Don’t include the numbers or symbols used in your PIN for ATMs or debit card purchases.
- Make sure your PAC is easy for you to remember but difficult for others to guess. Don’t share your PAC.
- Don’t write it down.
- Don’t store it on your computer or device.
- Don’t disclose your PAC in a voice mail or email.
- When you input your PAC, shield it from others.
- Change it regularly.
Be Aware: Common Scams
You are a primary line of defense against any fraudulent scheme. The following are a few tips that can assist in preventing fraudulent activity:
- Never conduct financial transactions on behalf of strangers.
- Be suspicious of any offer that sounds too good to be true.
- Just because someone sends you a cheque doesn’t mean it is valid. If it is found to be NSF (insufficient funds in the account on which the cheque is drawn), it will be reversed out of your account and may put your account in a negative balance.
- If you deposit a cheque, never wire funds to someone (based on the value of that cheque) until you’ve confirmed it is legitimate.
Cheque fraud, the most common financial crime, includes the following:
- Counterfeit: cheque not written or authorized by the legitimate account holder
- Forged: cheque signed by someone other than the account holder
- Altered: cheque intercepted by someone who altered the payee and/or the amount
Minimize Your Risk of Cheque Fraud
Consider ways in which you can reduce your use of cheques, if possible. Electronic payments such as wire payments, direct deposit, and pre-authorized payments are more difficult to falsify or intercept. If you do use cheques, here is some advice:
Keep cheques in a secure location. Burglars know to search for cheques.
- It’s generally wise to destroy any cheques that may be left over from a closed account.
- Review chequing account statements as soon as you get them. (Or frequently check your online statement.) Contact your branch immediately if you notice anything unusual or unauthorized.
- When laser-printing your own cheques, use cheque paper with permanent toner to permanently bond ink to paper.
Typical Phone Scams
Many scammers will attempt to reach you by phone and will target an individual in one of the following ways:
- Tech Support Scams: This type of scam feeds off people’s fear of computer viruses when an individual calls and falsely represents a reputable company with offers of “free security scans,” virus removal services, or anti-virus subscription renewals. After gaining the victim’s trust, the scammer may conduct a remote session on a person’s computer and then install their own products or steal personal information. Understand that major tech companies never call unless they are responding to a call you initiated. If you receive such a call, do not purchase software or services from them, provide your financial information, or share control of your computer. Instead, record the phone caller’s number and other information and then report it to your local authorities.
- Tech scams also manifest as alarming – but fraudulent – pop-up warnings on your computer or emails claiming a computer is infected. Messages appear legitimate with an offer to remove a virus but the real intent is to deceive someone into providing access to their system or private information. They may also offer “services” requiring payment. As with a tech scam phone call, do not respond to these pop-up messages or emails.
- The Canada Revenue (CRA) Scam: You should understand that the CRA does not initiate a conversation with taxpayers by phone. When the CRA needs to communicate, the first communication is by mail. They do not use email, text, or social media to contact taxpayers. So if someone calls, emails, or texts you claiming to represent the CRA, it’s a scam. Ignore their threats about owing back tax or the need to transfer money or provide private information. If in doubt, hang up and call the CRA yourself to see if the query is legitimate. If not, contact the police.
- Fundraiser / Charity Scam: Be cautious about fundraisers or charity campaigns with which you are not familiar, especially if you are offered a generous gift in exchange for your donation. Ask for verification of legitimacy (a website, printed materials, a CRA registered charity number, etc.) before donating money for a cause.
- Grandparents / Emergency Scam: Scammers know you care about your family. If someone calls claiming to be a relative in trouble who needs emergency funds, ask that person a personal family-related question that only your true relatives or close friends can answer. You can also hang up and call back your relative’s phone number to see if the call is legitimate. Don’t succumb to the urgency communicated by the caller or the play on your sympathy.
- Credit Card Scam: If someone calls representing themself as an employee of a credit card company with news that your card or account has been compromised, and then tells you not to contact your financial institution for any reason, hang up. It’s an attempt to have you release personal information or conduct unwanted transactions. Understand that banks and credit card companies already know your account or credit card number as well as your personal details. Only trust the phone number printed on the back of your credit or bank card.
Familiarize yourself with these common scams:
- Lottery Scam: If you receive a cheque accompanied by the claim you won a sweepstakes or lottery you never entered, be very skeptical. Often you’ll be told the cheque represents only part of your winnings with the remainder to be released once you “pay the tax.” This is an obvious scam as tax on lottery or sweepstakes winnings (if any) are paid directly to the government.
- Overpayment Scam: With this scam, someone buys something from you but overpays for example, through an online classified listing such as Kijiji. Shortly after, you are asked to refund the difference. After, you discover the original payment to you was fraudulent and so your financial institution reversed the payment! If you already sent back the difference, you’ll be at a loss.
- Earn Money from Home Scam: Be careful if someone contacts you to be a mystery shopper or an account manager from home and they “pay” you in advance. Like the “overpayment scam,” they’ll pay you too much & then ask for a refund. After you refund the difference, you’ll find the cheque for your “pay” bounced and you’re now out of pocket for the refund.
- Foreign Investment Scam: Watch out if you’re asked to invest in a foreign company or property and then receive a cheque as an “advance” on future profits. Usually it’s followed by a request for you to send money for “service charges” on profits. You will then likely discover that the “advance” you deposited was fraudulent and returned, leaving you at a loss for the so-called “service changes.”
- Inheritance Scam: Be suspicious if you are contacted out of the blue (by letter, phone, text, email, or social network) by someone claiming to be a lawyer, banker, or foreign official saying you stand to inherit from a distant relative or wealthy benefactor. This is often followed by a request for you to pay “service fees” before you can inherit. That’s not how a legitimate inheritance works.
You must protect your identity because a criminal can piece together enough information about you to change your address, apply for loans or credit cards, and open accounts in your name.
- Shred documents with your personal information.
- Use caution when posting any personal information online.
- Do not give account or card number information to anyone – in person, over the phone, or online – unless you know who you are dealing with.
- Do not carry your Social Insurance Number card in your wallet unless it is necessary.
- If your wallet or purse is lost or stolen, contact Lighthouse immediately at 416 477-5285 to block your accounts and cards from use.
- At least once each year, check the accuracy of your credit report. Contact Equifax or Transunion.
- Protect your Personal Identification Number (PIN) by blocking the view as you enter your PIN. Stay alert when you are using a bank machine by yourself.
Stay alert when you are using a bank machine by yourself.
Protection Against Phishing
Phishing is an attempt to trick you into disclosing personal or financial information. This could be attempted through an unsolicited email or text that appears to be from legitimate companies involved in financial services claiming your account has been breached. You are then urged to click on a link that takes you to a website which looks authentic…but it’s fake. The phony site will ask you to change your password and/or provide personal information such as credit card and account numbers, date of birth, social insurance numbers and other personal details.
Be careful of all such attempts and remember: Your financial institution already has your important information and would never request you to provide personal information via email or text. Call your financial institution yourself to verify the legitimacy of any email or text you receive, if you are suspicious.
General email is not secure since it passes through many points on its route from you to us. If you are using general email to communicate with us, we strongly recommend that you do not include personal financial information (such as account numbers) within the email as we cannot guarantee its confidentiality en route to us.
When you email us your comments, questions or instructions, you provide us your email address and we use it to correspond with you. We then store your email and our replies to you in case we correspond further.
Links to Other Sites
Our site may also contain links to other websites or Internet resources. However, we have no control over these other websites or Internet resources and do not control their collection, use and disclosure of your personal information. Always review the Privacy Statements of the sites that you are viewing.
We welcome any questions or concerns about your privacy relating to use of our website. Please use the Contact Us form to submit your questions or comments.
As we continue to expand our online account services to serve you better, and as new Internet technologies become available, we may update the information on this page at any time, to reflect changes.
Memorized Accounts Feature
We use a persistent cookie to store information to help you personalize the site and to make it easier to use. For example, we allow you to make the login easier by remembering your login information within our Memorized Accounts feature. Since the Memorized Accounts feature is optional, this cookie only contains information you have entered into it. We never store your Passcode in a cookie.
To ensure no-one else can access your personal information, always use the logout button to end an online session. It is located at the top of every page. When you exit using the logout button, we delete your session cookie so that your session cannot be resumed unless your User ID and Passcode are re-entered.