Online Privacy & Security
We want to provide all members with a safe and secure online experience when using our digital banking platforms, visiting our website or other web pages, and communicating with us electronically. Though technology allows us to interact in new and different ways, our promise of providing member-focused, knowledgeable, and secure banking experience is at the core of our business, as it has been for 80 years and counting.
Secure digital banking | Personal and business
*Please note the information directly below pertains to digital banking for personal and business use accessed at online.scu.mb.ca or through our mobile app. If you would like to learn about the privacy and security features of MemberDirect® Business Services, our online enterprise banking service for larger organizations, please click here.
Our digital banking platform for personal and business use is designed to make accessing and managing your finances convenient, intuitive and secure. As always, we advise that you take additional precautions while browsing online and practice good cyber hygiene like strong passwords, safe browsing and regularly monitoring your accounts.
Let’s work together to protect your accounts and keep your money safe.
Mobile app permission requirements
To operate successfully, our mobile app requires the following permissions and activities:
- “Access Camera” permission is used by the app to deposit a cheque via mobile deposit capture, and to store a custom profile picture and background.
- “Access Location” permission is used by the app to accurately locate the nearest ATM or branch in the “Find Us” feature.
- “Call Permission” is used to automatically call your preferred branch by tapping on the phone number in the “Find Us” feature.
- “Contacts Lists” permission is used to set up new Interac e-Transfer® contacts and send an Interac e-Transfer. Interac can only read the device contact information you confirm.
- “Internal Storage” permission is required to view, share and download PDF files from the mobile app to your device.
- “App Activities” uses mobile app interaction data for analytics on usage and crash information for the current app version. We also monitor application stability using the crash logs to make ongoing improvements. Data collected on app activities, information, and performance is completely anonymous and aggregated — individual users are not identifiable.
Our security protections
Our digital banking system has industry-leading security capabilities, including robust fraud prevention, cyber security features, and high-risk transaction protections to ensure that your transactions are secure while data is transmitted between your device and our banking server.
Encryption
We use 256-bit TLS encryption on our desktop online banking site and mobile app, enabling you to easily and securely complete banking transactions on your phone, tablet or computer.
Controlled account access
You have control over your account access – only you should know your username and password. Our employees do not know your password, nor will they ever require it from you.
Two-factor authentication
To help protect you and secure your transactions within online banking and our mobile app, we use authentication codes as a form of two-factor identification. When conducting higher risk transactions in digital banking, such as adding a new bill payee, you will receive an authentication code via text or email. You will also receive an authentication code when you log in for the very first time if the email address or mobile number information you enter is not on file with us.
Account alerts
You will receive an email alert anytime your digital banking password is changed, new biometric access is added, or there is a password attempt lock. With the touch of a button, you can easily set up additional alerts to help you manage your finances and provide an additional layer of security.
Password protection
There is a maximum number of attempts to input your digital banking password. If you exceed this number, your digital access will lock, as a safety measure. You can unlock your digital access by clicking the Forgotten password link, which will send an authentication code so you can create a new password. The authentication code will come to the email address or mobile number associated with your digital banking profile.
Secure sign out
To ensure the security of your banking session, we recommend that you always sign out. To protect your privacy and information, the banking system will automatically end your online banking session after a set period of inactivity. At that time a pop-up box will appear, asking if you are still using the site. If no activity occurs after one minute, the system will automatically log you out.
Secure digital banking | Enterprise
MemberDirect® Business Services is our enterprise online banking platform. It is tailored to meet the needs of larger organizations or organizations with robust business banking needs.
Our security protections
We take many precautions to protect the online banking environment and ensure your information is safe. MemberDirect Business Services offers you the best security currently available in a commercial online banking environment so that your personal and financial information is protected while in transit between your computer and our server.
Access to our databases is strictly managed and systems are in place to ensure security is not breached, including the physical security of our computer hardware and communications.
Encryption
To access MemberDirect Business Services, your browser must support 128-bit Secure Sockets Layer (SSL) encryption. Encryption ensures that information cannot be changed or read in transit, by scrambling the data using a complex mathematical formula. Some browsers can create a more secure channel than others, owing to the ‘strength’ of their encryption.
Controlled access to your information
You have control over your account access – only you know your sign-in credentials and password. Our employees do not have access to your Personal Identification Code (PAC), nor will they ever require it from you. Access to MemberDirect Business Services requires you to enter your MemberCard number and PAC to log in. If someone does ask you to provide your PAC to them, we ask that you refuse to do so, and contact us immediately. We recommend that use your MemberDirect Business Services password for online banking purposes only. Select a different password for other secure logins uses.
Transactional services
By nature, the MemberDirect Business Services online banking site has many transactional functions, such as transfers between accounts and bill payment functions. These transactions are all logged to ensure that your accounts are debited or credited appropriately, and a history of each transaction is available to verify your account. We store and use your transactional information in the same fashion as if you performed the transaction at a branch or any other service channel. We may also use transactional information for servicing your account. For example, billing you for the particular transactions that you perform, or for the services that you use.
Enhanced security feature
On the login screen of MemberDirect Business Services, our enhanced security feature provides you even greater control over your privacy. When you select the Enhanced Security checkbox, it will prevent your browser from caching (storing in the computer's memory) those pages that you have viewed. Should you click on the Back button to view a previous page during a session, the page will be recalled directly from our server. Therefore, when you logout, no one will be able to view your information by clicking on the Back button, or by viewing the browser's history. Use the enhanced security features function if you are accessing your accounts from a publicly available computer such as in a library or airport, or from an unknown computer in a new location.
Secure logout
When you exit using the logout button, MemberDirect Business Services deletes your session cookie so that your session cannot be resumed unless your MemberCard number and PAC are re-entered. We encourage you to always use the logout button to end your session to ensure no one else can access your personal information.
In the event you leave your computer without logging out, the MemberDirect site has been designed to end your session automatically if our system detects you haven't provided any instructions or used the browser buttons to navigate for several minutes. To restart the session, you will need to provide your PAC again.
Cookies
As you use MemberDirect Business Services, cookies are passed back and forth between our server and your browser. While cookies can be used for a variety of reasons, we only use them where they are of benefit to you.
Specifically, we use two kinds of cookies, session cookies and persistent cookies. A session cookie exists only for the length of your browsing session and is deleted when you close your browser. A persistent cookie is a cookie that stays on your computer after you close your browser. A persistent cookie may or may not expire on a given date.
We use a session cookie to maintain the integrity of your online banking session. With each page that you visit, the cookie is passed back and forth between our server and your browser. We use the cookie to distinguish your session from the many others that may be happening at the same time. Our session cookies never store any personal information, such as your name, date of birth, or financial information such as your accounts and balances.
We use a persistent cookie to store information to help you personalize the MemberDirect site and to make it easier to use. For example, we allow you to make the MemberDirect login easier by remembering your MemberCard number. Since this feature is optional, this cookie only contains information that you have entered into it.
Most recent browser versions allow the user to set some level of control over which cookies are accepted and how your browser uses them. Many browsers will allow you to accept cookies from only known, reliable sites that you select, such as the MemberDirect site. If you are concerned about cookies, we encourage you to upgrade your browser to a recent version and review the Help section of your browser to learn more about its specific control features.
Links to other sites
The MemberDirect site may contain links to other websites or online resources. We have no liability for or control over these other websites or online resources or their collection, use and disclosure of your personal information. Always review the privacy policies of the sites that you are visiting.
Service partners
In providing our complete online banking service, we often use external service partners and suppliers to assist us. In performing their duties, these service partners may handle components of your personal information on our behalf. We ensure, through our contracts with these partners, that they handle your information with the same standard of care that you have come to expect from us. Our suppliers, like our employees, are bound to maintain your confidentiality and may not use the information for unauthorized purposes.
Some of our partners require that you first register with their service to permit us to tie their functionality into the MemberDirect Business Services site. Registration for these external services will always be at your discretion. We may append personally identifiable data to this registration for the partner to use to compare and validate the registration. You will always be notified of such an action during the registration process.
We use email to communicate directly with our members. We may store your correspondence and exact email address for future communications directly with you. Under no circumstances do we sell email addresses to any other party.
Secure email
We always use encrypted or protected email when sending sensitive or confidential information or documents. Encrypted emails are managed through a secure web-based portal and may be initiated by a member of our staff, or you may be provided with a secure link in order to send an email to us.
When you receive an encrypted email from us, you will be prompted to select Read the Message, and you will be able to reply like a regular email and add attachments as necessary.
Learn more about using encrypted email — Outlook (microsoft.com).
Do not use unencrypted email to send sensitive and confidential information or documents. It’s important to remember we will not ask you to share any personal information without using the secure web portal.
For tips on email best practices, visit our fraud prevention centre.
Marketing emails
As a member of SCU, your email, if provided, is added to our member database to receive emails regarding SCU products, services and general notices and information. These emails are sent via third-party online software. You can opt out of these emails at any time by clicking ‘Unsubscribe’ within an email communication, or by asking an SCU representative to update your email consent.
Website and webpages
Usage statistics
To continually improve our website and web pages, we collect statistics about how people use them. These usage statistics are only viewed in aggregate and are not associated with you as an individual. We use this information for purposes such as improving pages to be more user friendly.
The information collected may include your IP address, your browser type and your operating system, as well as data such as the number and types of pages visited, and the length of time spent per page and on the site overall.
Cookies
‘Cookies’ are small text files that are stored on your digital device when you visit a website. ‘Session cookies’ are deleted when you close your browser. ‘Persistent cookies’ stay on your device until you delete them from your cache, or until they expire. We use both types of cookies to help us provide you with a better overall digital experience. By continuing to browse our site, you are agreeing to our use of cookies. You have the option to block cookies through the settings feature of your browser, but please note this may have a negative impact on your experience with our website.
Use of Third Parties
SCU may use third party providers, such as Google Analytics, to help collect and compile website information like the number of visitors to our site, where visitors came from to enter the site, and the pages they visit while on the site. We also use these services to help measure the effectiveness of our advertising and communication efforts. Third-party providers may also use cookies to deliver content that is relevant and of interest to you under their own cookie and privacy policies .
Your IP address may be collected along with identifying the device type you are using on the date you visited our site. These third-party providers can supply non-identifying, aggregate data only, and do not collect or provide personal identifying information. SCU may layer this aggregate data with our own analytical information, but do not connect any of this data to an individual member.
Contact forms
Our website and web pages offer contact forms that allow you to communicate with us. Our contact forms may ask you to provide contact information such as your name, email address, phone number, and city. This is so we can respond to your request.
We may also ask you to identify if you are an existing member, your preferred branch, and other information that will help us best respond to you. We will not share any personal information obtained on our website with any other organization without your consent.
Please note that the contact forms on our website scu.mb.ca and other web pages should not be used to communicate private information such as your member number, account numbers, or other confidential information.
Links to other sites
Our website or web pages may contain links to other websites or online resources. We have no control over these other websites or online resources and do not control their collection, use, and disclosure of your personal information. Always review the privacy policies of the sites that you are visiting.
Interac e-Transfer® is a registered trademark and the Interac logo is a trademark of Interac Corp. Used under licence.