Here are some of the measures we have in place to ensure that your online transactions remain secure.
Access to our Web site is controlled by a firewall, which is a security device that filters requests for access to our Web site and blocks any attempts at unauthorized access.
All transactions involving your online account and our quote tools are encoded, using 128-bit encryption for transfers between our systems and your computer.
Encryption is a cryptography procedure that makes a document unreadable by anyone who is not authorized to access it. With 128-bit encryption, the chances that a hacker could take control of an online session are reduced to virtually zero.
The confidentiality of your transactions is also protected through the Secure Sockets Layer 2 (SSL 2) protocol, which guarantees that transferred data will not be decoded by unauthorized persons. This protocol makes it possible to encode the data exchanged and authenticate the server, so that only authorized persons are permitted to decode the transferred data.
We regularly call on outside firms to conduct audits of our Web site. This inspection consists of an exhaustive analysis of the Web site’s functions, to confirm that our processes are carried out according to recognized best practices.
Phishing is the practice of sending out unsolicited e-mail in which the recipient is asked, under various pretexts, to click a link to a false Web site. The phisher then collects the information provided and uses it to commit fraud. The fake Web site, like the e-mail, appears legitimate because it is often an exact copy of the actual institution's or company’s Web site.
After clicking a link or an attachment to the e-mail, the user is directed to a fake home page to open a session. On this page, additional data fields have been added to fraudulently collect personal information.
How Can You Recognize Fraudulent E-mail?
You need to be on your guard, because criminals use the same colour schemes and logos as the company they’re imitating, making their e-mails look exactly like the real thing.
Don’t imagine that you’ll be able to recognize fraudulent e-mail at a glance. While in the early days of this type of scam, e-mails were often amateurish and obvious fakes, today’s fraudulent e-mails have come a long way.
To distinguish between fraudulent and legitimate e-mail, focus on the content of the message rather than its security trappings. Logos, slogans, security markings, and backgrounds will, in most cases, be perfect counterfeits of the originals.
Here are a few characteristics of fraudulent e-mail:
- The content of fraudulent e-mail seeks, urgently or otherwise, to get you do something for one of the following reasons:
- You are a finalist in or have won an official contest.
- There has been an attempt to breach your computer.
- You need to update your personal information or your account will expire or be frozen.
- Fraud has been discovered involving your account, and, unless you provide certain information, you will be held responsible.
- The messages contain a hyperlink that appears legitimate, leading to a fake version of your online account.
- The e-mail is often signed by, or uses the letterhead of, a security group.
- Some e-mails have attachments.
We will never communicate with you by e-mail in any of the above situations.
If you receive an e-mail with any of these characteristics, it is likely that the e-mail is fraudulent, and is therefore a case of phishing aimed at you.
It is not our practice to solicit confidential information on clients via e-mail. If you receive a request of this type, do not reply.
Protecting Your Identity
We do everything in our power to keep the information you provide during your online sessions confidential. Nevertheless, you should also take the personal safety measures we recommend in order to maintain optimal security.
Clear Your Computer’s Cache Memory
If you are using a computer that is shared by several users, we strongly recommend that you clear your browser’s cache memory so that you do not leave an information trail that can compromise the confidentiality of your private data.
This recommendation is particularly important if you use public computers, such as those in libraries, cyber cafés, community access centres, and so forth.
If you don’t know how to clear your browser’s cache memory, check your browser’s help section.
Manage Your Passwords
When choosing a password for your online account, be sure to follow the advice below to keep your personal information well protected:
- Choose a password that you will find easy to remember.
- Do not base your password on personal information; it will be more vulnerable to discovery by swindlers.
- Never reveal your password to anyone.
- Do not save your password on your computer.
- Do not write your password down anywhere.
- For the highest level of security, change your password regularly.
Close Your Session
It is important to close your session as soon as you’ve finished using your online account, or if during a session, you need to leave your place momentarily or leave the computer unattended.
To end a session securely, click Quit, clear your cache memory, and shut down your browser.
These operations are even more important if the computer you use for your online transactions is shared with others.