Security

Authentication

For your protection, we require that you “login” to secure areas of our website, FCC Online Services, and/or an FCC Mobile App using your username and password or, where applicable, biometric identifier, such as (but not limited to) a fingerprint scan. Your password should be kept secret at all times because it is used to help verify your identity before you are permitted access to your accounts and information.

You may be required or permitted to set or change your password from time to time. Certain password selection rules will be automatically enforced at the time of selection. Please refer to Section 12 of FCC’s Electronic Access Agreement for additional measures and practices that should be undertaken when creating a password.

If you are unable to provide the correct password or, where applicable, biometric identifier, you will not be granted access. If you or someone enters your username or password incorrectly three times, your account will be locked. To unlock your account, call the FCC Customer Service Centre at 1-888-332-3301.

Secure login using your computer

When you login successfully to secure areas of our website, your web browser will establish secure connection between your computer and our web servers. This will allow you to communicate with us privately and to conduct online transactions safely. To make sure your browser has established a secure connection, look for a padlock security symbol or check the address bar of your browser. If the address starts with “https://” the session is secured.

To further protect against unauthorized access to your accounts, our systems are designed to automatically terminate a secure session if extended inactivity is detected. If your session terminates, you will have to login again to continue your activities.

Online Services Login Activity

For enhanced security purposes, you can see your recent login activity, including the date, time and location that your Online Services account was accessed. To check Recent Activity, login to Online Services, go to Profile Settings and click Account Security.

You may see activity from a location you don't recognize as it is based on your IP address. It is approximate to your actual location but can vary if you are accessing your account on a mobile network. Your location may also appear blank as some ISPs and web hosting services don't specify location information. If the location listed is not nearby or you do not recognize the date and time of the login, and you suspect suspicious activity, change your FCC password and call the FCC Customer Service Centre at 1-888-332-3301.

Keeping your computer safe

Whenever you use your personal computer and the Internet, there is a potential risk of contracting a computer virus or other type of malware. Malware can, for example, modify programs, delete files, erase the content of hard drives, capture keystrokes or install ransomware without your knowledge or consent. The potential consequences of any of these threats could include damage to your personal computer, access to your secret information and the inability to use an FCC website.

Always ensure to educate yourself about online safety best practices and cyber security social engineering methods of attacks (for example, e-mail spoofing and phishing).

Internet software or electronic transmission errors may produce inaccurate or incomplete copies of the content of the FCC website when downloaded and displayed on any computer.

FCC does not assume any liability or responsibility whatsoever for computer viruses or other destructive programs received during the electronic transmission of such content of the FCC website or any sites accessed through links provided therein.

You are responsible for the security associated with your computer. Install a personal firewall system to help protect your computer from intruders. Personal firewalls protect your computer from hostile intrusion from the Internet.

It is also strongly recommended that you use virus protection software on your computer. Any unprotected e-mail communication over the Internet is, as with communication via any other medium (cellular phones, post office mail, etc.), subject to possible interception or loss, and is also subject to possible alteration.

It is important to note that the Internet is not a secure method of communication and that FCC cannot guarantee the privacy or security of customer information submitted to the FCC website or by e-mail over the Internet.

Cyber social engineering attacks

Social engineering is the art of human hacking and requires contact and trust to be successful. It is psychological manipulation of people into performing actions or divulging confidential information. It is a type of confidence trick for the purpose of information gathering, fraud, system access or identify theft. Attackers will attempt to trick you into installing malware or divulging confidential information through file attachments, email links or malicious websites.

Spoofing and phishing

Spoofing or phishing (pronounced “fishing”) is used to fool you into revealing personal information such as login credentials, credit card numbers, or banking information. E-mail spoofing or phishing is a scam where a person sends out legitimate-looking e-mails that appear to come from a legitimate individual or company in an effort to “phish” for personal and financial information from the e-mail recipient. Phishing e-mails may also contain suspicious files, links to suspicious websites or demands for private information.

Be wary of these spoofing or phishing e-mails. If you receive one of these e-mails, delete it immediately and do not respond or act on it.

Always remember, FCC will never send customers an e-mail asking for personal information, account IDs or passwords.

If you receive a suspicious e-mail that appears to have been sent by Farm Credit Canada, please contact our Customer Service Centre at 1-888-332-3301.

Tips for e-mail safety

• Do not provide confidential personal or banking information to anyone in an e-mail
• Avoid filling out forms in e-mail messages that ask for personal financial information
• You should only communicate information such as credit card numbers or account information via a secure website or secure file sharing
• Be suspicious of e-mail attachments from unknown sources. If you do not know or recognize the sender of the
  e-mail, do not open the attachment.
• Be suspicious of unsolicited e-mails that have a sense of urgency and warn that your accounts will be closed or your access limited if you don’t reply
• Do not set your e-mail program to “auto-run” attachments. Always check that e-mails you have received do not contain viruses by running your anti-virus software when the e-mail attachment is received.
• Don’t use links in an e-mail to get to any web page if you suspect the e-mail might not be authentic
• If you do have a relationship with the company mentioned in a suspicious e-mail, phone the company or log onto the website directly by typing in the web address in your browser

Security in FCC Mobile Apps

FCC has also implemented reasonable safeguards with respect to the security of an FCC Mobile App which are designed to protect an FCC Mobile App and the information available in the app from theft, unauthorized use, error or loss. These safeguards include, but are not limited to FCC Mobile Apps being encrypted and FCC having taken reasonable steps to ensure secure data transfers back to / between its servers.

Mobile device security

You are responsible for the general security associated with personal devices that may be used to access an FCC Mobile App or FCC Online Services. We recommend that you take additional measures to protect the security of your devices, including:

• All devices used to access an FCC Mobile App or FCC Online Services should be protected by mobile encryption. Encryption prevents unauthorized users from being able to access the data on the device.
• Ensure that an FCC Mobile App and/or FCC Online Services are only accessed from a secure device, as the security of an FCC Mobile App and FCC Online Services relies on the underlying device's security. Jailbroken devices (namely, a device whose security restrictions imposed by a vendor have been removed, allowing for the user to notably install software from external, uncontrolled sources other than the application store) or rooted devices (namely, a device running an Android mobile operating system through which privileged control / root access over various subsystems has been provided) should not be used to access or use an FCC Mobile App or FCC Online Services.
• Protect the physical device used to access an FCC Mobile App and/or FCC Online Services by using a long, complex password (in accordance with the password rules outlined above and in Section 12 of FCC’s Electronic Access Agreement). You should not leave your mobile device unattended while logged into an FCC Mobile App and/or FCC Online Services and you should log off immediately at the completion of each access.
• If an FCC Mobile App and/or FCC Online Services are being accessed through a Wi-Fi hotspot, ensure that only secure Wi-Fi connections are used. Most public Wi-Fi hotspots do not encrypt the information being sent and are not secure.
• Ensure that your device has up-to-date virus protection and update any applications installed on the device and the device's operating system when new versions are available, as updates may include security patches.
• Ensure you have the ability to remotely locate a lost or stolen device and, when necessary, the ability to remotely wipe all relevant data from a lost or stolen device.
• Ensure that all personal information and any FCC Mobiles apps stored on your device are deleted before you sell, give away or dispose of your mobile device or SIM card.

Lost or stolen mobile device

If your mobile device was used to access FCC Online Services or contains an FCC Mobile App and it has been lost or stolen, immediately change your FCC password via FCC Online Services and/or and call the FCC Customer Service Centre at 1-888-332-3301.

Identity theft

Identity theft and identity fraud are the most common ways criminals attempt to access your personal and financial information.  And in today’s increasingly digital world, it’s a very real threat.

As of June 2020, the Canadian Anti-Fraud Centre has noted an increase in identity fraud reporting where stolen personal information about Canadians is being used to apply for benefits, credit cards, bank accounts, and cell phone accounts.

Learn more about what they are, how to protect yourself and what you can expect from FCC.

Identity theft

Identity theft is where criminals steal someone's personal information for criminal purposes. It can occur in several ways:

• Physically:  having a wallet or purse stolen, retrieving documents that have been thrown away or through stealing your mail
• Online: phishing attempts, data breaches or capturing information you’ve entered on the Internet
• Phone: users try to extract information via a phone call or text message

Identity fraud

Identity fraud is when criminals use stolen personal information for financial gain or to commit other illegal activities. They can use your stolen or reproduced information to:

• Access your computer or emails
• Access your bank accounts
• Buy goods and services
• Hide criminal activity

How to protect yourself from identity theft

Victims of fraud can experience significant financial losses that can create the potential for long-term negative impacts to credit card access, loans and mortgages.

Understanding the threats that exist and how to protect yourself from them can help you prevent identity theft and minimize risk. Here are a few FCC and Government of Canada resources that offer steps to take in your day-to-day activities.

• 5 Simple Steps to Protect Your Personal Information Online
• Easy Ways to Protect Your Farm's Data
• Identity Theft and You
• Protect Yourself Against Identity Theft

Beyond educating yourself and taking preventative measures to reduce the risk of fraud, it’s important to take a guarded approach whenever you’re sharing personal information. If you’re in a situation that raises alarms in your head or sounds too good to be true, trust your instinct. If you’re skeptical about whether an offer or threat is real, contact the organization directly.

If you suspect you’re a victim of identity theft or fraud

If you have any concerns about the confidentiality of your personal or financial information, take these steps to protect your identity and minimize any potential impact:

• Contact Equifax or TransUnion: Ask for a fraud alert on your credit report. The agency will alert other agencies. Renew these alerts every 90 days.
• Request a copy of your credit report: Get it from credit reporting agencies such as Equifax or TransUnion
• Monitor your bank account(s) and FCC lending activity: Ensure there are no transactions or other activity you didn’t authorize.
• Change your passwords and passphrases: Create new, unique passwords and passphrases and don’t re-use any you’ve used to access any other websites or applications.
• Report suspicious activity: If you suspect fraudulent activity in your bank or FCC records, depending on the situation:
  • Contact police
  • Report fraudulent activity on FCC accounts to report.fraud@fcc.ca 
  • Alert any other financial institutions of possible identity theft

What to expect from FCC

We will not present you with unexpected webpages or send unsolicited emails asking for your password, credit card or account information. We are committed to protecting the Privacy and Security of the information entrusted to us.

Related links:

• FCC Fraud Prevention
• Canadian Anti-Fraud Centre
• Canadian Bankers Association
• Government of Canada: Get Cyber Safe