Member Protection

Protection of Personal Information

The security of your information should be one of your top priorities, and is of paramount importance to ECU – A Division of WFCU Credit Union. As always, if you have any questions or concerns, we’re here to help. Contact your branch or email [email protected] for further assistance or guidance.

Take action immediately if you suspect identity theft

  • Contact your credit union immediately if you suspect you have been a victim of identity theft or if there is unusual activity on your account.
  • Report the crime to the police and file a report.
  • Contact each credit grantor who has opened a fraudulent account in your name and close it right away.
  • Change your PIN and PAC numbers for your cards and access to your accounts.
  • Contact Canada Post if you suspect someone is diverting your mail.
  • Document the details of your contacts above with dates, names of the people you spoke with and the specifics of the discussion.

In 2020, we are seeing a rise in the botnet Necurs. What is a botnet? Imagine the damage one infected computer can cause – compromising your email account, gathering sensitive information such as usernames and passwords, granting control of your system to a hacker. Now consider a huge group of these devices working together, that’s what a botnet can do. An attacker can remotely control all of the devices as a group to do things like sending spam messages, generating fake website traffic, distributing ads to everyone in the botnet or coercing payment from users in order to be removed from the botnet.

Necurs is known to use up to 6 million endpoints, delivering some of the worst banking Trojans and ransomware threats in batches of millions of emails at a time, and it keeps reinventing itself.

How does it happen?

Typically, this type of attack starts with a piece of malware that you are tricked into installing, such as:

  • Through an email attachment, any type of document, that when downloaded triggers the installation of the malware.
  • By clicking a link on an ad, such as a pop-up warning that your device has a virus, which will download and install the malware.
  • A software download from an untrusted source that turns out to be malware

How can you protect yourself?

Botnets can be very difficult to detect without the use of antivirus software. Very often the attacker will simply use your device for small, seemingly regular tasks. This type of activity barely registers but when millions of computers carry out the same task simultaneously, the effect can be catastrophic.

Although botnet attacks can be extremely complex, keeping your computer or device from becoming part of a botnet is fairly simple. Here are some tips to keep you safe:

  • Ensure you have a reputable antivirus program installed on your computer and run regular virus scans.
  • Never download attachments from email senders you don’t know. In fact, be very careful about opening emails from unknown senders.
  • If you receive an unexpected attachment from a known sender, be wary as well. Their computers could be infected, and the email unknowingly sent through the malware.
  • Routinely update your software and operating system patches to protect against the daily creation of viruses and vulnerabilities.
  • Avoid untrustworthy websites and ads. Be extremely cautious about downloading any software from websites you do not recognize.

Overall, the best protection is safe browsing and download behaviours and the installation of reputable anti-virus software. Keep it up-to-date and run regular health checks on your machine. Your anti-virus software should easily remove or block the botnet malware from your computer and prevent any future infections.


Romance and Emergency Scams use your own emotions against you to rob you of your money; and in a time of social isolation and financial uncertainty for many due to Covid-19, scammers are taking every opportunity they can to take money from unknowing victims.  Knowing what to look for and how to identify potential fraud scenarios can help protect you and your money. For tips and tricks on what you can do to protect yourself against falling victim to fraud click here.

With many members working or spending more time at home, they are interested in finding new ways to pass the time.  Online gaming may seem like a harmless way to have some fun – and it can be as long as you remain vigilant to potential fraud.

Please note that it is illegal for online gaming sites or hosts to request money to participate in any sort of gaming activity or for you to pay to participate in any online gaming.  Online gaming can include games of chance, bingo, raffles, poker, squares, etc., and must be run through the Ontario Lottery and Gaming Corporation (OLG).  It is important that members do not send funds to or participate in games run through social media sites that are not properly licensed.

If you are asked to pay to play think twice – make sure the host holds or displays a valid license!

Money Laundering

Money laundering claims many victims. Drug trafficking, illegal arms sales, prostitution, commercial fraud, people smuggling, corruption, and organized theft threaten the safety and security of our community.

Compliance with Proceeds of Crime (Money Laundering) Act helps detect, deter, and prevent money laundering activities. Under this Act is mandatory information, record keeping, and reporting requirements for financial entities including credit unions.

You will be asked to provide identification such as birth certificate, driver’s license, or similar type identification at account opening or when processing specified transactions.

MemberDirect® Online, Mobile Web, and Mobile App Security Features

ECU – A Division of WFCU Credit Union has several security measures in place to ensure the safety of our online banking environment and we continue to improve upon those measures as new technologies come into play.

Enhanced Personal Access Code (PAC)

Members who login to MemberDirect Online or the Mobile App for the first time will be asked to change their PAC to comply with the following parameters:

  • A minimum of 8 characters and a maximum of 30 characters
  • At least 1 uppercase letter
  • At least 1 lowercase letter
  • At least 1 number
  • At least 1 special character – examples @#$-!|
  • No spaces

It is important to note that Enhanced Personal Access Codes will not affect Telephone Banking Codes which will remain as they currently are.

You can change your PAC when you login to Online Banking or use the Mobile App at anytime. Simply choose Profile and Preferences and then Change Personal Access Code.  If you require assistance, please contact your branch.

Additional Security Enhancements

MemberDirect Alerts help you to be confident and in control of your finances by notifying you about account activity including the addition of a new bill payment vendor or e-Transfer recipient, PAC code change or Online Login. Alerts can be sent by text message or email. If you haven’t set up alerts, it is recommended that you do so right away!

Increased Authentication delivers an additional layer of security by asking members to self-select three challenge questions, in addition to their unique personal access code.

This feature uses an advanced algorithm to detect suspicious online activity by creating patterns of usage by members based on device, location and other behaviours. The data can help to identify and prevent potentially fraudulent activities.

MemberDirect also employs a cyber security measure as a defence against fraudulent login attempts by blocking login access when unusual login attempts are detected.


For more information on our Member Protection: