At Gateway, we take your security and privacy very seriously. To keep your accounts safe, we have security measures in place which you can read about below.

Despite having these measures in place, you are responsible for keeping your password, passcodes, PINs and one-time passcodes (OTP) used for Gateway’s online banking, banking app, and Eco Visa Debit card safe. If your passcode is deemed unsecure or shared with unauthorised persons, you may be liable for any unauthorised transactions that subsequently occur.

We also recommend not using public Wi-Fi for online banking and keeping your web browser updated on all devices, so you have the latest security updates to help keep your account protected.

To learn more about online security and how to keep your account safe, read our information below.


If you have any suspicion, do not engage with the person any further. Hang up the phone, delete texts or emails, or block the person on social media. You can report a scam below to Gateway Bank or on the ACCC Scamwatch website.

Passcodes, Passwords and Personal Identification Numbers

Your Gateway Bank Membership Number, Personal Identification Number (PIN), Passcode/Password for Online Banking and the Gateway App, and Secure SMS codes, allow you to securely access your accounts. Therefore, the security of these access methods is critical.

Keeping your PIN and passwords safe

To help protect your PIN/Password you must take the following steps to guard against its unauthorised use:

  • We strongly recommend you change your online banking password as soon as you receive your temporary PIN/Password. You should also change your Password/PIN regularly.
  • Your PIN/Password must not relate to any readily accessible data, such as your name, date of birth, telephone number or name of a relative. Nor should it be an obvious combination of letters and numbers or one that can be easily guessed by someone else.
  • Take care to keep your PIN/Password secret, secure and protected. Do not disclose your PIN/Password to anyone, including a family member or a friend.
  • Take care to prevent anyone from seeing you enter your PIN/Password and check your Gateway account statements regularly.


Do not write or indicate your PIN/Password unless it is disguised. If you do record it, you are responsible for keeping your PIN/Password secure and protected. We recommend you try to commit your PIN/Password to memory.

It is NOT a reasonable attempt to disguise a PIN or Password if you record it:

  • In reverse order
  • As a telephone number where no other numbers are recorded
  • Among other numbers or letters with any of them marked to indicate the PIN or Password
  • Disguised as a date (including your birth date) or as an amount
  • In an easily understood code
  • At a minimum, passwords should be 8 characters long but no longer than 15.
  • Whilst it’s important to not pick obvious things like birthdays or pet names, don’t make passwords too complex. Use a longer password you are more likely to remember as they can be harder to guess.
  • Wherever possible, use multi-factor authentication (MFA) for extra security.


Consider using a password manager to create and manage your passwords.

If you believe that another person knows your PIN/Password, immediately change it, and report the matter to the Gateway team.

Online Banking Security

Never access Online Banking within an email or text link, and disregard emails and texts that request you to do this. Always login directly from the homepage of

With the exception of your nominated verbal password for phone verification, a Gateway consultant will never ask you for your PIN or Online Banking login details. We will also never send you an email or SMS asking for your password or send a link to log into Internet Banking.

Phishing emails and texts

Cybercriminals use a technique called phishing to steal personal and business information. Phishing is when cybercriminals pretend to be reputable organisations and send emails, SMS, or messages via chat functions on social media with rouge links. Clicking on these links can allow malicious software to download onto your device or send you to a fake website to enter in your bank details where the scammers are able to view and capture your details.

With scams and frauds rising globally, it’s becoming harder to distinguish what’s genuine or not. Scammers sometimes impersonate banks and send phishing emails and texts leading to a false bank website.

Always be on alert for suspicious emails and text messages. Delete them without opening them. If you accidentally open a suspicious email do not click on any links contained in the email or reply to the address.


Phishing emails are often sent with logos and branding from reputable organisations to make them appear real. Over time, design applications have become more sophisticated, so it is now easier for criminals to craft emails that look real. These emails often contain a call to action such as ‘download’ or ‘click here’ which encourages the recipient to click on a link to enter personal information into a fake website or download a file which will release malicious software onto devices. Phishing emails often portray a sense of urgency or importance with the intent to deceive. They often infer a service will be cut off unless action is taken to pay a bill immediately or that they need to claim money from a tax return.



Like emails, phishing texts can contain a call to action by asking you to click on a hyperlink to enter personal information into a fake website. They can also have a sense of urgency in order to deceive by getting people to respond quickly without thinking. Phishing texts can sometimes appear in the same text conversation as messages from your bank making it hard to determine if its legitimate.

Other ways to identify scam emails and texts:

  • They contain poor spelling and grammar. This could indicate the scammer is from a different country so if you provide banking information to them it may be difficult to track them down.
  • The email is ‘sent’ from a senior person in a company to build authority.
  • Sense of urgency – the content of the email may tell you something will be cancelled, such as a subscription or access denied like a bank account, if something is not actioned immediately.
  • Scammers may pretend to be government organisations or healthcare providers and ask you to provide bank account details so they can ‘deposit’ refunds for service.
  • Various tricks are used to lower your guard, such as ‘security and maintenance upgrades’ or ‘investigation of irregularities’.


If you are completely unsure, contact the bank or service provider using details found on their official website to verify if the email you’ve been sent is true. Never reply or use the contact details listed in the suspicious email or text message – always use the contact details listed on the bank or service provider’s official website.

Social engineering

Scammers can also use telephone calls to try and access your online banking details. Scammers can impersonate your bank or other organisations that may require you to use login details to access their services, such as utility companies, Medicare, the ATO or online retailers.

These types of scams are also known as social engineering as scammers use manipulation to pressure targets into giving their info. They can create fake scenarios, such as pretending if you don’t provide access to your account, or pay a bill, a service may be cut off. Never give your personal banking or any login information to anyone over the phone. If you feel a call is out of the ordinary, hang up immediately and call the bank or organisation using a number from their official website to verify the call.

Scammers are becoming more sophisticated in the ways they trick their victims. Scammers can hijack a sender’s ID for SMS and caller ID, thereby impersonating your bank and making it harder to determine if the call is legitimate. Treat calls or SMS with suspicion if there is a sense of urgency - as scammers want you to act immediately and provide sensitive information. If you receive a call or SMS don’t let the sense of urgency deceive you. Stop. Think. Evaluate. Disregard.

Banking staff will never ask you to transfer money or provide personal banking details over the phone or SMS. If you are ever unsure a text or call is legitimate, please visit the Gateway website and utilise the contact number and details to speak to staff and verify if a call or SMS you have received is legitimate.

Keep your internet browser updated

Always keep your internet browser updated to the latest version - this will ensure the maximum levels of security are provided for online banking access. Internet Explorer is now obsolete and cannot be used to access online banking.

Avoid using public Wi-Fi or public computers for online banking

Connecting to a public Wi-Fi has its risks. As it’s public anyone can use it, including cybercriminals. We recommend you only connect to a Wi-Fi network you trust, such as your home network.

Public computers, devices and Wi-FI can be convenient, but they have risks. Proceed with caution when using them - it’s recommended that you avoid using them to access your bank account or log into any accounts that have your personal information. Below are some tips that can help you if you have no choice but to use a public computer or a device that is not your personal one:

  • Whilst it’s best to avoid entering personal information and passcodes into public computers, if you need to use one, ensure you do not click on ‘remember login details’.
  • Avoid downloading bank statements or personal documents to a public computer.
  • Clear your browsing history when you have finished using the public computer.
  • Ensure your screen is not easily visible.
  • Consider using an incognito tab - an incognito tab refers to a private browsing window in a web browser that does not save any browsing history, cookies, or form data. This feature is designed to provide additional privacy and security for users who do not want their browsing activity to be tracked or saved on the device they are using. In an incognito tab, websites will not be able to access any information about the user's previous browsing session, and any files downloaded will be deleted once the tab is closed. 


Keep your computer secure by installing effective virus programs and firewall protection. Don’t leave your computer while you are logged on to Online Banking, and always remember to logout from Online Banking.

Stay Alert

The best line of defence, when it comes to preventing fraud and security risks, is you. Always stay vigilant and informed by constantly learning and keeping up to date with the types of online security issues you may encounter.

Online Banking, Gateway’s internet banking service, provides users with the following security:

  • Firewalls
  • Encryption
  • Automatic time-outs
  • Secure SMS code authentication 
  • Incorrect password access lock
  • Last login time check 


Access to Telephone Banking, is protected by the requirement of a PIN. To safeguard your personal information, the following communication practices have been adopted. Gateway will never:

  • Ask for your Online Banking login details or Telephone Banking PIN via phone or email.
  • Send you a link to Online Banking via email.
  • Request that your Online Banking or Telephone Banking Password/PIN be communicated to us in any form.


Any changes to our web address will only ever be communicated via our authorised website or other formal means. Furthermore, we will ensure we are always compliant with all electronic access communication legislation and relevant codes of practice. In particular, we will abide by the requirements of the Spam Act 2003 and will ensure that:

  • We secure your consent to receiving any commercial electronic messages.
  • Our emails to you contain clear and accurate identification of who is responsible for sending the message, and how they can be contacted.
  • Marketing emails to you contain an unsubscribe facility, allowing you to indicate that such messages should not be sent to you in the future.

Gateway’s security measures

To help prevent misuse of your access details, we have the following security guidelines in place:

Secure SMS (Short Message Service) is a service Gateway uses to deliver one-time passcodes via SMS to your mobile phone number or voice message on your landline number. You will be requested to enter an authentication code sent via SMS for certain transactions and functions. You will be prompted to register for Secure SMS when you first attempt to perform a transaction or function in Online Banking. With the exception of your nominated verbal password for phone verification, a Gateway consultant will never ask you for your PIN or Online Banking login details.

Gateway website is secured by an SSL Certificate. The SSL Certificate provides privacy, critical security, and data integrity for your personal information. This means that any data you enter from your computer to our website is secure.

We take your security seriously. For this reason, we partner with Orion, a fraud detection company, to keep your Visa Debit Card safe 24/7. If Orion detects any suspicious activity on your account, you may be contacted on behalf of Gateway by a phone call, an SMS message, or an email.

Cloudflare is implemented to mitigate against DDoS (Distributed Denial of Service) attacks. Recently, Gateway adopted Cloudflare services to thwart bad bots access to online banking where suspicious internet traffic is monitored, challenged, and blocked in case of unexpected response.

Immediately report any unauthorised transactions

Immediately report any unauthorised transactions on your account, passcodes that have been compromised, or the loss or theft of your Visa Debit Card. If your Visa Debit card is lost or stolen, you can report this via Online Banking by selecting ‘Services’ and then ‘PIN/Card Management’.

If you do suspect your security has been compromised in any way, please contact us immediately on 1300 302 474, Monday to Friday, 8am – 6pm (AEST/AEDT).