At Gateway, we take your security and privacy very seriously. To keep your accounts safe, we have security measures in place which you can read about below.
Despite having these measures in place, you are responsible for keeping your password, passcodes, PINs and one-time passcodes (OTP) used for Gateway’s online banking, banking app, and Eco Visa Debit card safe. If your passcode is deemed unsecure or shared with unauthorised persons, you may be liable for any unauthorised transactions that subsequently occur.
We also recommend not using public Wi-Fi for online banking and keeping your web browser updated on all devices, so you have the latest security updates to help keep your account protected.
To learn more about online security and how to keep your account safe, read our information below.
If you have any suspicion, do not engage with the person any further. Hang up the phone, delete texts or emails, or block the person on social media. You can report a scam below to Gateway Bank or on the ACCC Scamwatch website.
Your Gateway Bank Membership Number, Personal Identification Number (PIN), Passcode/Password for Online Banking and the Gateway App, and Secure SMS codes, allow you to securely access your accounts. Therefore, the security of these access methods is critical.
To help protect your PIN/Password you must take the following steps to guard against its unauthorised use:
Do not write or indicate your PIN/Password unless it is disguised. If you do record it, you are responsible for keeping your PIN/Password secure and protected. We recommend you try to commit your PIN/Password to memory.
It is NOT a reasonable attempt to disguise a PIN or Password if you record it:
Consider using a password manager to create and manage your passwords.
If you believe that another person knows your PIN/Password, immediately change it, and report the matter to the Gateway team.
Never access Online Banking within an email or text link, and disregard emails and texts that request you to do this. Always login directly from the homepage of www.gatewaybank.com.au
With the exception of your nominated verbal password for phone verification, a Gateway consultant will never ask you for your PIN or Online Banking login details. We will also never send you an email or SMS asking for your password or send a link to log into Internet Banking.
Cybercriminals use a technique called phishing to steal personal and business information. Phishing is when cybercriminals pretend to be reputable organisations and send emails, SMS, or messages via chat functions on social media with rouge links. Clicking on these links can allow malicious software to download onto your device or send you to a fake website to enter in your bank details where the scammers are able to view and capture your details.
With scams and frauds rising globally, it’s becoming harder to distinguish what’s genuine or not. Scammers sometimes impersonate banks and send phishing emails and texts leading to a false bank website.
Always be on alert for suspicious emails and text messages. Delete them without opening them. If you accidentally open a suspicious email do not click on any links contained in the email or reply to the address.
Phishing emails are often sent with logos and branding from reputable organisations to make them appear real. Over time, design applications have become more sophisticated, so it is now easier for criminals to craft emails that look real. These emails often contain a call to action such as ‘download’ or ‘click here’ which encourages the recipient to click on a link to enter personal information into a fake website or download a file which will release malicious software onto devices. Phishing emails often portray a sense of urgency or importance with the intent to deceive. They often infer a service will be cut off unless action is taken to pay a bill immediately or that they need to claim money from a tax return.
Like emails, phishing texts can contain a call to action by asking you to click on a hyperlink to enter personal information into a fake website. They can also have a sense of urgency in order to deceive by getting people to respond quickly without thinking. Phishing texts can sometimes appear in the same text conversation as messages from your bank making it hard to determine if its legitimate.
Other ways to identify scam emails and texts:
If you are completely unsure, contact the bank or service provider using details found on their official website to verify if the email you’ve been sent is true. Never reply or use the contact details listed in the suspicious email or text message – always use the contact details listed on the bank or service provider’s official website.
Scammers can also use telephone calls to try and access your online banking details. Scammers can impersonate your bank or other organisations that may require you to use login details to access their services, such as utility companies, Medicare, the ATO or online retailers.
These types of scams are also known as social engineering as scammers use manipulation to pressure targets into giving their info. They can create fake scenarios, such as pretending if you don’t provide access to your account, or pay a bill, a service may be cut off. Never give your personal banking or any login information to anyone over the phone. If you feel a call is out of the ordinary, hang up immediately and call the bank or organisation using a number from their official website to verify the call.
Scammers are becoming more sophisticated in the ways they trick their victims. Scammers can hijack a sender’s ID for SMS and caller ID, thereby impersonating your bank and making it harder to determine if the call is legitimate. Treat calls or SMS with suspicion if there is a sense of urgency - as scammers want you to act immediately and provide sensitive information. If you receive a call or SMS don’t let the sense of urgency deceive you. Stop. Think. Evaluate. Disregard.
Banking staff will never ask you to transfer money or provide personal banking details over the phone or SMS. If you are ever unsure a text or call is legitimate, please visit the Gateway website and utilise the contact number and details to speak to staff and verify if a call or SMS you have received is legitimate.
Always keep your internet browser updated to the latest version - this will ensure the maximum levels of security are provided for online banking access. Internet Explorer is now obsolete and cannot be used to access online banking.
Connecting to a public Wi-Fi has its risks. As it’s public anyone can use it, including cybercriminals. We recommend you only connect to a Wi-Fi network you trust, such as your home network.
Public computers, devices and Wi-FI can be convenient, but they have risks. Proceed with caution when using them - it’s recommended that you avoid using them to access your bank account or log into any accounts that have your personal information. Below are some tips that can help you if you have no choice but to use a public computer or a device that is not your personal one:
Keep your computer secure by installing effective virus programs and firewall protection. Don’t leave your computer while you are logged on to Online Banking, and always remember to logout from Online Banking.
The best line of defence, when it comes to preventing fraud and security risks, is you. Always stay vigilant and informed by constantly learning and keeping up to date with the types of online security issues you may encounter.
Online Banking, Gateway’s internet banking service, provides users with the following security:
Access to Telephone Banking, is protected by the requirement of a PIN. To safeguard your personal information, the following communication practices have been adopted. Gateway will never:
Any changes to our web address will only ever be communicated via our authorised website or other formal means. Furthermore, we will ensure we are always compliant with all electronic access communication legislation and relevant codes of practice. In particular, we will abide by the requirements of the Spam Act 2003 and will ensure that:
To help prevent misuse of your access details, we have the following security guidelines in place:
Secure SMS (Short Message Service) is a service Gateway uses to deliver one-time passcodes via SMS to your mobile phone number or voice message on your landline number. You will be requested to enter an authentication code sent via SMS for certain transactions and functions. You will be prompted to register for Secure SMS when you first attempt to perform a transaction or function in Online Banking. With the exception of your nominated verbal password for phone verification, a Gateway consultant will never ask you for your PIN or Online Banking login details.
Gateway website is secured by an SSL Certificate. The SSL Certificate provides privacy, critical security, and data integrity for your personal information. This means that any data you enter from your computer to our website is secure.
We take your security seriously. For this reason, we partner with Orion, a fraud detection company, to keep your Visa Debit Card safe 24/7. If Orion detects any suspicious activity on your account, you may be contacted on behalf of Gateway by a phone call, an SMS message, or an email.
Cloudflare is implemented to mitigate against DDoS (Distributed Denial of Service) attacks. Recently, Gateway adopted Cloudflare services to thwart bad bots access to online banking where suspicious internet traffic is monitored, challenged, and blocked in case of unexpected response.
Immediately report any unauthorised transactions on your account, passcodes that have been compromised, or the loss or theft of your Visa Debit Card. If your Visa Debit card is lost or stolen, you can report this via Online Banking by selecting ‘Services’ and then ‘PIN/Card Management’.
If you do suspect your security has been compromised in any way, please contact us immediately on 1300 302 474, Monday to Friday, 8am – 6pm (AEST/AEDT).