Our online security services
How we protect you
We have a number of measures in place to help keep your account and data safe.
We will never ask you to disclose your User ID or password over phone, email or in person, nor will we send you an email with a link to internet banking. We use HTTPS encryption throughout our websites to ensure that any communication, transactions or online application data between your browser and our websites is safe and secure.
How secure is the Heartland Mobile App?
- Sensitive data travelling across the internet between your device and our systems is encrypted*
- No sensitive information is stored on your device
- We will lock your account automatically if the incorrect password is entered too many times
- The app will time-out if it is left running with no activity
- We use multiple layers of gateways, firewalls, and intrusion prevention devices according to industry best practice
- We conduct security assessments of our app and supporting infrastructure to ensure that potential vulnerabilities are identified and addressed. These assessments are carried out by a third party that specialises in information security
How secure is Heartland internet banking?
- The data you submit between your computer and our internet banking system is encrypted*
- To ensure the payments you make are safe we’ve introduced a passcode verification step. When making payments via the Pay Someone or Pay Multiple Payees screens, you will be prompted for a passcode that will be sent to your mobile as a text message.
*Encryption means your information is scrambled on its journey to our banking system. We unscramble the information after it arrives safely into one of our systems.
How to protect yourself
Check the website you’re on
If you have doubts about the legitimacy of the website you’re on, remove the website address and re-enter www.heartland.co.nz into your browser address bar.
Don't respond to requests for your personal information
We will never ask you for your internet banking password or Keep Safe questions and answers. If you receive a phone call, email or request for your password, contact us immediately on 0800 85 20 20 or at [email protected]. If you’re overseas at the time, you can call us on +64 9 927 9641.
Install anti-virus and anti-spyware tools
Ensure your antivirus is up-to-date as this helps increase the chances of detecting online threats.
Update your browser regularly
For compatibility and increased security we recommend that you use the latest version of your browser.
Create a safe password
The password you choose for internet banking should be different to any other passwords you use across the internet. You should also try and avoid passwords that can be easy for anyone to guess such as your street name or number or date of birth.
Never share your password
Never disclose your password to anyone even if they say they’re calling from Capital South Bank. If you think someone else may know your password we recommend you change it immediately.
Update your password regularly
We recommend you change your password every 2-3 months. It’s easy to change your internet banking password at any time online. Simply log in and choose the ‘Change Password’ option available by hover overyour name at the top right of the screen.
Ensure you log off after each session
This is especially important if you use internet banking at work or on a public computer.
To let us know if the electronic device you use to receive the passcode for access to your internet banking is lost or stolen, or if you become aware of any unauthorised use.
To ensure your internet browser and/or devices are capable of supporting the encryption and other technical requirements of our internet banking which we update from time to time, by updating your web browser.
You shouldn’t use an electronic device which contains software that has the ability to compromise passwords, pin codes and/or data (such as spyware).
Types of Online Threats
These are some of the common threats that can be used to obtain your information.
These are typically emails you receive from a person or company trying to obtain your personal information such as your internet banking username, password, account number or credit card details. This email will direct you to a fake website that will look similar to the actual website and ask you to enter your personal details. These emails could also infect your computer with malware or viruses that may be used to capture your personal information without your knowledge.
If you weren’t expecting to receive an email from us, or have concerns around its authenticity, then make sure you don’t respond or click on any of the links.
This is software that secretly collects your personal information by recording your keystrokes, which are then sent to various people over the internet. You can sometimes unknowingly download spyware while accessing a file sharing site, opening an email attachment or by clicking on a link in an email.
To protect yourself from spyware make sure your anti-virus software is up to date and that your browser and software are up to date. If you think you’ve been compromised then update and run your anti-virus software and update all your passwords.
Report a security issue
If you detect any suspicious online behaviour or email scams, please email Our Capital South security team immediately. We will then investigate your issue and advise you of the appropriate action.
Email: [email protected]