2-Step Verification
St. Stanislaus - St. Casimir's Polish Parishes Credit Union Limited has implemented a new security feature to the Online Banking login process. Upon logging in, Members will be promoted to setup 2-Step Verification on their account.
What is 2-Step Verification
2-Step Verification provides an additional layer of security to the login process. This feature replaces the use of static challenge questions and answers with dynamically generated one-time-only verification codes. Verification codes are generated and delivered from outside of the banking platform and are valid for a single use only. The codes are sent by SMS text message, email, or by a voice call to a mobile phone number, email address, or landline, registered by the member to receive them.
2-Step Verification Enrolment Guide
- Visit our website at polcu.com and click the “Login to Online Banking” button.
- Enter your “Login ID” and “Personal Access Code (PAC)” and click the “Login” button.
- You will be brought to the 2-Step Verification page. You may use a cell phone (for Text Message), an email address, or a cell/home phone (for Voice Call) as a secondary authentication method. Please enter your phone number or email address here and click “Send Code”.
- You should receive a text message, email, or voice call containing your 2-Step Verification Code. Please ensure you are checking both your Inbox and Spam folders.
- Enter your 2-Step Verification code and click “Continue”. If you have not received the verification code, you can choose to select “Change the number” to verify your information or “We can send a new verification code” to try again.
- Once you have entered the correct verification code, you should see a green check mark next to “Enrolment complete”. Click “Continue” again and you should be brought to your online banking accounts page.
Frequently Asked Questions
Why is POLCU implementing this enhanced security?
This feature provides another level of protection for our members. It verifies to us that it's you accessing your account and it provides you with the assurance that you are logging into the real POLCU online banking website.
When will I need to register for 2-Step Verification?
Members will have until May 15th, 2023 to register for 2-Step Verification. At that time, registration will be required. We recommend that members register for 2-Step Verification as soon as possible, to take advantage of this complimentary security feature.
Can I use my Smartphone to register for 2-Step Verification?
Yes, you can use our iOS or Android app as well as mobile web to register for 2-Step Verification.
Do I have to register for 2-Step Verification?
Yes, participation is mandatory for all members who use online banking.
How do I register for 2-Step Verification?
The next time you try to log into Online Banking, you will be prompted to setup your 2-Step Verification settings.
Does my Alias Name and Personal Access Code (PAC) change?
No. 2-Step Verification adds security features, but does not change your Alias Name or your PAC.
How much does 2-Step Verification cost?
2-Step Verification is a free secure service provided to all members at no cost.
Does it take a long time to register?
Setting up the new security features is quick and easy and will take just a few minutes.
Can I use a landline to receive my one-time verification codes?
Yes, You can use a landline to receive the codes using the Voice Call option. You will need a mobile phone number that can receive text messages if You want to use the SMS option.
Do I require both an email address and mobile phone number to use 2-Step Verification?
No, You are only required to setup one of the three options. However, it is recommended to have at least two options setup in case of carrier or email outages or delays.
Can I change my Phone Number and Email Address that the codes are sent to?
Yes, when you are logged into online banking, you will find a "Profile and Settings" menu on the left hand side of the screen where you can go to change your Phone Number and/or Email Address.
Note: Only 1 e-mail, 1 mobile phone number, and 1 voice phone number can be set-up.
What happens if I input an incorrect code during login?
You will have 3 attempts to enter the correct verification code, after which point your account will get locked out. If your account gets locked out, please contact us to have your account unlocked.
Please note that your account will also get locked out of Online Banking if you have entered your Personal Access Code incorrectly three times.
What is Phishing?
Recently there have been attempts by fraudsters to trick people into revealing their personal information and passwords by creating fake websites that look very much like the sites of legitimate financial institutions. They send out random emails with links to these fake websites. Once there, you enter your Alias Name and Personal Access Code on their site, and they use this information to later log in to your account. This type of fraud, known as phishing, depends on you mistaking their site for the real one.
Additionally, POLCU will never send you an email with instructions to click a link to access our website. Therefore, if you receive an email appearing to come from POLCU asking you to click a link and enter your password, you can conclude that the email is phishing, and doesn't come from Polish Credit Union. As always, contact us at 1.855.POLCU.CA to verify anything you are not sure about.
Will 2-Step Verification be used to authenticate other high-risk activities besides high-risk logins?
Yes, 2-Step Verification for Transactions extends Increased Authentication using 2-Step Verification for other high-risk activities, such as changing sensitive data (e.g. bill payee profiles, customer contact information, Interac e-Transfer contact profiles) or completing high-risk payments or transfers.
Is there an option to designate a device as a "trusted" device, exempting logins from that device from stepped-up authentications?
Yes, members can use the bind-device check box during a login authentication to bind their device and exempt them from authentications during future logins from the same device and browser.