Online banking is one of the most useful things you can do on your iPad or computer. It lets you check your balance any time of day, pay bills without leaving home, and transfer money to family members with a few taps. Best of all, you never have to wait in a queue at the bank again.
Canadian banks invest enormously in security. Your money is protected by multiple layers of technology. But those protections depend on you not voluntarily giving your login details to someone who asks. This guide explains exactly how to bank safely and what to watch out for.
Is Online Banking Really Safe?
Yes — when you follow basic precautions. All major Canadian banks use bank-grade encryption (the same technology that protects military communications) to secure their online banking. Your money is also protected by the Canada Deposit Insurance Corporation (CDIC), which covers up to $100,000 per depositor.
The vast majority of online banking fraud does not happen because a criminal "hacked" the bank. It happens because a customer was tricked into giving away their password or transferring money themselves. Knowing this changes how you think about safety — the threat is not technical, it is social.
Your Online Banking Safety Checklist
-
Always go directly to your bank's website — type the address yourself (e.g. rbcroyalbank.com, td.com, scotiabank.com) or use the official app from the App Store. Never click a link in an email to log in.
-
Use a unique password for online banking — do not use the same password you use for email or other websites. Your banking password should be used nowhere else.
-
Use the official bank app — most Canadian banks have a free app in the App Store. Bank apps are generally safer than using a web browser, and they show your balance at a glance.
-
Only bank on your home Wi-Fi or mobile data — never do banking on public Wi-Fi at a coffee shop, library, or airport. Those networks can be monitored by others.
-
Set up transaction alerts — your bank can send a text or email any time money moves in or out of your account. This lets you spot fraud the moment it happens. Ask your bank to set this up, or find it in your online banking settings.
-
Lock your device when you are done — pressing the side button on your iPad locks the screen immediately. Never leave your device open and unattended while logged in to your bank.
For a step-by-step walkthrough of online banking on your iPad, visit Module 6: Banking & Transactions. It covers everything from checking your balance to paying bills safely.
How to Know You Are on the Real Website
Criminals create fake banking websites designed to look exactly like the real ones. Here is how to tell the difference:
- Look at the address bar at the very top of your screen. The address should start with https:// — the "s" stands for secure.
- Check that the address is exactly your bank's real domain. "td.com" is real. "td-banking.com" or "tdcanada-secure.net" are not.
- A padlock icon near the address bar means the connection is encrypted. This is a good sign — but it does not guarantee the site is legitimate, only that the connection is private.
What Your Bank Will Never Ask You
Criminals often impersonate banks. Knowing what a real bank would never ask helps you identify a fraud instantly:
- Your bank will never call you and ask for your full password or PIN. They may verify your identity by asking for partial information, but never your complete login credentials.
- Your bank will never ask you to transfer your own money to a "safe account" to protect it from fraud. This is always a scam, even if the caller sounds very convincing.
- Your bank will never send you a text asking you to click a link and log in. Legitimate bank texts provide information (e.g., transaction alerts) but do not ask you to click links to authenticate.
- Your bank will never ask you to keep the call secret from family. Genuine fraud departments encourage you to verify independently.
Protecting Your Password
A strong banking password is your first line of defence. A few rules:
- Make it at least 12 characters long.
- Use a mix of letters, numbers, and a symbol if allowed.
- Do not use your birthdate, address, or any information that could be guessed.
- Do not write it on a paper near your device.
- Change it immediately if you think someone else might know it.
Get a full lesson on creating and managing passwords safely in Module 3: Passwords & Biometrics.
Setting Up Two-Step Verification
Two-step verification (sometimes called 2FA or two-factor authentication) adds an extra layer of security to your banking. Even if someone steals your password, they still cannot log in without the second step.
When two-step verification is enabled, your bank sends a one-time code to your phone by text message each time you log in. You enter that code to confirm it is really you. Most Canadian banks offer this — check your online banking security settings or ask your bank to help you set it up.
What to Do If You Notice Something Wrong
Check your account transactions regularly — even just once a week. If you see a charge you do not recognise:
- Do not panic. Sometimes familiar merchants use names that are not obvious on your statement.
- Call your bank's fraud line immediately. Use the number on the back of your card. Explain what you saw and ask them to investigate.
- If fraud is confirmed, your bank will likely reverse the charge and issue a new card. Canadian banks have strong protections for customers who report fraud promptly.
- Report it to the Canadian Anti-Fraud Centre at 1-888-495-8501.
Build your broader online safety knowledge with Module 2: The Security Shield.