Protecting your Heritage account and your customers' payment data is a shared responsibility. While Heritage provides digital certificate-based encryption, AVS/CVV fraud checks, and role-based access controls, merchants must also follow best practices to prevent unauthorized access. This guide covers everything you need to know.
Understanding Heritage Security Architecture
Heritage's security includes digital certificate-based encryption (card data never stored on your systems), AVS and CVV/CVV2/CID verification, role-based user access, and authorized contact security that verifies identities before making account changes. These tools reduce your PCI scope and fraud exposure significantly.
Create Strong, Unique Passwords
Your password is the first line of defense for your Heritage account. A strong password should be at least 12 characters long and include a combination of uppercase and lowercase letters, numbers, and special characters. Avoid using easily guessable information such as birthdays, names, or common words.
Consider using a passphrase instead of a single word. For example, "BlueSky@2025Coffee!" is much stronger than "password123." Never reuse passwords across different accounts, especially for your banking credentials. If one account is compromised, unique passwords ensure that your other accounts remain secure.
Enable Two-Factor Authentication
Two-factor authentication adds an extra layer of security to your Heritage account. Even if someone obtains your password, they cannot access your dashboard without the second factor — typically a code sent to your mobile device.
Heritage Online automatically times out if left idle — this security feature applies to all members and cannot be changed. If your account is locked after failed login attempts, call Heritage 24/7 on 13 14 22 or visit a branch to restore access.
Recognize and Avoid Phishing Attempts
Phishing is one of the most common methods cybercriminals use to steal banking credentials. These attacks typically come via email, text message, or phone call and attempt to trick you into providing sensitive information or clicking malicious links.
Heritage Bank will never ask you to reveal your full password, PIN, or one-time codes via email, SMS, or phone. If you receive such a request, do not respond — hang up or delete the message and call Heritage on 13 14 22 to report it. Be suspicious of any communication that creates a sense of urgency or asks you to verify your account immediately. Always navigate to the Heritage website directly by typing the URL into your browser rather than clicking links in emails.
Keep Your Devices Secure
The security of your Heritage account extends to every device you use to access it. Keep your computer, smartphone, and tablet updated with the latest security patches and operating system updates. These updates often include critical security fixes that protect against newly discovered vulnerabilities.
Install reputable antivirus and anti-malware software on all devices you use for banking. Enable automatic updates for these security programs to ensure you're always protected against the latest threats. Avoid accessing your bank account on public computers or using public Wi-Fi networks, as these may not be secure.
Monitor Your Account Regularly
Regularly review your transaction history and payment approvals in Heritage. Investigate any unrecognized BPAY & transfersments, EFT batches, or BPAY & transfersments immediately — early detection is critical for recovering funds from fraudulent transfers. Set up account alerts to notify you of large transactions, low balances, or any suspicious activity. The sooner you detect fraudulent activity, the easier it is to address and minimize potential damage.
Review your monthly statements carefully, even if you check your account online regularly. Sometimes fraudulent transactions are small amounts designed to go unnoticed. If you spot any unauthorized transactions, contact Heritage immediately using the official customer service number.
Use Secure Networks
When accessing your Heritage dashboard online, always ensure you're using a secure internet connection. Public Wi-Fi networks at coffee shops, airports, or hotels can be easily compromised by hackers. If you must access your account while away from home, consider using a Virtual Private Network that encrypts your internet traffic.
Always verify the URL before logging in. Bookmark heritagebank.us.com and type it manually rather than clicking links in emails. Heritage will only contact you from official heritage.com.au email domains.
Be Cautious with Mobile Banking Apps
Heritage is browser-based, so there's no dedicated app to install — which also eliminates the risk of fake apps. Access it from any modern browser on any device. Be wary of third-party apps that claim to provide banking services, as these may be designed to steal your credentials.
Enable screen-lock and biometric protection on any device you use to access Heritage. Never store your Heritage Card Number or Password in plain text or shared credentials in plain text files, browser password auto-save, or shared team documents.
Protect Your Personal Information
Be mindful of the personal information you share online, especially on social media. Cybercriminals often use publicly available information to answer security questions or impersonate you. Avoid posting details like your full birth date, mother's maiden name, or other information commonly used for account verification.
Keep your contact details current with Heritage Bank — your registered phone number and email address are used to verify your identity if you need to reset your password or recover your account. Consider using memorable but false answers that only you would know. For example, if asked for your first pet's name, you might use a random word instead of the actual name.
Log Out Properly
Always log out of Heritage when done, especially on shared computers or after remote sessions. Simply closing the browser window doesn't always end your session. Use the official logout button to ensure your session is properly terminated and your account information is secure.
Clear your browser's cache and cookies regularly, particularly if you've accessed your account on a device that isn't yours. This removes stored login information and browsing history that could potentially be accessed by others.
Stay Informed About Security Threats
Cyber threats are constantly evolving, and staying informed is key to protecting yourself. Follow Heritage's security alerts and updates to learn about new threats and recommended precautions. Familiarize yourself with common scam tactics so you can recognize and avoid them.
Consider subscribing to cybersecurity newsletters or following reputable security experts to stay current on the latest threats and best practices. The more you know about potential risks, the better equipped you'll be to protect your financial information.
What to Do If You Suspect Fraud
If you spot unauthorized card transactions or account access, act immediately: freeze the affected card in the Heritage dashboard, change your password, review all user permissions, and call Heritage support at 13 14 22. For card fraud, Heritage's support team will guide you through the dispute process. Change your password and security questions right away, and monitor your account closely for any further unauthorized activity.
Consider placing a fraud alert on your credit reports if you believe your personal information has been stolen. This makes it more difficult for identity thieves to open new accounts in your name. Keep detailed records of all communications with Heritage regarding the suspected fraud.
Conclusion
Securing your Heritage account requires ongoing vigilance. Strong passwords, role-based user permissions, regular transaction monitoring, and a trained team are your best defenses. Heritage provides the technical foundation — digital certificate-based encryption, AVS/CVV, authorized contact security — and your diligence completes the picture. Stay informed, stay alert, and don't hesitate to reach out to our customer service team if you have any security concerns or questions about protecting your account.