Online & Mobile Banking Security

Privacy policy for Blackhawk Community Credit Union

Digital Banking Security

Digital banking allows you to easily manage your accounts from virtually anywhere. Even though accessing your accounts is much easier, we want you to be aware of security measures we take to protect you and your finances. 

Protecting You & Your Account

Your visit to our online banking site is safe and secure. We employ a "layered approach" of multiple barriers between your account information and the outside world rather than just a single level of security. We utilize measures such as two-factor authentication, encryption, firewalls, intrusion prevention systems, and around-the-clock proactive monitoring, routers, demilitarized zones and antivirus protection. 

Check out the different tabs above to read more about factors used to protect you and your account!

Multi-Factor Authentication

Multi-factor Authentication (MFA) is the process of verifying that you are who you claim to be when logging in to a device or an account. If you're reading this from your computer, you probably logged in to your computer with a password—that's single-factor authentication. But single-factor authentication is no longer enough to keep your accounts secure.

Understanding the types of Identity Claim Factors:

  • Something you own. This is using a mobile phone or device like a hardware key that you have in your possession to prove your identity. Typically, the device provides a code via an application, text message, email, voice call, or an embedded chip. You then enter this code or key, and for successful authentication, the code must match what is expected by the service you’re attempting to log in to.
  • Something you know. This is something you have memorized or stored somewhere, such as a password or a PIN. You must supply the correct response to log in to your device or service.
  • Something you are. This factor is something about your physical body that cannot be altered, such as your fingerprint or retina. Biometric scanners or readers are used to confirm you’re physically the person that you are claiming to be.

In our digitally-driven world, passwords are no longer enough to keep your information safe. These days, it takes minimal effort for hackers to break into, or social engineer their way into, accounts that are only protected by passwords. Adding an extra step—an extra factor—to access your accounts, such as entering an authentication code, means that hackers would also need to have your phone or your fingerprint to break in. This is why it is called multi-factor authentication (MFA), when two or more of the types of Identity Claim Factors are used in combination.

Your security is our number one priority! In order to use our Digital Banking you must enroll. Enrollment requires that you establish a unique username and password, and provide an email and a phone number that we have on file.  You will need to have access to this phone number while signing in to receive a verification code. If you have a joint account you will only be able to establish one MFA number. Blackhawk employees do not have access to your password. If your password is entered incorrectly three times at the login page, your account will be frozen for your protection against hackers that might be trying to guess your answer. You can then contact the Credit Union at 800.779.5555 to be authenticated and unlocked. If you have simply forgotten your password, use the self-service, “Forgot” link to reset your access. 

When you login, your online banking username and password are transmitted via a secure session between your browser and our servers. Your information is encrypted or 'scrambled' and then sent to our online banking servers where it is decrypted using a unique and temporary key. Please see the "Encryption" tab above for more information.

The first time you access your accounts, you will be prompted for your MFA code. Once you are authenticated, you can bypass this on future logins using the same device and browser by selecting, “Don’t ask for codes again while using this browser.” However, do not use this feature on a shared or public computer. You may be asked to renter your password or MFA code when you log into digital banking from a new device, you complete a transaction outside the norm, or you exceed a certain dollar amount. Multi-factor authentication protects you and your financial assets!


We require the use of a secure browser to access your account online. Your browser must be equipped with SSL (Secure Socket Layer) with a 128-bit or higher encryption algorithm to communicate with our servers. SSL protects against eavesdropping and data tampering during transmission. To check the security status of a web page, look at URL in your browser window. You will see an "s" added to the familiar "http." This indicates that SSL is in effect for the current page.

There are trillions of possible key combinations and each time you connect to online banking, a new key is utilized.

The access to eStatements, or "eDocuments" as it is called on the menu, from online & mobile banking is secure. Not only is your account number masked (does not show full account number), but the query encrypts account information with the Advanced Encryption Standard (AES). This is the same standard that the Federal Reserve uses to transfer funds between member banks. eStatements are encrypted in transit and at rest, and are never stored as plaintext files on the server. Please note that Blackhawk never transmits your information without being encrypted beforehand.

Session Cookies

Our servers require session cookie technology to ensure account confidentiality and security. A session cookie is a single use security object that permits you to browse within password-protected areas of our web site. The session cookie is only valid during your current login session and is automatically discarded after periods of inactivity or a log off. Please note that we never use cookies to capture any personal information about you.


We use several layers of malware and virus detection software to protect our environment. Our antivirus software scans our computers to detect and react to any virus activity that may be introduced. Our email servers also provide the same protection, scanning each incoming document for malicious code.

Network Security & Monitoring

In addition to encryption, we add a few extra layers of security. We utilize firewalls, routers, intrusion prevention systems, demilitarized zones and active monitoring of suspicious activity against our servers. All network activity accessing our business-critical systems is logged, monitored and reviewed on a continual basis.