Online & Mobile Banking Security

Privacy policy for Blackhawk Community Credit Union

Online Banking Security

Online banking allows you to easily manage your accounts from virtually anywhere. Even though accessing your accounts is much easier, we want you to be aware of security measures we take to protect you and your finances. 

Protecting You & Your Account

Your visit to our online banking site is safe and secure. We employ a "layered approach" of multiple barriers between your account information and the outside world rather than just a single level of security. We utilize measures such as multi-factor authentication, encryption, firewalls, intrusion prevention systems, and around-the-clock proactive monitoring, routers, demilitarized zones and antivirus protection. 

Check out the different tabs above to read more about factors used to protect you and your account!

Multi-Factor Authentication

Multi-Factor Authentication is a system used to further identify online banking users beyond the username and password. In order to use our online banking service, you must have an online banking username and password. Blackhawk employees do not have access to your password. If your password is entered incorrectly, three times at the login page, your account will be frozen. You will then need to contact the Credit Union at 800.779.5555 to be authenticated and unlocked. If you have simply forgotten your password, use the self-service, "Forgot Your Password" link to reset your access. 

When enrolling to use the online banking product, you will be prompted to choose a username, password, and watermark image. A watermark image is a user-selected image that is used as an anti-phishing device and assures the user that they have logged into the legitimate online banking site.

When you login, your online banking username and password are transmitted via a secure session between your browser and our servers. Your information is 'scrambled' and then sent to our online banking servers where it is 'descrambled' using a unique and temporary key. Please see the "Encryption" tab above for more information.

One of the first times you access your accounts, you will be asked to choose and answer three personal verification questions. During future online sessions, we will ask you some of these questions if we feel there is a possibility that someone other than you is attempting to access your information. You may be asked questions when you log into online banking from an unusual location, you complete a transaction outside the norm, or you exceed a certain dollar amount. 

You will be allowed three attempts at answering the challenge questions before you are blocked from the computer or phone on which you failed the question. You will then need to contact us at 800.779.5555.


We require the use of a secure browser to access your account online. Your browser must be equipped with SSL (Secure Socket Layer) with a 128-bit or higher encryption algorithm to communicate with our servers. SSL protects against eavesdropping and data tampering during transmission. To check the security status of a web page, look at URL in your browser window. You will see an "s" added to the familiar "http." This indicates that SSL is in effect for the current page.

There are trillions of possible key combinations and each time you connect to online banking, a new key is utilized.

The access to eStatements, or "eDocs" as it is called on the online banking menu, from online banking is secure. Not only is your account number masked (does not show full account number), but the query encrypts account information with the Advanced Encryption Standard (AES). This is the same standard that the Federal Reserve uses to transfer funds between member banks. eStatements are encrypted in transit and at rest, and are never stored as plaintext files on the server. Please note that Blackhawk never transmits your information without being encrypted beforehand.

Session Cookies

Our servers require session cookie technology to ensure account confidentiality and security. A session cookie is a single use security object that permits you to browse within password-protected areas of our web site. The session cookie is only valid during your current login session and is automatically discarded after periods of inactivity or a log off. Please note that we never use cookies to capture any personal information about you.


We use several layers of malware and virus detection software to protect our environment. Our antivirus software scans our computers to detect and react to any virus activity that may be introduced. Our email servers also provide the same protection, scanning each incoming document for malicious code.

Network Security & Monitoring

In addition to encryption, we add a few extra layers of security. We utilize firewalls, routers, intrusion prevention systems, demilitarized zones and active monitoring of suspicious activity against our servers. All network activity accessing our business-critical systems is logged, monitored and reviewed on a continual basis.