Your Security. Our Priority.

• A Few Words on Security
• 100% Online Banking Guarantee for Personal Banking Customers
• Security Considerations for Safe Online Banking, Investing, Credit Card and Insurance Services
• Beware of Software Downloads with Offers of "free services"
• How to Protect Yourself from "Phishing" and Email Scams
• Email Encryption
• How to Protect your Debit Card and PIN
• Chip Technology
• Extended Validation (EV) SSL Certificate

A Few Words on Security

We work hard to protect your confidential information and privacy when dealing with us online. A secure login process and strong encryption are only the first steps in helping to prevent others from accessing your account information online.

When you connect to the Internet, the Internet also connects back to you. Even before you connect to the Bank's web site, someone out there could potentially get access to your computer. Also, as you surf the Internet, there is a trail of information left behind.

The Canadian Banking Association and American Banking Association offers monthly fraud prevention tips via e-mail. Find out what you can do to protect yourself by signing up today to receive their tip of the month.

Back to top

100% Online Banking Guarantee for Personal Banking Customers

Our promise: We will reimburse you 100% for any losses to your Personal Banking accounts resulting from unauthorized transactions through Online Banking.

To ensure reimbursement under this guarantee, there are a few steps you'll need to take to protect your debit card and your online banking password as outlined in our Bank of Montreal FirstBanking Automated Services Agreement.

These steps include:

• Keeping your password confidential
• Not storing your password with your debit card number
• Advising us within 24 hours of learning that your debit card was lost or stolen; or that the confidentiality of your password was compromised

You may not be reimbursed if you did not comply with the steps listed above or if you knowingly disclosed your password or debit card and it resulted in losses.

For more information on how BMO protects you when you bank online, please review How BMO Protects You. You can also learn more about how you can safeguard your computer.

Back to top

Security Considerations for Safe Online Banking, Investing, Credit Card and Insurance services

What We Do

Some of the security measures we have in place to help protect you when using our Online Banking, Investing, Credit Card and Insurance services include:

• Strong encryption technology to help ensure that data passing between your PC and our web server is secure, therefore you must have a browser that supports this level of encryption (in technical jargon: 128 bit encryption)
• Digital certificates issued by trusted third party companies to let you know that our site is secure and genuine
• Automatic log out after 10 minutes of inactivity
• Firewalls to protect your information with us

What We Don't Do

• We never send you messages asking you to provide us with personal or account information via email (see email scams and "phishing" for more information). Please keep in mind that email messages are not encrypted and therefore, subject to being intercepted and read by third parties.

What You Can Do

Here are some of the security measures you can take to protect your confidential information when you use the Internet:

1. For Online Banking, Online Investing, Credit Card and Insurance Security

Do The Following:

• Always verify the Bank's web site name in the "Address" (Internet Explorer) at the top of the browser, for example: www.bmo.com, www.bmoinvestorline.com, www.bmo.com/mastercard, www.harrisbank.com or www.bmolife.com
• If you use Interac®* Email Money Transfer, you will be asked to click on a link which will redirect you to a secure gateway. Please check the web site address or location (the URL)
• If you need to send us confidential or personal information, sign into your secure session and follow the instructions in the "Contact Us" link at the top of the page
• Keep your debit and credit cards and passwords/PINs (Personal Identification Numbers) safe. Do not divulge your passwords/PINs to anyone
• Change your passwords regularly following guidelines on how to choose a strong password
• Always log off to end your secure session. We will automatically log you out of a secure session left idle for more than 10 minutes
• Once logged off, delete all traces of your secure session from the memory of your computer. Learn more about how to clear your cache
• Make sure nobody watches you if you are using any of our secure services (e.g. Online Banking, Online Investing, BMO MasterCard(Credit Card) services or BMO Life services)

Avoid the following:

• Using software that "memorizes" passwords. Yes, we know, it"s convenient, however, somebody else might be able to use them too
• Leaving your computer with a secure session running. We will automatically log you out of a secure session left idle for more than 10 minutes. Any unfinished transactions will not go through
• Sending confidential or personal information through email, as it is NOT a secure method of contact
• Using a computer in a public place (for example in a library or an Internet café) to conduct financial transactions with us – protect your privacy and understand the risks of using someone else's PC for your secure sessions

2. For General Computer Security

Take these steps:

• Be sure to scan your PC frequently with an updated version of antivirus software. Nowadays, antivirus updates come out at least once a week
• Consider using a personal firewall. You can use either software-based or hardware-based firewalls. Learn more about personal firewalls
• In order that your home network remains private and secure, please ensure you have changed the default password associated with your router. Additionally, if you use a wireless router, please ensure you have enabled the appropriate encryption and security options. For assistance with these matters, please consult the documentation provided by your router's manufacturer, or visit the manufacturer"s website.
• Protect your computer, especially if you are using a cable modem or DSL connection by disabling file sharing in Windows products
• Update your PC's operating system and the browser with security patches on a regular basis. Check Microsoft's Windows O/S and Internet Explorer frequently for recently published security patches
• Back up your data regularly

Avoid the following:

• Sending any confidential information (including Social Insurance Number (SIN) for Canadian residents, Social Security Number (SSN) for U.S. residents, account numbers, passwords, PINs) via regular email. If you need to send us confidential or personal information, sign into your secure session and follow the instructions in the "Contact Us" link at the top of the page
• Accepting files or attachments when accessing websites, newsgroups or chat rooms, unless you are very sure of their authenticity

3. For General Financial Services Security

Do the following:

• Report stolen/lost cheques, credit and debit cards immediately
• Review your monthly financial statements and report any discrepancies and/or unusual account activity
• Sign your debit/credit card as soon as you receive it

Avoid the following:

• Sending us information regarding your account numbers, credit card numbers and/or PINs and passwords via email

Remember:

• Emails are not encrypted

Back to top

Beware of software downloads with offers of "free services"

Organizations that capture information about usage and buying behaviour patterns on the Internet are now emerging. Some of these organizations monitor individual Internet activity through software downloaded to your personal computer or on a public computer you use.

This includes everything you type on your computer: your card numbers, account numbers and passwords. It also includes the personal and confidential information on the secure pages that you browse and the personal and confidential information you provide when you use our otherwise secure online applications (e.g. loan applications, mortgage applications and online account opening applications).

You may have knowingly downloaded this software in exchange for free services, or you may be unaware that it is on your PC (for example, if you download several software programs bundled into the same download).

"Beware" of downloading software with offers of "free email virus protection" or a "no cost Internet accelerator" or other such enticements if you have to give up your privacy and the security of your online financial transactions. These offers can result in a third party company monitoring your Internet activity.

Understand the risks – don't compromise your privacy and online security

Some of these companies monitor all of your Internet behaviour, including your normal web browsing and the activity you may have through secure sessions, such as shopping or filling out an online application form that may contain your personal financial information.

When you access our secure online services (e.g. Online Banking, Online Investing or Online Credit Cards services) on PCs that have this monitoring software installed, your otherwise secure session information runs through third party computers and gives the third party access to your confidential information.

We do what we can to provide you with a safe and secure online environment. We also need you to take the appropriate measures to secure your personal computing environment. We strongly recommend that you avoid using computers with third party monitoring software installed when you conduct your online financial transactions with us to safeguard your privacy.

Removing Third Party Software from your computer

Removing such software from your PC can be difficult. We suggest that you install and run spyware detection software*. For more information on removing spyware from your PC, search the keyword "spyware removal" through any of the following:

• AllTheWeb
• AltaVista
• AOL Search
• Ask Jeeves
• Google
• HotBot
• Lycos
• LookSmart
• MSN
• Yahoo

"Marketscore" and "Netsetter" are two known examples of Internet usage monitoring programs. Although they may not strictly qualify as "spyware", we do not recommend that you use PCs to conduct financial transactions with us when "Marketscore" and/or "Netsetter" software is installed.

*Please note that removing third party software from your PC can be difficult. You may want to consult a trusted third party that specializes in computer maintenance and repair for assistance.

Back to top

How to Protect Yourself from "Phishing" and Email Scams

You may have experienced or read about recent incidents of unsolicited email messages masquerading as legitimate companies that trick recipients into divulging personal and financial information.

These "phishing" (also called "brand spoofing") emails send you to web sites pretending to be legitimate companies that ask for your personal and financial information.

At no time do members of BMO Financial Group request personal or financial information by sending out unsolicited emails. You should never send personal identification numbers or other personal confidential information by email as it is not a secure method of contact.

How The Scams Work

A common email scam uses unsolicited email to deceive consumers into disclosing confidential personal information. The deceptive email suggests clicking on a link or attachment for any one of the following reasons:

• Change / update to personal information
• Contests
• Possible suspension of client cards or accounts
• Application for products

After clicking on an attachment or link from the unsolicited email, the user is taken to a bogus site that requests confidential personal information, which could include:

• Bank Card Numbers/User ID's
• Account Numbers
• Personal Identification Numbers (PINs)
• Credit Card Numbers
• Social Insurance Number (SIN) for Canadian residents
• Social Security Number (SSN) for U.S. residents
• Other Personal or Private Information
• Passwords

How to Identify the Scam

There are some commonalities that can help you identify the scams:

• They are designed to mimic the look and feel of a genuine site
• They are most commonly sent out through unsolicited emails, containing links or attachments
• The Web address will often have the @ symbol or a numeric address (eg.123.456.1.2). The address may also include the word, phrase or text 'bmo' to make it appear authentic.

How To Help Protect Yourself

It is important to understand that there are ways in which you can help protect yourself from email fraud and web sites that request your personal or banking information:

• If you receive an email pretending to be from a member of BMO Financial Group that asks for personal or financial information, do not reply or click on the link in the email. To ensure that the email is legitimate, contact us immediately:

Table with telephone contact information for various BMO business lines

Line of business	phone number
BMO Bank of Montreal Online Banking:	1 888 725-9801
BMO InvestorLine:	1 888 776-6886
BMO Nesbitt Burns:	1 877 873-7664
BMO Mutual Funds:	1 800 665-7700
BMO Harris Private Banking:	1 800 844-6442
Harris Online:	1 888 340-2265
BMO MasterCard:	1 800 263-2263

• Always enter your BMO Financial Group web site using your bookmarks or any of our published URLs.
• Review your financial statements regularly for unauthorized or suspicious transactions.
• Never send personal and/or financial information via unsecured email.
• Do not trust email headers. They can be easily forged.

Back to top

Secure Email Encryption

BMO Financial Group never requests personal or financial information through unsolicited emails. For further assistance, contact your Customer Service Centre using published phone numbers (e.g, on the back of your credit/debit card or published on bmo.com or harrisbank.com).

BMO Financial Group is committed to providing you with a secure banking environment that protects your personal and financial information. Recently, we introduced an email function to scramble (i.e., encrypt) any personal, financial, or confidential information that we send you through email. Email encryption transmits and stores information in a format that is only accessible to parties with the correct password.

When you receive your first secure email from BMO Financial Group, you are asked to visit a website to register a username and password. This one-time registration process is simple and only takes a few minutes to complete. After registration, you can read and respond to any secure email. Any responses or new messages are also encrypted. You cannot register in advance at this site; you must wait until you receive your first secure email.

All secure emails from BMO Financial Group require you to login to the website before you can read it. You can also compose new secure email messages to other recipients at BMO Financial Group by visiting the website (https://secureportal.bmofg.com). There is no charge for this secure email service.

If you receive suspicious emails from BMO Financial Group, call the sender to confirm its authenticity. For more information about BMO Financial Group' s encrypted email service, visit our list of frequently asked questions.

Back to top

How to Protect your Debit Card and PIN

Canadians use debit cards millions of times a day at banking machines and point-of-sale terminals to access their accounts and make purchases.

About debit card usage:

• Debit card use is an extremely safe banking process - debit card fraud affects only a small percentage of accounts.
• BMO Financial Group has sophisticated security systems and fraud teams in place to protect your accounts.
• In the unlikely event that debit card fraud does occur, in circumstances beyond your control, your accounts will be reimbursed.

Taking steps to protect your debit card and PIN will help reduce your own risk of being a victim of fraud.

Here are some tips to help protect your debit card and PIN:

1. Change your PIN often to protect your financial information. You can now change the PIN on your BMO FirstBank Card and BMO MasterCard at any BMO ABM, 24 hours a day, 7 days a week.
2. Use your hand or body to shield your PIN when you are conducting transactions at an Automated Banking Machine (ABM) or at a point-of-sale terminal.
3. Never let your banking card out of your sight when conducting a transaction at a point-of-sale terminal. Always remember to take your banking card and transaction record with you once your transaction is completed.
4. Regularly check your statements and balances to verify all transactions have been properly documented. If entries do not accurately reflect transaction activities, for example, if there are missing or additional transactions, you should contact your BMO Bank of Montreal branch immediately.
5. If your banking card is lost, stolen or retained by an ABM, notify your BMO Bank of Montreal branch immediately.
6. Your banking card and PIN are the keys to your account(s). Never disclose your PIN to anyone … not even us. You are the only person who should know it.
7. Memorize your PIN - it's your electronic signature. If you suspect that someone knows your PIN, change it immediately or contact your BMO Bank of Montreal branch to cancel the card.
8. When selecting your PIN, never use obvious information - such as, your telephone number, date of birth, address or social insurance number for Canadian residents and social security number for U.S. residents.

For further information, you can also visit the following sites:

Canadian Bankers Association
Interac®* Association
American Bankers Association

Back to top

Extended Validation (EV) SSL Certificate

Over the next several months, BMO will be upgrading the security of our websites with extended validation (EV) SSL Certificates to further protect you from fraudulent activity. Customers using Internet Explorer 7 or Firefox 3.0.4 (or later versions) will notice the following:

• All or part of the URL address bar will turn green if you are on the legitimate BMO site, and will turn red and display a warning message if you are on a fraudulent site. (See Figure 1)
• A gold padlock icon (indicating that you are on a secure site) will appear in the top right corner of the URL address toolbar (for Internet Explorer 7), and in the bottom right corner (for Firefox). (See Figure 1)

If you do not see the updated green address bar, you can continue to be assured that your online session with us is just as secure as it has always been. If you are not using the browsers listed above, or the site has not been updated to EV, legitimate BMO websites will have the following:

• A URL that starts with "https"; the "s" indicating that the site is secure and legitimate. (See Figure 2)
• A small yellow or gold padlock displayed in the browser window somewhere, also indicating a secure site. The padlock can be double clicked to open a window outlining the certificate details for the site.
  (See Figure 2)

For more information about Extended Validation SSL Certificates, visit our list of frequently asked questions.

Back to top