Skip to main content

Online security

Your online security is important to us, and we work hard to make sure your money and personal information is kept safe.

How we protect you

Keeping your account and personal information safe is our top priority. At Heartland Bank we use the latest detection and prevention tools and HTTPS encryption to ensure that any sensitive communications or transaction data sent between your browser and our systems is safe and secure.

We will never ask you to disclose your user ID or password over phone, email or in person, nor will we send you email messages with a link to online banking.

How secure is the Heartland Mobile App?

  • Our mobile app is the most secure way to interact with Heartland.
  • Sensitive data travelling between your device and our systems is securely encrypted.
  • If the app is left running without any activity it will automatically require you to log in again.
  • We conduct ongoing security reviews of our app and supporting infrastructure to ensure that potential vulnerabilities are identified and addressed.
  • Additional security assessments are carried out by third party security specialists.

How to protect yourself

Always act with caution before investing your money. Scammers are sophisticated in developing false websites, email addresses and phone numbers to impersonate banks and investment advisers, offering fake investments, bonds, and term deposits.

  • If you are unsure if you are on the Heartland Bank website enter https://www.heartland.co.nz directly into your browser address bar.
  • You can use the Financial Service Providers Register (search online for FPSR) to confirm you are dealing with a legitimate service provider.
  • Before you transfer any money, make sure the account number matches the organisation you are intending to send the money to. Heartland Bank accounts always start with 03.
  • Do not reply to unsolicited emails or phone calls offering you investment advice or services.
  • Do not provide any personal information on investment comparison websites. These can be used by scammers to harvest your information and target you with realistic sounding scams.
  • If a Heartland employee contacts you by phone to offer an investment product, such as a term deposit, we will follow this up with an email from an address ending in “@heartland.co.nz” confirming the details of your conversation.
  • Avoid using devices which have been jail broken or contains malware, root kits, or spyware that can compromise passwords, PIN codes, or other personal data.

If you receive an email from an address which doesn’t end in @heartland.co.nz then it is not from Heartland Bank. If the email includes a link, hover over the link to check the URL.

  • We will never send you an email with a link to our online banking platform.

If you receive a phone call or email requesting your password or Heartland Mobile App PIN, do not disclose your information. Record the details of your phone call and report the incident to the Heartland Bank security team.

  • Never disclose your password to anyone, even if they say they’re calling from Heartland Bank.
  • We will never ask you for your online banking password, or to read out a security code that we send you.

If you think someone else may know your password, or Heartland Mobile App PIN, we recommend that you change it immediately using the Heartland Mobile App or the Heartland Digital website.

If you receive an unexpected security code from Heartland Bank, either by email or text message, you should immediately secure your account and report the incident to the Heartland Bank security team.

Only install apps from the official app store specific to your mobile device manufacturer.

Use the secure message function in the Heartland Mobile App and Heartland Bank websites.

To ensure your devices support encryption, compatibility, and increased security, keep your browser up to date with the latest software version.

Be careful what you share on social media.  Scammers use this information, including what they see in your pictures, to help them compromise your accounts, commit identity theft, and online fraud.

It’s easy to change your password at any time online using the My Settings option within the mobile app.

Consider using a password manager to help remember all your passwords, some offer additional features such as checking for data breaches. 

Visit https://www.cert.govt.nz for more information on choosing a password manager.

It’s important to have these on both your computer and mobile phone and check regularly for updates. Regularly scanning your devises for threats, including potentially unwanted programs and spyware, helps to increase the chances of detecting online threats.

Setup multi factor authentication to protect your email account, and online banking. Choose a strong password that is easy to remember and different to any other passwords you use across the internet. Avoid passwords that can be easy to guess, such as your street name or number or date of birth. Never reuse your online banking password for anything else, including for other banks.

We recommend creating a long pass phrase of at least 20 letters that is easy to remember and includes punctuation.

Always click the log-out button especially if you use the Heartland Digital website at work or from a shared or public computer.
Contact us if the device you use to receive the passcode for access to your online banking is lost or stolen, or if you suspect any unauthorised use.
Visit https://ownyouronline.govt.nz for more information about how to protect yourself online.

Types of online threats

These are typically emails you receive from a person or company trying to obtain your personal information such as your online banking username, password, account number or credit card details. These emails will direct you to a false website (that will look similar to the actual website) and ask you to enter your personal details.

These emails could also infect your computer with malware or viruses that may be used to capture your personal information without your knowledge.

If you weren’t expecting to receive an email from us, or have concerns around its authenticity, make sure you don’t respond or click on any of the links.

This software secretly collects your personal information by recording your keystrokes, which are then sent to malicious actors and criminals over the internet. You can sometimes unknowingly download spyware while accessing a file sharing site, opening an email attachment, downloading cracked or free applications, or by simply clicking on a link in an email.

To protect yourself from spyware, make sure your anti-virus software is up to date and that your browser and system software is up to date.
If you think you’ve been compromised, you can request a hold be put on your bank accounts until you have secured your logins and devices. You may choose to seek professional assistance or prefer to update your anti-virus software, scan your devices, update all your passwords and implement multi factor authentication on accounts that support it.

If you want to know more, see our Online Services Terms of Use.

Report a security issue

If you suspect you have been targeted by an investment scam please contact the Heartland Bank security team immediately. If you detect any suspicious online behaviour regarding any Heartland Bank products, please contact us and provide the details so we can investigate the issue further.

Suspicious email, SMS message or phone call

If you receive a scam email, text message or phone call, send us the details using our secure message function through the Heartland Mobile App, or online through Heartland Digital.

You can also email us at [email protected]

Urgent assistance If you detect any suspicious activity and suspect you may have been targeted by an investment scam involving Heartland Bank, please contact the Heartland Bank security team by phone immediately on 0800 85 20 20 or +64 9 927 9641.

Once you have reported the scam to us, report your case to the Police.

You can also report a scam at https://www.cert.govt.nz and to the Financial Markets Authority by emailing [email protected].

For more information, visit their website https://fma.govt.nz/scams/report-a-scam/.

Back to top TOP