The app upgrade originally scheduled for July 17, 2024 to version 19.0.0 has been postponed until further notice. We apologize for the inconvenience.

CAFT Safety

Stay Protected from CAFT Cyber Attacks

With the increase of sophisticated phishing scams within the financial industry, it is important that all members are cyber aware of threats and the actions these bad actors use to gain access to your critical information using the CAFT payment system.

What is CAFT?

Customer Automated Funds Transfer (CAFT) is a web-based
solution that allows a business to manage payments. CAFT
is compatible with most accounting software and provides
the option to enter data manually online. 

With CAFT businesses can: 
  • Initiate direct deposits, such as payroll or accounts payable

  • Collect payments such as loans, accounts receivable, strata/condo fees, donations, and club fees/dues         


What do I need to know?

CAFT is a web-based application, therefore accounts could be exposed to cyber fraud if the business or employee's computer system becomes compromised. 

If you notice unusual activity: 
  • Check the CAFT Activity Log and History File information. 

  • Contact Access Credit Union.

  • Change your CAFT password immediately.

  • If you have been compromised, follow the security

    procedures of your company.        


As a CAFT user, you are responsible for:

  1. Protecting your passwords and User IDs.
  2. Managing your CAFT transactions.
  3. Verifying file totals prior to file processing.
  4. Releasing files in a timely manner.
  5. Reviewing CAFT email notifications upon receipt.
  6. Reviewing your Activity Log.
  1. Reviewing your History File.
  2. Verifying all NAFT reports.
  3. Verifying account settlement to the settlement register (AFTR0010).
  4. Contacting us about any changes to Originator information.
  5. Immediately notifying us of any unusual activity.

What can I do to protect myself?

Users can prevent transaction processing due to key error, theft or fraud by:

  1. Enhancing cyber security practices:
    • Limit administrative rights on users' workstations to help prevent the inadvertent downloading of malware or other viruses.
    • Ensure virus protection and security software and the operating systems/applications on your computer are updated regularly.
  2. Implementing internal controls (segregation of duties, dual authorization, setting CAFT limits).
  3. Reviewing transaction files for accuracy.
  4. Reviewing CAFT email notifications.
  5. Reconciling banking transactions daily.
  6. Talking to an insurance provider about Social Engineering coverage.
TIP: Familiarize yourself with your account agreement and your business's liability coverage for fraud.

Best Practices

CAFT Controls

Get familiar with the CAFT controls available to you and what you are responsible for: segregation of duties, dual authorization, and setting CAFT limits.

Work with us to understand the CAFT controls that are in place to reduce the risk of fraudulent activity. These CAFT controls are critical in helping protect you.

Bad actors and fraud are now the norm and these controls are in place to help mitigate fraud attempts.

Use the right website

Always use the login page on your browser to login to an account or online service – never use links in an email. Ensure you are accessing the legitimate CAFT Payment Services website.

Please do this by typing in the legitimate CAFT site directly:

TIP: Save this site as a bookmark in your web browser.

Keep your information safe

Create strong passwords and never share your User ID or password.

Do not communicate or keep a copy of your usernames and/or passwords for any of your financial services ( or other secure logins) in your email account.

A common way of gaining illegitimate access to a secured account is through the discovery of sensitive information within a compromised email account. 

TIP: Enable multi-factor authentication (MFA) on your email account, if available, for an added layer of security – for example, so you are prompted to enter a security code sent to your phone whenever you attempt to login to your email from a new device. If your current email provider does not offer MFA, switch to a more secure provider that offers these tools such as Gmail, Hotmail, Yahoo, Outlook, or

Don't click links

Never click on links or attachments from an unexpected email, even if it looks like it is from a person or organization you know. In this case, never click on a link to CAFT sent via an unexpected email, text message, or from a search engine advertisement. These links may take you to fraudulent sites.

TIP: CAFT system emails don’t have links! There may be a text file attached if you have processed a transaction recently. These attachments end in .txt.

Cyber security is everyone’s responsibility!

Remember the following to keep your information safe:

  1. Create a difficult to guess password using a combination of letters and numbers and never share your User ID or passwords.

  2. Logout of any secure accounts, such as online banking, when finished. DO not just close the browser window.

  3. Lock or logout of your computer when unattended.

  4. Never access your Access Credit Union accounts or services using open/free WiFi (e.g. coffee shops, public libraries, hotels, etc.). If you must access these services in a public location, opt to use data instead.

  5. Be mindful of phishing scams: never open an attachment or links from unexpected emails, even if they look legitimate.

TIP: Even if an email appears to be coming from a legitimate sender, if it involves making changes to login or banking information, verify the legitimacy with the sender via another communication method (e.g. phone call).

Contact Us

Access Credit Union
can support you in understanding the CAFT controls you have in place. These controls are critical in helping protect you, and your information.

Contact us to learn more.

Please note, there is no indication that the CAFT system is not secure. Rather these fraud attempts are as a result of the compromised user access IDs and emails.
This website uses cookies to improve your user experience. By continuing to browse the site you are agreeing to our use of cookies.