How RBC Keeps You Safe from Fraud

Banking Safely and Securely with RBC

Safeguarding the security of our systems and the confidentiality of our clients’ information is always a top priority. To ensure our clients have a safe and secure online banking experience, we encourage you to enable the following security features on all your online accounts:

Two- or multi-factor authentication (when possible)

Enabling two- or multi-factor authentication adds an extra layer of security because you verify your identity in two or more ways: a strong password and either a numeric code or some sort of biometric like a fingerprint.

Auto-deposit for e-transfers

With Interac e-Transfer Auto-deposit, there’s no need to log into your Online Banking or answer a security question to receive an e-Transfer. Once you register your e-mail or mobile phone number, anytime someone sends you money, the funds will be automatically deposited into the specified account. This service eliminates the need for a security question and answer in every transaction lessening the risk that someone unintended could intercept the funds.

What You Can Do

Clients also play an important role in protecting and safeguarding their systems and accounts. We regularly educate our clients about best practices like installing software updates, protecting your passwords and email accounts and being aware of phishing scams.

Use strong security questions

If you choose not to enable auto-deposit, when sending money through Interac e-Transfer, ensure that your security questions are difficult to guess and avoid answers that can easily be found online or through your social media pages, like your pet's name, or your favourite vacation destination. Never send the answer to the security question in the message you add to the transfer.
Use a secure internet connection

Steer clear of public Wi-Fi, especially if you’re logging into any accounts with private or sensitive information, like your bank account.
Use strong, complex passwords

A strong password is critical to protecting your online accounts. Passwords are often the first defence against cyber criminals. They protect personal information, like your bank accounts, health data, or private documents from falling into the wrong hands.

Learn more ways you can become your best defence against cyber criminals.

Communicating with Us Safely

If you are an RBC client and looking for information or assistance, please call 1-800-769-2511. For more contact options and information, visit our contact page.

Received a Secure Email from RBC? Please see Secure Email at RBC for FAQs, Support and what to expect.

Regular, unencrypted email is not secure. You should never include personal or confidential information in a regular email. To discuss your personal information with us safely, send us a message via the RBC Royal Bank Online Banking message centre or one of our other secure message centres, or call us at 1-800-769-2511, or visit a branch.

RBC will never ask you to provide, confirm or verify personal, login or account information through regular email, text message, or phone calls, or ask you to sign in to any online service. If you receive an email that appears to be from RBC asking you to do any of these things, please forward it to phishing@rbc.com and then delete it.

For more information, please visit Email Scams.

Protocols for Secure Communications

Email Encryption Changes: Effective January 2021

Safeguarding the confidentiality of our clients’ information and maintaining the security of RBC’s systems is a top priority for our organization. We are communicating the following update to our security protocols for our valued RBC clients, vendors and business partners.

To continue to provide best-in-class encryption to clients, RBC has updated our corporate email infrastructure to Transport Layer Security (TLS) version 1.2. TLS versions 1.0 and 1.1 will only be supported until January 2021.

Maintaining the security and privacy of our clients’ data is fundamentally important to RBC, and this update will make our communications more secure. We’re committed to communicating all relevant changes that may impact email communications.

Please consult your email service provider if you are unsure about the potential impact to your business communications with RBC.

For technical email service providers:

For those domains that currently send email to RBC using TLS 1.2, there will be no impact or change. TLS 1.0 or 1.1 will no longer be supported.

Support:

If you have any questions relating to RBC specifically, please review our TLS v1.2 FAQ.

Secure Email

RBC is now using Secure Email provided by Cisco. This Secure Email service allows RBC clients and others outside of RBC to safely receive (and reply to) encrypted email messages, including attachments, from an RBC employee.

Learn more about Secure Email

External Email Header

External Email Indicator

RBC places an automatic “header” on all incoming emails to flag the messages as external to RBC. This allows RBC employees to easily determine whether an email comes from outside of RBC.

Q1. An RBC employee responded to one of my emails. I can see that my original email was flagged as “External”. What does that mean?

RBC automatically adds a visible header to all emails that come from outside of the RBC network to identify the message as an “external” communication. This is a security message required by RBC to ensure our employees are aware the email comes from outside RBC. It is applied to every email sent by external parties to our employees.

Q2. Why does RBC mark my emails as “external”?

Like many other companies, RBC adds a short header on all emails that originate from outside of our network. This helps our employees to identify external (vs internal) emails.

Q3. I tried to click on the hyperlink, but it doesn’t work.

The link within the header is an internal link and is available only to RBC employees. External parties will not be able to access the link and will receive an error message.

Q4. I am a registered supplier/vendor to RBC who needs to send emails to your employees.

Please speak to your vendor manager for details on how to communicate with RBC employees through our various internal communication channels. To contact RBC Procurement, please visit: https://www.rbc.com/sourcing/.

Responsible Disclosures

RBC recognizes that fostering a close relationship with the community will help improve our security and we appreciate the contribution researchers and experts make to our security efforts. That’s why we encourage you to contact us directly to report potential vulnerabilities identified in any product or system belonging to RBC and its affiliates.

Learn more about Responsible Disclosures

Cyber Security Strategy

Our RBC security strategy supports our strategic direction and is designed to safeguard our clients’ data.

Across the globe, the volume and sophistication of cyber attacks continue to increase and could result in business interruptions, service disruptions, theft of intellectual property and confidential information, litigation and reputational damage. We continue to enhance our security capabilities, educate our clients and workforce, and deepen our relationships with governments, law enforcement and academia to ensure our cyber defences remain effective in thwarting the threats that are targeting the financial sector.

We continue to be vigilant and invest in cyber security due to several factors, including an increase in the sophistication of external attacks, the adoption of new technologies (machine learning, cloud, etc.), a growing complexity in third-party ecosystem management and increasing regulatory pressure around the globe. We continue to develop our cyber defense capabilities in an effort to support our business models, protect RBC and our clients, and enhance the client experience globally. We achieve this through continued investment in cyber technologies, driving the education and awareness of our clients and workforce, and leveraging emerging technologies.

Need to Report Online Fraud?

Call Us

If you believe your confidential information may have been stolen or obtained by a fraudulent party either online, by telephone or through any other means, call us immediately.

Learn more

Report ID Fraud

If you think you are a victim of identity fraud and you are an RBC client

Learn more

Email/Website Fraud

If you have received a suspicious email or accessed a fraudulent RBC website

Learn more

For a definition of an unauthorized transaction and for full details regarding the protections and limitations of the RBC Digital Banking Security Guarantee, please see your Electronic Access Agreement for personal banking clients, and the Client Card Agreement and the Master Client Agreement for business clients. This guarantee is given by Royal Bank of Canada in connection with its Online and Mobile Banking services. Cardholders are not liable for losses resulting from circumstances beyond their control provided they have taken reasonable precautions to protect their Client Card and PIN (if applicable) as set out in the Client Card Agreement. Formerly known as the RBC Online Banking Security Guarantee.

RBC Mobile is operated by Royal Bank of Canada, RBC Direct Investing Inc. and RBC Dominion Securities Inc. RBC Online Banking is operated by Royal Bank of Canada.

How RBC Keeps You Safe

Our Guarantee to You

Banking Safely and Securely with RBC

Communicating with Us Safely

Protocols for Secure Communications

Email Encryption Changes: Effective January 2021

For technical email service providers:

Support:

Secure Email

External Email Header

External Email Indicator

Q1. An RBC employee responded to one of my emails. I can see that my original email was flagged as “External”. What does that mean?

Q2. Why does RBC mark my emails as “external”?

Q3. I tried to click on the hyperlink, but it doesn’t work.

Q4. I am a registered supplier/vendor to RBC who needs to send emails to your employees.

Responsible Disclosures

Cyber Security Strategy

Need to Report Online Fraud?