We guarantee a 100% reimbursement for any unauthorized transactions conducted in your BMO InvestorLine account that result in a direct loss.

To ensure reimbursement under this guarantee, take the following steps:

• Sign out and close your Internet browser at the end of each online investing session;
• Keep your password confidential;
• Review your online account activity, statements and trade confirmations; and
• Call us at 1 888 776-6886 within 5 days if you suspect your password or BMO InvestorLine account has been compromised (e.g.: unauthorized transactions, suspicious activity, virus or spyware infection).

View the full details of the Online Security Guarantee

BMO InvestorLine will never contact you to ask for your User ID, Password, PIN, SIN or other sensitive information.

• If you're unsure a call is genuinely from BMO InvestorLine, visit your branch or call us at the telephone number listed on the back of your debit card.
• Safeguard yourself from Internet security problems by being cautious when offering websites your personal information.
• Are you a commercial bank customer? BMO InvestorLine strongly recommends that you perform periodic risk assessment and controls evaluation.

To help protect your financial and personal information, we've implemented an additional method of security. When we need to verify your identity, you'll be prompted to request a verification code to sign in. For more information, see two-step verification for BMO InvestorLine or two-step verification for adviceDirect.

Don't have access to a phone? Challenge questions may come in handy as an alternate to verifying your identity. Instead of requesting a verification code, you can answer a previously set challenge question.

For details on how to enroll in two-step verification or set up challenge questions, log in to your account. Go to Two step-verification under Security Settings and click Edit.

For added security you can create a unique Trading password that is different from your Account password.

Session time-out is a security feature designed to help prevent an unauthorized user from accessing your accounts while you're away from your computer. You will automatically be signed out if your account is inactive for 15 minutes.

 We recommend that you:

• change your passwords periodically;
• safeguard your account numbers and passwords; and
• avoid sharing this information with anyone.

What else can I do now?

We encourage you to regularly visit our Security Centre (bmo.com/security) for tips on how to safeguard your information and recommend you:

• Regularly change your passwords
• Install the IBM Trusteer Rapport software
• Monitor your accounts for unauthorized transactions and call us to report any concerns

Two-step verification is a security measure that confirms your identity by sending a verification code to your phone when your device is unrecognized. By enrolling in two-step verification, you are taking a step to prevent fraudulent attacks.

When you don't have access to a phone you can answer a challenge question instead to confirm your identity. For details on how to enroll in two-step verification or set up challenge questions, log in to your account. Go to Two-step verification under Security Settings and click Edit.

Cookies are a commonly used web technology and many browsers default to automatically accept them. They're designed to give a website owner information on how someone is using their website including what pages, links, buttons and other areas the user is visiting.

BMO InvestorLine uses cookies in a number of locations such as, allowing you to save your search results when using our stock screening tools. Pixel tags (also known as clear gifs) and cookies may also be used in promotional email messages and online advertising. These tools allow us to measure the effectiveness of our advertising and promotional campaigns.

You can set your Internet browser to notify you before a cookie is set, which gives you the choice of whether you'd like to accept it. Refer to your browser's online help for information on disabling and setting cookie preferences.

Avoid sending personal identification numbers or other personal confidential information by regular email, as it is not a secure method of contact.

No legitimate company will ever ask you to supply sensitive information via email. Nor will they send you an unsolicited email asking you to login through a link or attachment.

Phishing is an attempt by someone to obtain your confidential information through email by impersonating a group or individual you normally trust.

A Phishing email can:

• Mimic the look and feel of a genuine company.
• Contain poorly written English or gibberish text.
• Be sent through unsolicited emails, containing links or attachments.
• Include a web address with the @ symbol or a numeric address (e.g., 123.456.1.2) that points to a site that is not related to bmo.com.
• Include a "reply-to" field with a different address than the "from" field.

1. You receive an unsolicited email that includes one of the following subject lines:
• You're required to update your personal information
• You won a contest!
• ACTION REQUIRED: Your card or account is suspended
• Good news: Your product application is approved. Your account has expired.
2. You're then asked to open an attachment/link, or to reply to an email address.
3. If you click the link/attachment, you're taken to a malicious site that requests your personal information (e.g., Bank Card Numbers/User ID, Account Numbers, PINs, Credit Card Numbers, Social Insurance Numbers, and/or Passwords).

Watch our presentation "Don't Take the Bait" to protect yourself from this type of fraud.