Save. Spend. Live. The Gulf Winds Blog
Internet Cookies and Online Banking

Internet Cookies and Online Banking

There has been a lot of talk around the credit union about cookies – and not the chocolatey chip kind. The talk we hear is about internet cookies, and the conversation usually starts with a member asking for help with a step in their Online Banking experience that they never had to worry about before. But, with increased security features comes an increase in the need for our members too….


Gulf Winds Online and Mobile Banking checks for a “cookie” each time a member logs in.

If a member successfully logged in from that device in the past, and the member chose to “register” that specific device for logins, then the member continues without a hitch to their account homepage. If there is no cookie – if the member did not choose for the device to be remembered upon next login – then the member is prompted to go through the Secure Access Code process upon each login.

For some, this extra step causes some to groan and roll their eyes as it takes a little longer to log in as they wait for the code to come through via phone call, text or email and then put the code in. However, we want everyone to know that this “inconvenience” is a necessary extra step toward protecting each and every member’s financial well-being.

Millions of dollars are lost every year in the U.S. due to “account takeover” fraud. Most of this fraud happens when a hacker stumbles upon a username and guesses a password (another reason to choose a secure password). Once in a member’s online banking account, a hacker can access personal info – and in some cases just cash out right there by sending themselves money via transfer or Bill Pay.


Complex passwords are the first line of defense against this takeover.

Cookies are the second line of defense and provide an extra layer of protection for members who may not use more difficult-to-guess passwords.

By looking for a cookie, Gulf Winds Online Banking Service is verifying that a login attempt is from a known and registered device. If the device was not previously registered to be “remembered,” then to complete a login the user has to “prove” that they are a member by accessing a code that is delivered via a phone call, email or text message. This line of security is invaluable in protecting you, the member, and your credit union.

Having trouble getting your computer or other device to “remember” your Online Banking sessions? To avoid putting in a Secure Access Code over-and-over again from trusted computers, two things must happen:

  1. First, the device or browser must allow cookies. Chances are that your browser is currently set to reject all cookies, and that means you would always have to put in a Secure Access Code. You can easily check the browser settings to “allow cookies.”
  2. Second, the device must keep the cookie. Certain anti-virus or PC cleaning programs will run regularly and delete all cookies from your computer. Within these types of anti-virus or cleaning programs there is always an option to protect certain “trusted cookies” so that they are not deleted. The cookie you want to protect is from


So, now that you’ve figured out what all this cookie business is about, you have two options: log in to online banking and check it out, or if this blog has made you a little bit hungry, go up to the store and get your favorite cookies.










Photo Credit: dohtar on


Share on