four coloured squares rotating clockwise inside an orange circle

CAFT Best Practices

Enhancing Cyber Security

Customer Automated Funds Transfer, or CAFT, is a web-based platform compatible with most accounting software. It empowers businesses to manage payments efficiently, whether through direct deposits like payroll and accounts payable, or the collection of payments, including loans, accounts receivables, strata/condo fees, donations, and club fees/dues.

Key Points to Know: As CAFT operates in a web-based environment, it's important to be aware of potential cybersecurity risks, particularly if the computer system of your business or employees becomes compromised.

Here's what to do if you observe unusual activity:

  1. Check the CAFT Activity Log and History File information.
  2. Contact your financial institution for guidance.
  3. Change your CAFT password immediately.
  4. If you suspect a compromise, follow your company's security procedures.

For further information and support, please refer to:

Stay vigilant and follow these best practices to safeguard your CAFT transactions and protect your business from cyber threats.

As a CAFT user, you have a vital role in maintaining the security and integrity of your financial transactions. Ensure you:

  • Safeguard your passwords and User IDs.
  • Manage CAFT transactions diligently.
  • Verify file totals before processing.
  • Release files promptly.
  • Regularly review CAFT email notifications.
  • Monitor the Activity Log and History File.
  • Verify all NAFT reports.
  • Confirm account settlements with the settlement register (AFTR0010).
  • Keep your financial institution informed of any changes to Originator information.
  • Report any unusual activity to your financial institution immediately.
If you notice unusual activity:
  • Check the CAFT Activity Log and History File information.
  • Contact your financial institution.
  • Change your CAFT password.
  • If you have been compromised, follow the security procedures of your company.

You can take proactive steps to prevent transaction errors, theft, or fraud. Consider:

  • Learning about cyber security.
  • Implementing internal controls, such as segregation of duties, dual authorization, and setting CAFT limits.
  • Reviewing transaction files for accuracy.
  • Monitoring CAFT email notifications.
  • Reconciling your banking transactions daily.
  • Discussing Social Engineering coverage with your insurance provider.
Increasing cyber security practices and building fraud awareness are vital in protecting yourself.

Here are more recommendations to fortify your cyber security:

  • Create strong passwords and never share your User ID or password.
  • Use 2-factor authentication wherever possible.
  • Lock or log out of your computer when unattended.
  • Avoid accessing sensitive financial information using open/free Wi-Fi networks.
  • Refrain from clicking on links or attachments from unexpected emails.
  • Always use the login page directly on your browser to access your account or online service.
  • Limit administrative rights on users' workstations to prevent malware downloads.
  • Keep your computer's virus protection and security software up to date.
  • Familiarize yourself with your institution's account agreement and your business's liability coverage for fraud.

Understanding the New CAFT Login Authentication

Exciting news! CAFT has implemented Multifactor Authentication (MFA) for an added layer of security. The FAQs below are designed to help Originators/Users understand the changes to the login process, the importance of MFA, and step-by-step instructions on how to enable it. Stay informed and keep your CAFT account secure!

Multifactor Authentication (MFA) has been integrated into the CAFT platform to enhance cybersecurity and deter fraudulent access. Previously, users logged in by entering their user ID and password on the CAFT home page. Now, when you visit, you'll be directed to an MFA login process*. Once the MFA is confirmed, you'll proceed to the familiar CAFT login screen to enter your user ID and password as usual.

*To complete this, you'll need to install an authenticator app on your smartphone or tablet. For details on how to download and install an authenticator app, please refer to question 3.

Multifactor authentication (MFA) provides an extra layer of security for online accounts, requiring users to confirm their identity through two or more authentication steps. In the CAFT MFA process, users input a time-based, one-time password (TOTP) generated by an authentication app like Microsoft or Google Authenticator on their device.

MFA serves as a deterrent against unauthorized account access. While a fraudster may manage to obtain a user's login credentials through a remote data breach or phishing attack, gaining access to the user's device where the TOTP authentication code is generated becomes significantly more challenging.

These MFA applications, now implemented for CAFT, are sometimes referred to as two-step verification or 2FA because they involve two factors for verification: the password and the one-time code.

To set up multifactor authentication (MFA), begin by downloading an authentication app on your smartphone or tablet. An authentication app generates time-based, one-time passwords when you log into a registered application. These temporary codes add an extra layer of security, making it more challenging for unauthorized users to access your accounts, even if your password is compromised.

CAFT MFA is compatible with various authentication apps. We recommend using either Microsoft Authenticator or Google Authenticator, both of which are free, secure, and readily available on the Apple and Google app stores. If you've used one of these apps for another account, such as for work or banking, you can also use it for CAFT MFA.

Once you've installed an authenticator app on your device, you can register for CAFT MFA. The first time you access CAFT, you'll encounter a QR code. Open your authentication app, scan the QR code, and this will link your CAFT MFA account with the app. Going forward, you can retrieve the necessary code from the authenticator app each time you log into CAFT.

For a detailed walkthrough, including screenshots, refer to the CAFT MFA User Guide. If you experience issues or have questions, reach out to us at 1-866-825-3301.

If you're having trouble setting up CAFT MFA, please reach out to your CAFT support contact at Synergy Credit Union or call us at 1-866-825-3301 for assistance.

If you encounter difficulties, it could be due to issues like the camera being out of focus or too far away. To resolve this, try enlarging the QR code while keeping it within the designated square, and ensure the camera is steady for a few seconds during the scan.

If the QR code still won't cooperate, don't worry. You can use an alternative method by clicking the 'Trouble Scanning?' link below the QR code. This will provide you with an alphanumeric code that you can manually enter into the authenticator app instead of scanning the QR code."

The authenticator app creates a new code every 30 seconds. Make sure you enter the code before it refreshes. If there are only a few seconds left on the timer, wait for a new code and use that one. Also, if you have multiple accounts on your Authenticator app, be sure to choose the code linked to your CAFT account.

If you encounter the error message "Too many failed codes. Wait for minutes before retrying," it means you've attempted with the wrong or expired code too many times. Take a break for about 15 minutes before trying again.

If your MFA account gets locked, don't worry. Just reach to your CAFT support contact at Synergy Credit Union or call us at 1-866-825-3301, and we'll help you unlock your account.

When you set up your CAFT account on your authenticator app, you'll receive a unique recovery code. This code serves as a one-time-use lifeline, allowing you to log in if you can't access your authenticator app (for instance, if your phone is lost or out of battery).

Be sure to save a copy of this recovery code during the MFA registration and store it securely, preferably separate from your login details. It's crucial to note that each time you use a recovery code, the system will generate a new one. Make sure to make copies of these new codes and keep them safe for future use.

If you can't find your recovery code and need to log in without the device where you installed the authenticator app, reach out to your CAFT support contact at Synergy Credit Union or call us at 1-866-825-3301. We'll be able to help you get back into your account.

If you encounter an error stating your account is disabled when trying to log in, simply reach out to your CAFT support contact at Synergy Credit Union. Alternatively, you can call us at 1-866-825-3301 for assistance in resetting your account.

Enter your regular CAFT username and password, the same ones you used before MFA was implemented. Remember, you'll need to input your username and password twice: once at the start of the new MFA process, and again when you reach the main CAFT login screen.
If your password expires, don't worry! You can still enroll in MFA and update your password when you reach the CAFT login page. But, if you've forgotten your password, you can't reset it yourself. Reach out to your CAFT support contact at Synergy Credit Union or call us at 1-866-825-3301 and request a password reset.
Typically, you'll use your one-time MFA code for almost every login. However, if you log out and log back in within the same session—within 8 hours, using the same browser and device—you can skip the MFA step and directly access the regular CAFT login page.

When you're asked for the one-time code during CAFT MFA login, simply open the authentication app on your phone and enter the 6-digit code shown under your CAFT account.

While some users might be familiar with MFA systems that automatically send a code via SMS or phone call, CAFT MFA uses a secure authentication app. Make sure to get the code directly from the app when logging in.

Phishing involves fake emails that pretend to be from a trustworthy source, while spoofing creates counterfeit web pages to appear legitimate, both aimed at extracting sensitive information like user IDs and passwords.

If you receive an email claiming to be from Synergy Credit Union, double-check the email domain (after the @ symbol), which should be with no extra symbols. For added assurance, verify the domain against prior communications with us you know to be legitimate.

When logging into CAFT, if you're unsure about the webpage's authenticity, check the provided CAFT website link from your initial enrollment or any bookmarks. Verify the correct URL for CAFT: to ensure you're on the right page and guards against potential cyber threats.

If you don't have a smartphone or tablet, which is recommended for downloading the CAFT MFA authentication apps (as explained in the CAFT MFA User Guide and FAQ #3 'How do I enable MFA?'), there are a couple of alternatives.
  1. You can consider getting a budget-friendly smartphone or tablet.
  2. Alternatively, you can use the Authenticator Plugin, a third-party tool that works like the recommended authenticator apps. It installs directly into Google Chrome or Microsoft Edge browsers, providing the same functionalities without the need for a separate device.
Follow along with your CAFT MFA User Guide and the MFA login process should be quick and work without issue. However, to be on the safe side, you may wish to build in as much time as possible ahead of your first transaction after launch date in case an issue arises that needs to be worked through. For example, if you normally run your payroll transactions late afternoon on a Friday, you may wish to try and run the transaction earlier in the day, or at least attempt to successfully log onto CAFT ahead of time.

Additional Steps to Safeguard Your Accounts:

Multifactor Authentication (MFA) is a crucial cybersecurity tool we've implemented to protect your information and accounts. However, ensuring online safety is a shared responsibility. Follow these cybersafe practices:

  1. Verify URLs: Always use the correct URL for online banking and financial transactions.

  2. Secure Credentials: Never store usernames or passwords in your email account, as compromised email accounts can lead to unauthorized access.

  3. Email Security: Enable MFA for your email account to receive a security code on your phone when logging in from a new device.

  4. Beware of Emails: Exercise caution with unsolicited emails requesting login credentials; avoid clicking on unexpected login links.

  5. Verify Changes: Even if an email seems legitimate, confirm any login or banking changes through another communication method, such as a phone call.

  6. Logout Securely: Always log out of secure accounts on public/shared computers; avoid using public Wi-Fi for sensitive activities.

Remember, these practices contribute to overall cybersecurity, ensuring a safer online experience for everyone.

There are also many good resources on individual and business cybersecurity online. A good one to check out is

Transform the way you manage payroll and payables.

Say goodbye to tedious compliance tasks and hello to a seamless payment processing platform. With Customer Automated Funds Transfer (CAFT), you can easily move money between Canadian financial institutions, make direct deposit payments for payroll, and pay your payables and collect receivables hassle-free. Focus on what matters most - building your business and supporting your team - while CAFT takes care of the rest.
Synergy Credit Union uses cookies to improve your experience on our website. By continuing to browse the site you are agreeing to our use of cookies. You can find more information on our use of cookies here