Security Statement
Ensuring you have a secure online banking experience is our number
one priority. This level of security is achieved by:
-
Protecting the privacy and the confidentiality of the communications
between your browser and our servers.
-
Verifying that only authorized persons are allowed to access
online banking.
-
Maintaining isolation of our computers from the Internet.
Privacy
The privacy of the communications between you (your browser) and
our servers is ensured using cryptography. Cryptography scrambles
messages exchanged between your browser and our online banking server.
Encryption happens as follows: When you go to the sign-on page for
online banking, your browser establishes a secure session with our
server. The secure session is established using a protocol called
Secure Sockets Layer (SSL) Encryption. This protocol requires the
exchange of what are called public and private keys. Keys are random
numbers chosen for that session and are only known between your
browser and our server. After the keys are exchanged, your browser
will use the numbers to scramble (encrypt) the messages sent between
your browser and our server. Both sides require the keys because
they need to de-scramble (decrypt) the messages when they are received.
The SSL protocol, not only ensures privacy, but also ensures that
no other browser can "impersonate" your browser, nor alter
any of the information sent. You can tell whether your browser is
in secure mode by looking for the secured lock symbol at the bottom
of your browser window.
The numbers used as encryption keys are analogous to combination
locks. The strength of encryption is based on the number of possible
combinations that a lock can have.
As the number of possible combinations grows, it becomes less likely
that anyone would be able to guess the combination in order to decrypt
the message. Today's browsers offer 40-bit encryption or 128-bit
encryption. Both result in a large number of possible combinations,
240 and 2128, respectively. Our servers require 128-bit capable
browsers.
Authorization
It is also important to verify that only authorized persons log
into online banking. This is achieved by verifying your password.
When you submit your password, it is compared with the password
we have stored in our secure data center. We allow you to enter
your password incorrectly five (5) times. If you enter your password
incorrectly five times, your online banking account will be locked
until you call us to reinitialize the account. We monitor and record
"bad-login" attempts to detect any suspicious activity
(i.e., someone trying to guess your password). You play a crucial
role in preventing others from logging on to your account. Never
use passwords that are easy to guess. Examples of bad passwords
are: birth dates, first names, pet names, addresses, phone numbers,
Social Security numbers, etc. Never reveal your password to another
person. You should periodically change your password in the User
Option screen of online banking.
Network Security
We provide a number of additional security features in online banking.
Online banking will "timeout" after a specified period
of inactivity. This prevents curious persons from continuing your
online banking session in case you have left your computer unattended
without logging out. You may set the timeout period in the User
Options screen of online banking. However, we recommend that you
always sign-off (log out) when you are done with your online banking.
The network architecture used to provide the online banking service
was designed by the brightest minds in network technology. While
the architecture is too complex to explain here, it is important
to point out that the computers that store your actual account information
are not hooked up to the Internet. The requests you make through
the Internet are handled by our online banking servers, which retrieve
the information you requested from our mainframe via proxy-based
firewall servers, these servers act as the interface between you
and our mainframe computers.
|
