Internet Banking
Why Internet Banking is Safe
In Internet banking, as with traditional banking methods, security is a primary concern. We have taken precautions to ensure your information is transmitted safely and securely. This Level of Security is achieved in part by:
- Protecting the privacy and the confidentiality of the communications between your browser and our servers. Help with login security.
- Verifying that only authorized persons are allowed to access online banking.
- Maintaining isolation of our computers from the Internet.
Privacy
The privacy of the communications between you (your browser) and our servers is ensured using encryption. Encryption scrambles messages exchanged between your browser and our online banking server. Encryption happens as follows: When you go to the sign-on page for online banking, your browser establishes a secure session with our server. The secure session is established using a protocol called Secure Sockets Layer (SSL) Encryption. This protocol requires the exchange of what are called public and private keys. Keys are random numbers chosen for that session and are only known between your browser and our server. After the keys are exchanged, your browser will use the numbers to scramble (encrypt) the messages sent between your browser and our server. Both sides require the keys because they need to de-scramble (decrypt) the messages when they are received. The SSL protocol not only ensures privacy, but also ensures that no other web site can "impersonate" the login screen to Online Banking nor alter any of the information sent. You can tell whether your browser is in secure mode by looking for the secured lock symbol at the bottom of your browser window.
Encryption Level
The numbers used as encryption keys are analogous to combination locks. The strength of encryption is based on the number of possible combinations that a lock can have. As the number of possible combinations grows, it becomes less likely that anyone would be able to guess the combination in order to decrypt the message. Today's browsers offer 40-bit encryption, or 128-bit encryption. Although both result in a large number of possible combinations (240 and 2128 respectively), for your protection, our servers require the browser to connect at 128-bit encryption. Users will be unable access online banking functions at lesser encryption levels. This may require some end users to upgrade their browser to the stronger encryption level in order to access online banking functions.
40-bit Encryption
Imagine 40 light bulbs that can individually be set to on or off. Now imagine all the different combinations possible. That's 1.0995 x 1012 possibilities or 1,099,500,000,000 possibilities.
128-bit Encryption
Imagine 128 light bulbs that can individually be set to on or off. Now imagine all the different combinations possible. That's 340,282,366,920,938,000,000,000,000,000,000,000,000 possibilities.
How do I know if my browser meets the minimum criteria necessary to access secure pages of Online Banking?
Authorization
It is important to verify that only authorized persons log into Online Banking. This is achieved by verifying your password. When you submit your password, it is compared with the password we have stored in our secure data center. We allow you to enter your password incorrectly a limited number of times. If you enter your password incorrectly too many times, your Online Banking account will be locked until youreset your password or call us to reinitialize the account. We monitor and record "bad-login" attempts to detect any suspicious activity (i.e., someone trying to guess your password). You play a crucial role in preventing others from logging on to your account. Never use passwords that are easy to guess. Examples of bad passwords are: Birth dates, first names, pet names, addresses, phone numbers, social security numbers, etc. Never reveal your password to another person. You should periodically change your password in the User Option screen of Online Banking.
Forgotten Password Help
When an unrecognized User ID is entered into the first step of the Forgotten Password process, fake information is presented on the next page shown, the Forgotten Password – Confirm Identity Page. We display this fake information so that any malicious users will not be able to identify “good” Internet Banking User IDs versus “bad” ones. This can be confusing to the end user, leading them to believe their account has been compromised. We still need to display the fake information for security reasons. However, this enhancement adds a help link to advise end users of possible options for what to do next if the information is not recognizable to them. More information on forgotten password help is shown in this screenshot.
Network Security
We provide a number of additional security features in Online Banking. The system will "timeout" after a specified period of inactivity. This prevents curious persons from continuing your online banking session in case you have left your PC unattended without logging out. You may set the timeout period in the User Options screen of online banking. However, we recommend that you always sign-off (log out) when you are done with Online Banking. The network architecture used to provide the Online Banking service was designed by the brightest minds in network technology. While the architecture is too complex to explain here, it is important to point out that the computers that store your actual account information are not hooked up to the Internet. The transactions that you initiate through the Internet are received by our Online Banking Web servers. These Web servers route your transaction through firewall servers, which act as a traffic cop between segments of our Online Banking network used to store information, and the public Internet. This configuration isolates the publicly accessible Web servers from data stored on our Online Banking servers and ensures that only authorized requests are processed. Various access control mechanisms, including intrusion detection and anti-virus, monitor for and protect our systems from potential malicious activity. Additionally, our online banking servers are fault-tolerant, and provide for uninterruptible access, even in the event of various types of failures.
ABOUT COOKIES
A "cookie" is a small piece of information (a text file), which a web server can store temporarily with a web browser. Once the cookie is stored, the site's web server can later retrieve that information for that browser.
For example, when a person browses through an "online shopping mall" and adds items to a "shopping cart" while continuing to shop, your browser stores a list of the items that have been added to the cart so that the user can pay for all of the items at once when he is finished shopping. It's much more efficient for each browser to keep track of information like this than have web server remember who bought what, especially if there are thousands of people using the web server.
When browsing the web, any cookies that are sent to a browser are stored in the computer's memory. When the browser is closed, any cookies that haven't expired are written to a cookie file so they can be reloaded next time the browser is used.
Online banking uses a different kind of cookie known as a session cookie, a non-persistent cookie, or a pre-expired cookie. These cookies are placed temporarily and are never stored to the user's computer memory. Instead, these pre-expired cookies are used as part of the stringent security measures in the Online Banking product. As the end user navigates through Online Banking a pre-expired cookie is set each time a page is viewed. Because the HTML page they are viewing is not "cached", it must always be re-retrieved from the server.
The pre-expired cookies keep the session alive until the end user logs out properly or times out of Online Banking. Once this occurs, the end user must login with their User ID and Password to gain access again. This ensures that another user using the same computer cannot access the previous session.
