Security
We are pleased to offer home banking and bill payment services via the Internet. Delivering these services requires a solid security framework that can protect you and our institution from outside intrusion. The information below summarizes our security framework, which incorporates the latest proven technology. A section at the end also summarizes your responsibilities as a user of the home banking system with regard to security.
There are several levels of security within our security
framework. User Level deals with
cryptography and Netscape’s Secure Sockets Layer (SSL) protocol, and is the
first line of defense used by all customers accessing our Home Banking Server
from the public Internet. Server Level
focuses on firewalls, filtering routers, and our trusted operating system. Host Level deals specifically with our home
banking and bill payments services, and the processing of secure financial
transactions.
There are several components of User Level security that
ensure the confidentiality of information sent across the public Internet. The first requires your use of a fully
SSL-compliant browser such as Netscape Navigator or Microsoft Internet
Explorer. SSL is an open protocol
developed by Netscape that allows a user’s browser to establish a secure
channel for communicating with our Internet server. SSL utilizes highly effective cryptography techniques between
your browser and our server to ensure that the information being passed is
authentic, cannot be deciphered, and has not been altered en route. SSL also utilizes a digitally signed
certificate, which ensures that you are truly communicating with the Home
Banking Server and not a third party trying to intercept the transaction.
After a secure connection has been established between your
browser and our server, you then provide a valid User ID and Security Code to
gain access to the services. This
information is encrypted, and a request to log on to the system is processed. Although SSL utilizes proven cryptography techniques,
it is important to protect your User ID and Security Code from others. We recommend using a full 8-digit Security
Code and changing it often. Session
time-outs, a limit on the number of logon attempts, forced Security Code change
intervals, and special browser caching techniques are examples of other
security measures in place to ensure that inappropriate activity is prohibited
at the User Level.
All transactions sent to our Home Banking Server must first
pass through a filtering router system.
These filtering routers automatically direct the request to the
appropriate server after ensuring the access type is through a secured browser
and nothing else. The routers verify
the source and destination of each network packet, and manage the authorization
process of letting packets through. The
filtering routers also prohibit all other types of Internet access methods at
this point. This process blocks all
non-secured activity and defends against inappropriate access to the server.
The Home Banking Server is protected using the latest and
most powerful firewall platform. This
platform is based on a government-rated B1 trusted operating system, in use for
many years by high-security government agencies including the U.S. Department
of Defense. This platform defends
against every kind of system intrusion and effectively isolates all but
approved customer financial requests.
The platform secures the hardware running the home banking applications
and prevents associated attacks against all systems connected to the Home
Banking Server.
Administration of the platform cannot occur remotely and
must be initiated by authorized personnel in direct physical contact with the
master console. Thus, a level of
physical security has been implemented that rivals some of the most secure
government facilities. Additional
measures to ensure the security of information involve the separation of server
applications from host data. This means
that information of value does not physically reside on the Home Banking
Server. Logging of security information
occurs at all times and there is always a backup of the information logged
about every attempt made to access the system.
These security logs allow us to constantly monitor for a wide range of
anomalies and to determine if attempts have been made to breach our security
framework.
Host Level
After passing through the Home Banking Server, the
transaction is sent via secure dedicated communication lines to our Transaction
Server, which verifies customer identity.
Once authenticated, the customer is allowed to process authorized home
banking and bill payment transactions using host data. No direct database access occurs between the
Home Banking Server and the Transaction Server. Only specific transactions in the proprietary format are allowed
into the Transaction Server. Protocol
conversions have also been implemented to ensure that information does not
remain in a single state of existence, further securing the information at any
given point in the transaction process.
In addition, communication time-outs ensure that the request is
received, processed, and delivered within a give time frame. Any outside attempt to delay or alter the
process will fail. Further password
encryption techniques are implemented at the host level, as well as additional
security logging and another complete physical security layer to protect the
host information itself.
User Responsibilities
While we continue to evaluate and implement the latest
improvements in Internet security technology, users of the home banking system
also have responsibility for the security of their information and should
always follow the recommendations listed below:
Utilize the latest version of either Netscape Navigator or
Microsoft Internet Explorer. The home
banking system is best viewed and is most secure when you use one of these two
browsers, as they are both certified for use at our site. Your Security Code must be kept
confidential. Utilize a full 8-digit
Security Code and change it frequently to ensure that the information cannot be
guessed or used by others. Be sure
others are not watching you enter information on the keyboard when using the
system. Never leave your computer
unattended while logged on to the home banking system. Others may approach your computer and gain
access to your account information if you walk away. Click Exit when you are finished using the system to properly end
your session. Once a session has been
ended, no further transactions can be processed until you log on to the system
again. Close your browser when you are
finished, so that others cannot view any account information displayed on your
computer. Keep your computer free of
viruses. Use virus protection software
to routinely check for a virus on your computer. Never allow a virus to remain on your computer while accessing
the home banking system. When you
follow these simple security measures, your interaction with the home banking
system will be completely confidential.
We look forward to serving your home banking and bill payment needs both
today and into the future – securely!