About Security

We are pleased to offer home banking and bill payment services via the Internet. Delivering these services requires a solid security framework that can protect you and our institution from outside intrusion. The information below summarizes our security framework, which incorporates the latest proven technology. A section at the end also summarizes your responsibilities as a user of the home banking system with regard to security.

There are several levels of security within our security framework. User Level deals with cryptography and Netscape’s Secure Sockets Layer (SSL) protocol, and is the first line of defense used by all customers accessing our Home Banking Server from the public Internet. Server Level focuses on firewalls, filtering routers, and our trusted operating system. Host Level deals specifically with our home banking and bill payment services, and the processing of secure financial transactions.

User Level

There are several components of User Level security that ensure the confidentiality of information sent across the public Internet. The first requires your use of a fully SSL-compliant browser such as Netscape Navigator or Microsoft Internet Explorer. SSL is an open protocol developed by Netscape that allows a user’s browser to establish a secure channel for communicating with our Internet server. SSL utilizes highly effective cryptography techniques between your browser and our server to ensure that the information being passed is authentic, cannot be deciphered, and has not been altered en route. SSL also utilizes a digitally signed certificate which ensures that you are truly communicating with the Home Banking Server and not a third party trying to intercept the transaction.

After a secure connection has been established between your browser and our server, you then provide a valid User ID and Security Code to gain access to the services. This information is encrypted, and a request to log on to the system is processed. Although SSL utilizes proven cryptography techniques, it is important to protect your User ID and Security Code from others. We recommend using a full 8-digit Security Code and changing it often. Session time-outs, a limit on the number of logon attempts, forced Security Code change intervals, and special browser caching techniques are examples of other security measures in place to ensure that inappropriate activity is prohibited at the User Level.

Server Level

All transactions sent to our Home Banking Server must first pass through a filtering router system. These filtering routers automatically direct the request to the appropriate server after ensuring the access type is through a secured browser and nothing else. The routers verify the source and destination of each network packet, and manage the authorization process of letting packets through. The filtering routers also prohibit all other types of Internet access methods at this point. This process blocks all non-secured activity and defends against inappropriate access to the server.

The Home Banking Server is protected using the latest and most powerful firewall platform. This platform is based on a government-rated B1 trusted operating system, in use for many years by high-security government agencies including the U.S. Department of Defense. This platform defends against every kind of system intrusion and effectively isolates all but approved customer financial requests. The platform secures the hardware running the home banking applications and prevents associated attacks against all systems connected to the Home Banking Server.

Administration of the platform cannot occur remotely and must be initiated by authorized personnel in direct physical contact with the master console. Thus, a level of physical security has been implemented that rivals some of the most secure government facilities. Additional measures to ensure the security of information involve the separation of server applications from host data. This means that information of value does not physically reside on the Home Banking Server. Logging of security information occurs at all times and there is always a backup of the information logged about every attempt made to access the system. These security logs allow us to constantly monitor for a wide range of anomalies and to determine if attempts have been made to breach our security framework.

Host Level

After passing through the Home Banking Server, the transaction is sent via secure dedicated communication lines to our Transaction Server which verifies customer identity. Once authenticated, the customer is allowed to process authorized home banking and bill payment transactions using host data. No direct database access occurs between the Home Banking Server and the Transaction Server. Only specific transactions in the proprietary format are allowed into the Transaction Server. Protocol conversions have also been implemented to ensure that information does not remain in a single state of existence, further securing the information at any given point in the transaction process. In addition, communication time-outs ensure that the request is received, processed, and delivered within a given time frame. Any outside attempt to delay or alter the process will fail. Further password encryption techniques are implemented at the host level, as well as additional security logging and another complete physical security layer to protect the host information itself.

User Responsibilities

While we continue to evaluate and implement the latest improvements in Internet security technology, users of the home banking system also have responsibility for the security of their information and should always follow the recommendations listed below: