This Internet Banking System brings together a combination of industry-approved security technologies to protect data for the bank and for you, our customer. It features password controlled system entry, a VeriSign issued Digital ID for the bank’s server, Secure Sockets Layer (SSL) protocol for data encryption, and a router loaded with a firewall to regulate the inflow and outflow of server traffic.
Secure Access and Verifying User Authenticity
To begin a session with the bank’s server the user must key in an Access ID and a password. Our system, the Internet Banking System, uses a “3 strikes and you’re out” lock-out mechanism to deter users from repeated login attempts. After three unsuccessful login attempts, the system locks the user out, requiring either a designated wait period or a phone call to the bank to reset the password before re-entry into the system. Upon successful login, the Digital ID from VeriSign, the experts in digital identification certificates, authenticates the user’s identity and establishes a secure session.
Secure Data Transfer
Once the server session is established, the user and the server are in a secured environment. Because the server has been certified as a 128-bit secure server by VeriSign, data traveling between the user and the server is encrypted with Secure Sockets Layer (SSL) protocol. With SSL, data that travels between the bank and customer is encrypted and can only be decrypted with the public and private key pair. In short, the bank’s server issues a public key to the end user’s browser and creates a temporary private key. These two keys are the only combination possible for that session. When the session is complete, the keys expire and the whole process starts over when a new end user makes a server connection
Router and Firewall
Requests must filter through a router and firewall before they are permitted to reach the server. A router, a piece of hardware, works in conjunction with the firewall, a piece of software, to block and direct traffic coming to the server. The configuration begins by disallowing ALL traffic and then opens holes only when necessary to process acceptable data requests, such as retrieving web pages or sending customer requests to the bank.
Fraud Alert and Phishing
Beware of Internet Fraud. The bank will never request confidential information through e-mail. Report any such requests to the bank at 918-825-7200.
Don't Get Lured into a Phishing Scam
from the ABA Education Foundation Copyright 2004 © American Bankers Association Education Foundation. Reprinted with Permission. All Rights Reserved.
Con artists now use email to try to hijack your personal financial information. In a scam known as "phishing," swindlers claim to be from a reputable company and send out thousands of fake emails in hopes that consumers will respond with the bank account information, credit card numbers, passwords or other sensitive information.
These emails can look quite convincing, with company logos and banners copied from actual Web sites. Often, they will tell you that their security procedure has changed or that they need to update (or validate) your information, and then direct you to a look-alike Web site. If you respond, the thieves use your information to order goods and services or obtain credit.
We will never:
- Send e-mail that requires you to enter personal information directly into the e-mail
- Send e-mail threatening to close your account if you do not take the immediate action of providing personal information
- Send e-mail asking you to reply by sending personal information
- Send e-mail asking you to enter your User ID, password or account numbers into an e-mail or non-secure webpage
To avoid becoming a victim of a phishing scam, the American Bankers Association offers these tips:
- Never give out your personal financial information in response to an unsolicited phone call, fax or email, no matter how official it may seem.
- Do not respond to email that may warn of dire consequences unless you validate your information immediately. Contact the company to confirm the email's validity using a telephone number or Web address you know to be genuine.
- Check your credit card and bank account statements regularly and look for unauthorized transactions, even small ones. Some thieves hope small transactions will go unnoticed. Report discrepancies immediately.
- When submitting financial information to a Web site, look for the padlock or key icon at the bottom of your browser, and make sure the Internet address begins with "https." This signals that your information is secure during transmission.
- Report suspicious activity to the Internet Crime Complaint Center, a partnership between the FBI and the National White Collar Crime Center.
- If you have responded to an email, contact your bank immediately so they can protect your account and your identity. For information on identity theft, visit ABA's Consumer Connection.
For more information on phishing, visit the Federal Deposit Insurance Corporation, Federal Trade Commission or the Anti-Phishing Working Group.
If you suspect misuse of your personal information to commit fraud, take action immediately. Keep a record of all conversations and correspondence when you take the following suggested steps:
- Contact your bank(s) & credit card issuers immediately so that the following can be done: access to your accounts can be protected; stop payments on missing checks; personal identification numbers (PINs) and online banking passwords changed; and a new account opened, if appropriate. Be sure to indicate to the bank or card issuer all of the accounts and/or cards potentially impacted including ATM cards, check (debit) cards and credit cards. Customer service or fraud prevention telephone numbers can generally be found on your monthly statements. Contact the major check verification companies to request they notify retailers using their databases not to accept these stolen checks, or ask your bank to notify the check verification service with which it does business. Three of the check verification companies that accept reports of check fraud directly from consumers are: Telecheck (800) 710-9898, International Check Services (800) 631-9656, ChexSystems (888) 478-6536 and Equifax (800) 437-5120.
- File a police report with your local police department. Obtain a police report number with the date, time, police department, location and police officer taking the report. The police report may initiate an investigation into the loss with the goal of identifying, arresting and prosecuting the offender and possibly recovering your lost items. The police report will be helpful when clarifying to creditors that you are a victim of identity theft.
- Contact the three major credit bureaus and request a copy of your credit report. Review your reports to make sure additional fraudulent accounts have not been opened in your name or unauthorized changes made to your existing accounts. Check the section of your report that lists “inquiries.” Request the “inquiries” be removed from your report from the companies that opened the fraudulent accounts. In a few months, order new copies of your reports to verify your corrections and changes to make sure no new fraudulent activity has occurred. Request a “fraud alert” for your file and a victim’s statement asking creditors to call you before opening new accounts or changing your existing ones. This can help prevent an identity thief from opening additional accounts in your name. The major credit bureaus and their phone numbers are: Equifax (800) 525-6285, Experian (888) 397-3742 and Trans Union (800) 680-7289.
- Check your mailbox for stolen mail. Make sure no one has requested an unauthorized address change, title change, PIN change or ordered new cards or checks to be sent to another address. If a thief has stolen your mail to get credit cards, bank and credit card statements, pre-screened credit offers or tax information, or if an identity thief has falsified change-of-address forms, that’s a crime. Contact your local post office and police.
- Maintain a written chronology of what happened, what was lost and the steps you took to report the incident to the various agencies, banks and firms impacted. Be sure to record the date, time, contact telephone numbers, person you talked to and any relevant report or reference number and instructions.
The FDIC has a comprehensive program on how consumers can protect themselves against online identity theft and other scams, including a video that runs for about three minutes. Click here to view the program.
- In addition, the United States Department of Treasury offers an Identity Theft Resource Page for assistance in preventing and overcoming identity theft.