Online Security

Online Banking Security Information

For More Information:
www.staysafeonline.org
FFIEC Consumer Online Guidance PDF
FFIEC Commerical Online Guidance PDF

This Internet Banking System brings together a combination of industry approved security technologies to protect data for the bank and for you, our customer. It features password-controlled system entry, a VeriSign-issued Digital ID for the bank's server, Secure Sockets Layer (SSL) protocol for data encryption, and a router loaded with a firewall to regulate the inflow and outflow of server traffic.

Secure Access and Verifying User Authenticity To begin a session with the bank's server the user must key in a Log-in ID and a password. Our system, the Internet Banking System, uses a "3 strikes and you're out" lock-out mechanism to deter users from repeated login attempts. After three unsuccessful login attempts, the system locks the user out, requiring either a designated wait period or a phone call to the bank to verify the password before re-entry into the system. Upon successful login, the Digital ID from VeriSign, the experts in digital identification certificates, authenticates the user's identity and establishes a secure session with that visitor. Secure Data Transfer Once the server session is established, the user and the server are in a secured environment. Because the server has been certified as a 128-bit secure server by VeriSign, data traveling between the user and the server is encrypted with Secure Sockets Layer (SSL) protocol. With SSL, data that travels between the bank and customer is encrypted and can only be decrypted with the public and private key pair. In short, the bank's server issues a public key to the end user's browser and creates a temporary private key. These two keys are the only combination possible for that session. When the session is complete, the keys expire and the whole process starts over when a new end user makes a server session. In order to take advantage of the server's 128 bit security, you must have strong encryption installed on your browser. Both Netscape Communicator and Microsoft Internet Explorer support 128 bit encryption in release 4.x and later. Router and Firewall Requests must filter through a router and firewall before they are permitted to reach the server. A router, a piece of hardware, works in conjunction with the firewall, a piece of software, to block and direct traffic coming to the server. The configuration begins by disallowing ALL traffic and then opens holes only when necessary to process acceptable data requests, such as retrieving web pages or sending customer requests to the bank.

Using the above technologies, your Internet banking transactions are secure.

Visitors to this bank website remain anonymous. We do not collect identifying information about visitors to our site. We may use standard software to collect non-identifying information about our visitors, such as:

Date and time our site was accessed IP address (A numeric address given to servers connected to the Internet) Web browser used
City, state, and country

The bank uses this information to create summary statistics and to determine the level of interest in information available on our site, as well as to detect and log unauthorized access attempts. Visitors may elect to provide us with personal information via E-mail, or online registration forms. This information is used internally, as appropriate, to handle the sender's request. It is not disseminated or sold to other organizations.

Some areas of our website may use a "cookie" stored on the visitor's hard drive to allow the web server to log the pages you use within the site and to know if you have visited the site before.

FTC Consumer Alert

How Not to Get Hooked by a 'Phishing' Scam

Internet scammers casting about for people's financial information have a new way to lure unsuspecting victims: They go "phishing" .

Phishing is a high-tech scam that uses spam or pop-up messages to deceive you into disclosing your credit card numbers, bank account information, Social Security number, passwords, or other sensitive information.

According to the Federal Trade Commission (FTC), phishers send an email or pop-up message that claims to be from a business or organization that you deal with - for example, your Internet Service Provider (ISP), bank, online payment service, or even a government agency. The message usually says that you need to "update" or "validate" your account information. It might threaten some dire consequence if you don't respond. The message directs you to a Web site that looks just like a legitimate organization's site, but it isn't. The purpose of the bogus site? To trick you into divulging your personal information so the operators can steal your identity and run up bills or commit crimes in your name.

The FTC, the nation's consumer protection agency, suggests these tips to help you avoid getting hooked by a phishing scam:

If you get an email or pop-up message that asks for personal or financial information, do not reply or click on the link in the messag. Legitimate companies don't ask for this information via email. If you are concerned about your account, contact the organization in the email using a telephone number you know to be genuine, or open a new Internet browser session and type in the company's correct Web address. In any case, don't cut and paste the link in the message.
Don't email personal or financial information. Email is not a secure method of transmitting personal information. If you initiate a transaction and want to provide your personal or financial information through an organization's Web site, look for indicators that the site is secure, like a lock icon on the browser's status bar or a URL for a website that begins "https:" (the "s" stands for "secure"). Unfortunately, no indicator is foolproof; some phishers have forged security icons.
Review credit card and bank account statements as soon as you receive them to determine whether there are any unauthorized charges. If your statement is late by more than a couple of days, call your credit card company or bank to confirm your billing address and account balances.
Use anti-virus software and keep it up to date. Some phishing emails contain software that can harm your computer or track your activities on the Internet without your knowledge. Antivirus software and a firewall can protect you from inadvertently accepting such unwanted files. Antivirus software scans incoming communications for troublesome files. Look for anti-virus software that recognizes current viruses as well as older ones; that can effectively reverse the damage; and that updates automatically. A firewall helps make you invisible on the Internet and blocks all communications from unauthorized sources. It's especially important to run a firewall if you have a broadband connection. Finally, your operating system (like Windows or Linux) may offer free software "patches" to close holes in the system that hackers or phishers could exploit.
Be cautious about opening any attachment or downloading any files from emails you receive, regardless of who sent them.
Report suspicious activity to the FTC. If you get spam that is phishing for information, forward it to spam@uce.gov. If you believe you've been scammed, file your complaint at www.ftc.gov, and then visit the FTC's Identity Theft Web site at www.consumer.gov/idtheft to learn how to minimize your risk of damage from ID theft. Visit www.ftc.gov/spam to learn other ways to avoid email scams and deal with deceptive spam. The FTC works for the consumer to prevent fraudulent, deceptive, and unfair business practices in the marketplace and to provide information to help consumers spot, stop, and avoid them. To file a complaint or to get free information on consumer issues , visit www.ftc.gov or call toll-free, 1-877-FTC-HELP (1-877-382-4357); TTY: 1-866-653-4261. The FTC enters Internet, telemarketing, identity theft, and other fraud-related complaints into Consumer Sentinel, a secure, online database available to hundreds of civil and criminal law enforcement agencies in the U.S. and abroad.

Protect Yourself From Identity Theft

Think of how many times a day you share your personal information. You may write a check at the local grocery store, apply for a credit card, make a call on your cell phone, charge tickets to a Milwaukee Bucks game, mail your tax return or buy Midwest Express tickets over the Internet.

With each transaction, you share your personal information: your bank and credit card account numbers, your income, your social security number, your name, address and phone number.

In 1998, Congress passed a law making identity theft a federal crime. The U.S. Secret Service, FBI and U.S. Postal Inspection Service investigate violations of the Act. Persons accused of identity theft are prosecuted by the Department of Justice.

Consumer complaints about identity theft continue to grow. More than 40 percent of all complaints filed with the U.S. Federal Trade Commission last year were for identity theft.

Unless you live your life in a bubble, you can't prevent the stealing of your personal information, but you can minimize the risks of this crime happening to you by following these suggestions:

Never divulge information about your social security number, credit card number, account passwords and other personal information unless you initiate contact with a person or company you know and trust.
Don't carry around more checks, credit cards and other bank items than you really need. Don't carry your social security number in your wallet, and be sure to pick passwords and PINs (Personal Identification Numbers) that will be tough for someone to figure out. Don't write your social security number on your check.
Protect your incoming and outgoing mail, especially envelopes that may contain checks, credit card applications or other information valuable to a fraud artist. Deposit outgoing mail, especially something containing personal financial information in the official Post Office collection boxes, hand it to the mail carrier, or take it to the local post office instead of leaving it in your home mailbox.
Before discarding credit card applications, cancelled checks, bank statements or other information useful to an identity thief, tear them up as best you can, preferably by using a paper shredder.
Safely store extra checks, credit cards and documents that list your social security number.
Contact your financial institution immediately if you lose your checkbook or bank credit card, if there is a discrepancy in your records, or if you notice something suspicious such as a missing payment or unauthorized withdrawals.
If your credit card bill doesn't arrive on time, contact your credit card company. This could be a sign that someone has stolen your account information, changed your address and is making large charges in your name from another location.
Once a year check your credit record with the three major credit bureaus. To order your report, call the following toll-free numbers; Equifax: 800-685-1111 Experian: 888-397-3742 Trans Union: 800-888-4213

If you are a victim of identity theft, take the following steps:

Contact the fraud departments of each of the three major credit bureaus and request a "fraud alert" be placed on your file and no new credit be granted without your approval.
Close any accounts that have been fraudulently accessed or opened.
File a local police report and get a copy of the report to your bank, credit card company or others that may need proof of the crime.

The Federal Trade Commission (FTC) is the federal clearinghouse for complaints by victims of identity theft. Although the FTC does not have the authority to bring criminal cases, it can assist victims by providing information to help resolve problems that can result from identity theft. Should you find yourself a victim of identity theft, you can file a complaint with the FTC by calling toll-free 1-877-ID-THEFT (438-4338).

Most of us assume that thieves are only interested in the cash in our wallet or purse, when in many cases, they are more interested in access to sensitive information that can be used to steal our identity. Use caution and don't be the next victim of identity theft or other financial fraud.