How We Protect You
Here are some of the steps we take to protect your information:
- Our employees, along with the tools that enable them to do their jobs, are our strongest assets in the fight against cyber attackers. We train and test that our employees understand policy, regulations, and security. We periodically evaluate the preparedness of our employees through simulations of cyber-attack.
- Our internal examiners perform audits and evaluations of our internal control environment.
- We will never send you e-mails requesting your personal or account information.
We want you to use our website with confidence, knowing that the information you submit to us is secure. The encryption strength varies depending on the browser you are using; however, most current browsers offer 128-bit encryption.
The presence of a "closed lock" icon in your browser indicates encryption is being used on the webpage you are viewing. In addition, an internet address that begins with "https://..." indicates the page you are viewing uses encryption. The "s" stands for "secure."
Emails that you may send to us outside our online banking service may not be secure unless we advise you that security measures will be in place prior to your transmitting the information. For that reason, we ask that you do not send confidential information such as social security or account numbers to us through an unsecured email. We provide a secured email option on our “Contact Us” page, which can be utilized for encrypting and securing email messages.
We have implemented multifactor and multilayer authentication, in addition to online banking user security, which requires multiple pieces of information to validate identity while ensuring compliance with regulatory requirements and FFIEC recommendations.
- Multifactor authentication automatically monitors accounts for unusual activity based on account history and requires customers to verify their identity by providing a “one-time password” that is delivered to a registered device. The authentication is based on two factors — something you know (a password or PIN) and something you have (an authenticator).
- Multilayer authentication is a technique in which the identity of an individual or system is verified by more than one authentication process. It provides multiple levels of authentication, depending on the underlying transaction, system or operational environment.
We offer multi-layered security with a range of authentication types:
- Bank home page login
- Single sign-on from a trusted source
- Password. Stored user passwords are encrypted using a one-way hash algorithm with a per-user salt.
- Advanced Login Authentication (ALA) is implemented as a separate component. Business online banking receives a RSA SecurID token once the user has successfully authenticated (including any required Out-of-Band requirements). Token solutions for business online banking provide hacker-resistant multi-factor authentication protection for online funds movement transactions or if requested, at the initial login as added layer of security.
Each user is profiled and paired with the device that they are using. Out-of-Band confirmation is required if future profile\user\device combinations have sufficiently changed. Options for Out-Of-Band are:
- Text message (code is sent to the device)
- Phone voice (code is displayed by ALA and entered in the phone)
We have additional security measures that may be activated in response to unusual online activity. If your online behavior looks out of the ordinary from your usual activities, we may restrict account access or prevent certain types of transactions. These measures help safeguard your personal and account information. Contact our Treasury Management Services team for assistance.
Various tools are provided on our website to help clients and potential clients learn about the products and services we offer. When browsing our website, we do not collect, capture or retain your personal information. We use website browser software tools such as cookies and web server logs to gather information about the usage of our website to constantly improve our site and better serve our clients. We also use website log files and IP addresses to analyze trends, administer the website, track user movements and gather broad demographic information for aggregate use. IP addresses are not linked to personally identifiable information.
Links to Other Websites
Protecting Children’s Privacy Online
From our websites, we do not knowingly collect or use personal information from children under 13. However, we are not responsible for data collection and use practices from nonaffiliated third parties to which our website may link.
For more information about the Children’s Online Privacy Protection Act (COPPA), please visit the FTC website at fcc.gov/consumers/guides/childrens-internet-protection-act.