Online Security Statement
Earlham Savings Bank is pleased to offer internet banking services. Delivering these services requires a solid security framework that protects you and our institution's data from outside intrusion. We are committed to working with our internet service and communications providers to produce the safest operating environment possible for our customers.
The information below summarizes our security framework, which incorporates the latest proven technology. A section at the end also summarizes your responsibilities as a user of the internet banking system with regard to security.
There are several levels of security within our security framework. User level deals with cryptography and Secure Sockets Layer (SSL) protocol, and is the first line of defense used by all customers accessing our Banking Server from the public Internet. Server Level focuses on firewalls, filtering routers and our trusted operating system. Host level deals specifically with our internet banking services and the processing of secure financial transactions.
There are several components of User Level Security that insure the confidentiality of information sent across the public Internet. The first requires your use of a fully SSL-compliant 128 bit-encrypted browser such as Microsoft Internet Explorer or Mozilla Firefox. SSL is an open protocol that allows a user’s browser to establish a secure channel for communicating with our internet server. SSL utilizes highly effective cryptography techniques between your browser and our server to ensure that the information being passed is authentic, cannot be deciphered and has not been altered enroute. SSL also utilizes a digitally signed certificate, which ensures that you are truly communicating with the Online Banking Server and not a Third party trying to intercept the transaction.
After a secure connection has been established between your browser and our server, you then provide a valid User ID and Security Password to gain access to the services. You also establish Multi-Factor Authentication by choosing a Security Image, answering three Security Questions, and designating whether your log in is from a Personal (register the PC as a trusted source) or Public (do not register the PC as a trusted source) computer. This information is encrypted, logged by the server forming another complete physical security layer to protect the server’s information, and a request to log on the system is processed. If you do not register your PC or if a future online banking log in is made from a different PC you will be prompted to answer one of your chosen Security Questions to validate access.
Although SSL utilizes proven cryptography techniques, it is important to protect your User Access ID and Security Password from others. You must follow the Security Password parameters we specify at the time you sign-up for an internet banking account. We also recommend changing your Security Password often. Session time-outs and a limit on the number of logon attempts are examples of other security measures in place to ensure that inappropriate activity is prohibited at the user level. Invalid log in attempts are reviewed each business day by bank employees and followed up on appropriately.
Server Level
All transactions sent to our Banking Server must first pass through a filtering router system. These filtering routers automatically direct the request to the appropriate server after ensuring the access type is through a secure browser and nothing else. The routers verify the source and destination of each network packet and manage the authorization process of letting packets through. The filtering routers also prohibit all other types of Internet access methods at this point. This process blocks all non-secured activity and defends against inappropriate access to the server.
The Banking Server is protected using the latest firewall platform. This platform defends against system intrusions and effectively isolates all but approved customer financial requests. The platform secures the hardware running the on-line applications and prevents associated attacks against all systems connected to the Banking Server. The system is monitored 24 hours a day, seven days a week for a wide range of anomalies to determine if attempts are being made to breach our security framework. In addition, intrusion tests are conducted at least annually by independent third parties to validate and measure the effectiveness of Banking Server security.
Host Level
Once authorized, the customer is allowed to process authorized internet banking transactions using host data. In addition, communication time-outs ensure that the request is received, processed and delivered within a given timeframe. Any outside attempt to delay or alter the process will fail. Further password encryption techniques are implemented at the host level, as well as additional security logging and another complete physical security layer to protect the host information itself.
User Responsibilities
- While our service provider continues to evaluate and implement the latest improvements in Internet security technology, users of the online banking system also have responsibility for the security of their information and should always follow the recommendations listed below:
- Utilize the latest 128 bit encryption versions of Mozilla Firefox, Google Chrome, Safari or Microsoft Internet Explorer. The online banking system is best viewed and is most secure when you use one of these browsers, as they are certified for use at our site.
- Your security password must be kept confidential. You must follow our specific parameters for a password and change it often to ensure that the information cannot be guessed or used by others. Be sure others are not watching you enter information on the keyboard when using the system.
- Never leave your computer unattended while logged onto the online banking system. Someone may approach your computer and gain access to your account information if you are away.
- Click log off when you are finished using the system to properly log off. Once a session has ended no further transactions can be processed until you log on to the system again.
- Close your browser when you are finished so that others cannot view any account information displayed on your computer.
- Maintain a virus-free computer. Use virus protection software to routinely check for a virus on your computer. Never allow a virus to remain on your computer while accessing the online banking system.
- Report all crimes or attempts of criminal activity to law enforcement officials immediately.
- In addition, please contact our bank as soon as possible at 515-223-4753.
When you follow these security measures, your interaction with online banking will be completely confidential.