Add to collection(s) Add to saved
  1. Business
  2. Finance

Security and Your Privacy Policy

advertisement 
Tool 7: Communicating Your Security Practices
Security and Your Privacy Policy
Security is an integral part of your privacy policy and your privacy policy should describe
in general terms how you protect customer information. The following samples of
security language are examples of how other institutions have incorporated their security
measures into their privacy policy.
SAMPLE 1:
The security of the communications between you and our servers is ensured using
cryptography, which scrambles messages exchanged between your browser and our
online banking server. When you go to the sign-on page for online banking, your browser
establishes a secure session with our server. The secure session is established using a
protocol called Secure Sockets Layer (SSL) Encryption. The SSL protocol, not only
ensures privacy, but also ensures that no other browser can "impersonate" your browser,
nor alter any of the information sent. You can tell whether your browser is in secure
mode by looking for the secured lock symbol at the bottom of your browser window.
It is also important to verify that only authorized persons log into home banking. This is
achieved by verifying your password. When you submit your password, it is compared
with the password we have stored in our secure data center. We allow you to enter your
password incorrectly five (5) times. If you enter your password incorrectly five times,
your online banking account will be locked until you call us to reinitialize the account.
We monitor and record "bad-login" attempts to detect any suspicious activity (i.e.,
someone trying to guess your password). You play a crucial role in preventing others
from logging on to your account. Never use passwords that are easy to guess. Examples
of bad passwords are: Birth dates, first names, pet names, addresses, phone numbers,
social security numbers, etc. Never reveal your password to another person. You should
periodically change your password in the User Option screen of online banking.
SAMPLE 2:
Our Internet Banking System brings together a combination of industry-approved
security technologies to protect data for the bank and for you, our customer. It features
password-controlled system entry, a Identrus-issued Digital ID for the bank's server,
Secure Sockets Layer (SSL) protocol for data encryption, and a router loaded with a
firewall to regulate the inflow and outflow of server traffic.
Secure Access and Verifying User Authenticity
To begin a session with the bank's server the user must key in a Log-in ID and a
password. Our system, the Internet Banking System, uses a "3 strikes and you're out"
lock-out mechanism to deter users from repeated login attempts. After three unsuccessful
login attempts, the system locks the user out, requiring either a designated wait period or
a phone call to the bank to verify the password before re-entry into the system.
Once the server session is established, the user and the server are in a secured
environment, ensuring the secure transfer of data.
Router and Firewall
Requests must filter through a router and firewall before they are permitted to reach the
server. A router, a piece of hardware, works in conjunction with the firewall, a piece of
software, to block and direct traffic coming to the server. The configuration begins by
disallowing ALL traffic and then opens holes only when necessary to process acceptable
data requests, such as retrieving web pages or sending customer requests to the bank.
Sample 3:
Our Bank is dedicated to the protection of its customers' privacy. All personal and
financial information submitted through the Our Bank website will be kept accurate,
secure and confidential. We maintain security standards and procedures to help prevent
unauthorized access to confidential information about you. Our Bank’s secure network
will recognize communications from customers using browsers that are compliant with
certain security standards. If you are using Netscape Navigator 3.0 or higher, Microsoft's
Internet Explorer 3.0 or higher or any other SSL compliant browser, you may submit
applications/requests for information online.
Cookies
Once a customer has signed into the Internet Banking service and his or her User ID and
password have been validated, session management information that is stored on the
customer's PC is maintained. This encrypted data element helps an authenticated
customer navigate the web site. This data element, called a "cookie," is stored in the
computer browser's memory. This cookie exists only in the memory of the browser and is
active only as long as the customer's browser is running or until the time out limit has
been reached. Once the browser is closed or timed out, the information is deleted. A
cookie does not retrieve data from your hard drive, carry computer viruses, or capture
your e-mail address. Most browsers will allow you to disable cookies or warn you before
accepting a cookie. However, if you decide not to accept cookies, you may not be able to
successfully navigate within the Internet Banking service.
Sample 4:
Security of your account is our number one priority. With online banking, you can do
your banking with confidence. We use state-of-the-art technology and a combination of
security measures to make your banking sessions secure.
Bank-Approved Browsers
Our standards are among the highest of companies on the Internet. We require that you
use a current version of a browser that supports 128-bit encryption and SSL3, the highest
level of encryption commercially available. We do not allow any information from your
banking session to be stored on your hard drive unless you download it and save it on
your computer.
Password and PIN
You will need to authenticate yourself each time you use online banking by entering in
your user name and password (selected at enrollment) plus your Card number and PIN.
Together, this serves as your unique access to Online Banking. You should never disclose
your password or PIN to anyone, including anyone claiming to represent our Bank.
Preventing Unauthorized Use
Our Bank uses firewalls to prevent anyone without proper authorization from accessing
online banking. A firewall also regulates information coming in and going out, making
sure that communications happen only between approved parties.
Timed Log Out
If you leave your computer unattended, or go to another Web site without logging out, we
will automatically end your banking session after 10 minutes of inactivity.
Sample 5:
This Internet Banking System brings together a combination of industry-approved
security technologies to protect data for the bank and for you, our customer. It features
password-controlled system entry, a VeriSign-issued Digital ID for the bank's server,
Secure Sockets Layer (SSL) protocol for data encryption, and a router loaded with a
firewall to regulate the inflow and outflow of server traffic.
Secure Access and Verifying User Authenticity
To begin a session with the bank's server the user must key in a Log-in ID and a
password. Our system, the Internet Banking System, uses a "3 strikes and you're out"
lock-out mechanism to deter users from repeated login attempts. After three unsuccessful
login attempts, the system locks the user out, requiring either a designated wait period or
a phone call to the bank to verify the password before re-entry into the system. Upon
successful login, the Digital ID from VeriSign, the experts in digital identification
certificates, authenticates the user's identity and establishes a secure session with that
visitor.
Secure Data Transfer
Once the server session is established, the user and the server are in a secured
environment. Because the server has been certified as a 128-bit secure server by
VeriSign, data traveling between the user and the server is encrypted with Secure Sockets
Layer (SSL) protocol. With SSL, data that travels between the bank and customer is
encrypted and can only be decrypted with the public and private key pair. In short, the
bank's server issues a public key to the end user's browser and creates a temporary private
key. These two keys are the only combination possible for that session. When the session
is complete, the keys expire and the whole process starts over when a new end user
makes a server session.
Router and Firewall
Requests must filter through a router and firewall before they are permitted to reach the
server. A router, a piece of hardware, works in conjunction with the firewall, a piece of
software, to block and direct traffic coming to the server. The configuration begins by
disallowing ALL traffic and then opens holes only when necessary to process acceptable
data requests, such as retrieving web pages or sending customer requests to the bank.
Using the above technologies, your Internet banking transactions are secure.
Related documents
Student Login Manual
Student Login Manual
Lesson 11 – Using Online Banking
Lesson 11 – Using Online Banking
OnlineBankingSecurit..
OnlineBankingSecurit..
Term 1 Presentation
Term 1 Presentation
New Deal Test Review
New Deal Test Review
How to start Whitepins - AMAS-Team
How to start Whitepins - AMAS-Team
Slide 1
Slide 1
Security Bank of California will never initiate contact with you via e
Security Bank of California will never initiate contact with you via e
Download
advertisement