Central Bank understands that the security
of your personal and account information is important to you.
We also understand that our continued success as a financial
institution relies on both our ability to offer banking services
to you in a secure manner as well as your responsibility in
keeping any access codes, passwords or PINs secure. To assist
us in offering these Web-based banking services in a secure
manner, we employ a number of measures, which are described
below. These measures allow us, among other benefits, to properly
authenticate your identity when you access these services
and protect your information as it traverses the Internet
between your PC and Central Bank.
Every end user must privately
maintain a combination of a password and Log-In ID. Because
the end user is assigned the original password by the bank
administrator, IBS (Internet Banking System) forces the
end
user to change the password once logged onto the system and
before any transactions can be requested. This forces the
end user to establish an absolutely private password. If,
in case the password is lost or forgotten the administrator
will be able to reset a default password for the end user
once Central Bank has confirmed your identity. In addition to the Log-In ID and password, multifactor identification is used to further secure the OnLine Banking application. New users are presented with 3 sets of 10 random challenge/response questions. To authenticate, the user must choose one of the ten questions randomly selected in each set. This collection process sets the stage for future authentication based on patterns of use. If a user forgets their challenge/response question, they can choose to get a reminder via e-mail or an alternate option. These are not known to the bank.
If an unauthorized person
attempts entry into an end user’s account by trying
to guess a Log-In ID, IBS will disable the password on the
third incorrect attempt, thus invalidating the Log-In combination.
If you accidentally activate this security feature by unintentionally
mis-keying a password three times, you would need to call
Central Bank to reestablish the password for that account.
For example, a common mistake made by the end user is having
the CAPS-LOCK on while keying in a password.
To further protect
you, a timeout
feature is used. This feature
will automatically log you out of your current financial
service session after 10 minutes of inactivity.
Central Bank also requires the use of secure
browsers to
protect you while you access our online financial services.
More specifically, the personal and account information that
flows back and forth between your PC and Central Bank must
be encrypted while in transit – secure browsers are
how we achieve this level of protection. Encryption is the
process of scrambling information (typically for data transmission)
so that it can only be reassembled in its original clear
text
format by someone who has the correct encryption key to do
so. When used between you and Central Bank, this technology
encrypts your personal information as you send it to us,
which
only Central Bank can decrypt. Likewise, when we send personal
or account information to you, this technology encrypts it,
which only you can decrypt. This is possible through a certified
128 bit secure server so that no unauthorized individuals
can read or decipher the data.
Our server does not connect directly to the Internet. It
is isolated from the network via "firewall". All
requests to the server are filtered through a router and
firewall
before they are permitted access to the server. A router
is a piece of hardware that works in conjunction with the
firewall,
a piece of software, to block and direct traffic coming to
the server. The router and software "firewall" define
and limit access that "outside" computers have
to Central Bank’s server. The configuration begins
by disallowing ALL traffic and then opens only when necessary
to process
acceptable data requests, such as sending customer requests
to Central Bank. |
