First United Bank’s Online Banking System brings together a combination of industry-approved security technologies to protect data for the bank and for you, our customer. It features password-controlled system entry, a VeriSign™ issued Digital ID for the bank’s server, Secure Sockets Layer (SSL) protocol for data encryption, One Time Pin (OTP) for stronger login authentication, and a router loaded with a firewall to regulate the inflow and outflow of server traffic.
SECURE ACCESS AND VERIFYING USER AUTHENTICITY
To begin a session with the bank’s server the user must key in a Log-In ID and a Password. Our system, the Online Banking System, uses a “3 strikes and you are out” lockout mechanism to deter users from repeated login attempts. After three unsuccessful login attempts, the system locks the user out, requiring either a designated wait period or a phone call to the bank to verify the password before reentry into the system. Upon successful login, the Digital ID from VeriSign™, the experts in digital identification certificates, authenticates the users identity and establishes a secure session with that visitor.
SECURE DATA TRANSFER
Once the server session is established, the user and the server are in a secured environment. Because the server has been certified as a 2048-bit secure server by VeriSign™, data traveling between the user and the server is encrypted with Secure Sockets Layer (SSL) protocol. With SSL, data that travels between the bank and customer is encrypted and can only be decrypted with the public and private key pair. In short, the bank’s server issues a public key to the end user’s browser and creates a temporary private key. These two keys are the only combination possible for that session. When the session is complete, the keys expire and the whole process starts over when a new end user initiates a new server session.
ONE TIME PIN (OTP)
OTP is mandatory and requires all online banking users to receive a unique PIN via text, phone call, and/or eMail after their credentials have been entered into the online banking system. Users must enter the unique PIN to continue to their online banking activity. A user can receive up to three PIN’s during a login session and each PIN is valid for 10 minutes. Our system, the Online Banking System, uses a “3 strikes and you are out” lockout mechanism to deter users from repeated login attempts. After three unsuccessful login attempts, the system locks the user out, requiring a phone call to the bank to verify the password before reentry into the system. The OTP will only be delivered to the phone number or eMail address registered with the account. A OTP will be required at every log in unless the computer is marked as recognized.
ROUTER AND FIREWALL
Requests must filter through a router and firewall before they are permitted to reach the server. A router (a piece of hardware) works in conjunction with the firewall (a piece of software) to block and direct traffic coming to the server. The configuration begins by disallowing ALL traffic and then opens holes only when necessary to process acceptable data requests, such as retrieving web pages or sending customer requests to the bank.
Using the above technologies, your Online Banking transactions are secure.