Online SecurityOur Internet Banking solutions integrate industry-approved security technologies to address three major concerns about Internet security: (1) Secure log-in and user authenticity, (2) Encryption while data is in transit, (3) Secure routers and firewalls. 1: Secure Access and Verifying User AuthenticityTo begin a session with the bank's server, the user must key in a log-in ID and a password. The Internet Banking System uses a "three strikes and you're out" lockout mechanism to deter users from repeated log-in attempts. After three unsuccessful log-in attempts, the system locks the user out, requiring a phone call to the bank to verify the password before re-entry into the system. Upon successful log-in, VeriSign's Digital ID is used to establish a secure session with that visitor. The Digital ID from VeriSign, the expert in digital identification certificates, provides a standard of authentication to confirm the identity of the user while accessing the system. VeriSign describes Digital IDs as "electronic credentials that establish an individual's or entity's identity. A server secured with a Digital ID ensures visitors of the site's authenticity and allows the session with the client to be encrypted." It is essentially "third party evidence" that end users who are seeking and receiving data are indeed who the server understands them to be, and vice versa. While using the Internet Banking System, a small padlock will appear on the bottom right side of the screen. During each session this lock should be present to ensure your session is secure. 2: Secure Data TransferOnce the server session is established, the user and the server are in a secured environment. Because the server has been certified as a 128-bit secure server by VeriSign, data traveling between the user and the server is encrypted with Secure Sockets Layer (SSL) protocol. With SSL, data that travels between the bank and customer is encrypted and can only be decrypted with the public and private key pair. In short, the bank's server issues a public key to the end user's browser and creates a temporary private key. These two keys are the only combination possible for that session. When the session is complete, the keys expire and the whole process starts over when a new end user makes a server session. The encryption/decryption happens in the background and therefore requires no knowledge by the end user. 3: Routers and FirewallsRequests must filter through a router and firewall before they are permitted to reach the server. A router works in conjunction with the firewall, a piece of software, to block and direct traffic coming to the server. The configuration begins by disallowing ALL traffic and then opens holes only when necessary to process acceptable data requests, such as retrieving web pages or sending customer requests to the bank. DISCLAIMERProduct offers, rates, terms and other information provided herein are subject to change without notice. Due to occasional inaccessibility to our Web site, Merchants Bank of California. N.A. cannot guarantee the completeness or accuracy of the information provided herein. Merchants Bank of California. N.A. shall under no circumstances be liable to user and/or any third party for any indirect, consequential, incidental or punitive damages whatsoever, even if Merchants Bank of California. N.A. has been advised of the possibility of such damages. With regards to links to any browsers links or other external web sites that may be provided on the Merchants Bank of California. N.A. web site, Merchants Bank of California. N.A. does not endorse or sanction any of the sites, nor is Merchants Bank of California. N.A. associated with any of these sites in any way. Information, contents, or opinions expressed in these sites are the sole responsibility of their authors. UNLESS
OTHERWISE REQUIRED BY LAW, IN NO EVENT WILL THE BANK
Home / Contact Us / Privacy Policy / Security Policy /____________________________________________© Merchants Bank of California, N.A.__2003 |