DSBconnect Digital Banking Security Policy and Procedures
Ensuring you have a secure digital online/mobile banking experience is a top priority when delivering service to you. This level of security is achieved by:
- Protecting the privacy and the confidentiality of the communications between your browser and our servers. (By "our," we refer to our contracted digital service provider).
- Verifying that only authorized persons are allowed to access online banking.
- Maintaining isolation of our computers from the Internet.
Security refers to preventing unauthorized access to a computer system or network. Denison State Bank and its digital banking provider CSI (Computer Services Inc.) use several layers of technology to prevent unauthorized users from gaining access to the internal network. We have in place a sophisticated networking architecture of screening routers, filtering routers, and firewalls. We use software that incorporates full data encryption to ensure the security and privacy of transactions.
The computers that store your banking account information are not hooked up to the Internet. The requests you make through the Internet are handled by our servers, which retrieve the information you requested from our mainframe via proxy-based firewall servers. These servers act as the connection between you and our provider's mainframe computers.
The privacy of the communications between you (your browser) and our servers is ensured using cryptography that scrambles messages exchanged between your browser and our online banking server. Encryption happens as follows:
When you go to any DSB Online area, your browser establishes a secure session with our server. The secure session is established using a protocol called Secure Sockets Layer (SSL) Encryption. This protocol requires the exchange of what are called public and private keys. Keys are random numbers chosen for that session and are only known between your browser and our server. After the keys are exchanged, your browser will use the numbers to scramble (encrypt) the messages sent between your browser and our server. Both sides require the keys because they need to de-scramble (decrypt) the messages when they are received. The SSL protocol not only ensures privacy, but also ensures that no other browser can "impersonate" your browser nor alter any of the information sent.
The numbers used as encryption keys are like combination locks. The strength of encryption is based on the number of possible combinations that a lock can have. As the number of possible combinations grows, it becomes less likely that anyone would be able to guess the combination in order to decrypt the message. Modern browsers offer 40-bit encryption or 128-bit encryption; DSB Online requires the use of 128-bit capable browsers.
Logins: Username and Password
When you register for DSBconnect, you will be prompted to choose a Username and Password. You accept responsibility for the confidentiality and security of your Username and Password, which includes to:
- Not disclose them or otherwise make them available to anyone else;
- Use them as instructed;
- Immediately notify us of any loss or theft; and
- Be liable for them as described in this agreement. You acknowledge that we are entitled to rely on the use of your username and password as your authorization for any transaction through the service. You are responsible for all transactions you initiate or authorize using the service. If you permit any other person to use the service or your username/password, you will have authorized that person to access your accounts and you are responsible for any transactions that person initiates or authorizes from your accounts.
The registered customer always selects the password. Neither Denison State Bank nor its service provider ever have direct possession or knowledge of customers' passwords unless a registered customer were to reveal that password to us in order to trouble-shoot a registration. Specifically, this bank observes the following password protection practices:
- Minimum password length is 8 characters, and maximum length is 25 characters.
- At least one capital letter, at least one numeral, and at least one special character must be included in the password.
- Passwords are case sensitive. You must enter it exactly as you originally set it up.
- A well chosen password should be easy to remember and hard to guess.
Example of a strong password: NluhatwJ78! Example of a less secure password: holtonwildcats74
If you forget your password or enter it incorrectly seven consecutive times and get locked out, contact the bank to have your password reset. We monitor and record unsuccessful log-in attempts to detect any suspicious activity.
Usernames and passwords are encrypted during transmission between the bank, its provider, and its core data processor.
You can use Touch and Eye scan logins if your device is enabled for that. View more about Apple/iOS biometric logins.
Login Credential Protection
It is important to us to verify that only authorized persons log into digital banking. This is achieved by verifying your username and password. When you attempt to log in with your username and password, they are compared with what is are stored in our secure data center.
You can prevent others from logging on to your account. Never use a username or password that are easy to guess. Examples of bad username/password are birth dates, first names, pet names, addresses, phone numbers, social security numbers, etc. Never reveal your username/password to another person. You should periodically change your username/password in the Profile section. We recommend that you create a password that is used only for DSBconnect and not associated with any commonly-known personal identification. The password should be memorized rather than written down.
Enhanced Multifactor Authentication
Multi-factor authentication is an industry practice for additional online security. Our MFA requires your selection of security questions that you provide answers to. This help prevent unauthorized people from advancing through a possible login. We no longer use one-time validation code numbers.
Time Out and Sign Off
DSBconnect will time out after 30 minutes of inactivity. This prevents curious persons from continuing your online banking session in case you have left your device unattended without logging out. Click the "Log Off" link to end a session.
We are not responsible for any electronic virus or viruses that you may encounter. We encourage our customers to routinely scan their PCs using a reliable anti-virus product to detect and remove any viruses found. An undetected or unrepaired virus may corrupt and destroy your programs, files and even your hardware. Additionally, you may unintentionally transmit the virus to other computers.
Banks Invest in Security Technology and Training
Lawmakers, regulators and the banking industry have forged substantive standards for safeguarding customers' "nonpublic personal information." Uniform examination procedures are in place to monitor and enforce these standards, and bank examiners regularly go on-site to assess how bank security measures are being implemented. For example, a federal regulator will typically review a bank's internal controls and policies, with a view to establishing whether the institution considered and adopted the appropriate controls.