DSBconnect Online/Mobile Security Policy and Procedures
About Online/Mobile Security
Ensuring you have a secure online/mobile banking experience is a top priority when delivering service to you. This level of security is achieved by:
- Protecting the privacy and the confidentiality of the communications between your browser and our servers.
- Verifying that only authorized persons are allowed to access online banking.
- Maintaining isolation of our computers from the Internet.
Security refers to preventing unauthorized access to a computer system or network. Denison State Bank and its digital banking provider (Digital Insight) and core date processor (Computer Services Inc.) use several layers of technology to prevent unauthorized users from gaining access to the internal network. We have in place a sophisticated networking architecture of screening routers, filtering routers, and firewalls. We use software that incorporates full data encryption to ensure the security and privacy of transactions. This encryption technology is so secure that it is classified by the U.S. Department of Defense, and federal law forbids export of this technology to other countries. As a further security measure, we use our Internet server as a firewall, thereby preventing customer data from being directly accessed via the Internet.
The network architecture used to provide the online banking service was designed by the brightest minds in network technology. While the architecture is too complex to explain here, it is important to point out that the computers that store your actual account information are not hooked up to the Internet. The requests you make through the Internet are handled by our servers, which retrieve the information you requested from our mainframe via proxy-based firewall servers. These servers act as the connection between you and our mainframe computers.
The privacy of the communications between you (your browser) and our servers is ensured using cryptography that scrambles messages exchanged between your browser and our online banking server. Encryption happens as follows:
When you go to any DSB Online area, your browser establishes a secure session with our server. The secure session is established using a protocol called Secure Sockets Layer (SSL) Encryption. This protocol requires the exchange of what are called public and private keys. Keys are random numbers chosen for that session and are only known between your browser and our server. After the keys are exchanged, your browser will use the numbers to scramble (encrypt) the messages sent between your browser and our server. Both sides require the keys because they need to de-scramble (decrypt) the messages when they are received. The SSL protocol not only ensures privacy, but also ensures that no other browser can "impersonate" your browser nor alter any of the information sent.
The numbers used as encryption keys are like combination locks. The strength of encryption is based on the number of possible combinations that a lock can have. As the number of possible combinations grows, it becomes less likely that anyone would be able to guess the combination in order to decrypt the message. Modern browsers offer 40-bit encryption or 128-bit encryption; DSB Online requires the use of 128-bit capable browsers.
Intuit offers the highest level of extended validation certificates, Secure Site Pro with Extended Validation SSL Certificates by VeriSign. These certificates provide a 128-bit encrypted connection between the user's browser and the web services. Extended Validation (EV) Certificates provide visual indicators, including a green address bar and padlock at the header of the browser, as well as a VeriSign seal at the footer of the site to give confidence to users that they are at the correct website.
Username and Password
When you register for DSBconnect online/mobile, you will be prompted to choose a Username and Password. After your first login, you can change your password at any time by clicking the "My Settings" link within online/app login.
You accept responsibility for the confidentiality and security of your Username and Password, which includes to:
- Not disclose them or otherwise make them available to anyone else;
- Use them as instructed;
- Immediately notify us of any loss or theft; and
- Be liable for them as described in this agreement. You acknowledge that we are entitled to rely on the use of your username and password as your authorization for any transaction through the service. You are responsible for all transactions you initiate or authorize using the service. If you permit any other person to use the service or your username/password, you will have authorized that person to access your accounts and you are responsible for any transactions that person initiates or authorizes from your accounts.
The registered customer always selects the password. Neither Denison State Bank, nor its online banking vendor and core data processor, ever have direct possession or knowledge of customers' passwords unless a registered customer were to reveal that password to an Online Banking administrator in order to trouble-shoot a registration. Specifically, this bank observes the following password protection practices:
- Minimum password length is 8 characters, and maximum length is 25 characters, one of which must be a numeral (0-9).
- Use of alpha, numeric, alphanumeric, or special characters may be used.
- Passwords are case sensitive. You must enter it exactly as you originally set it up.
- A well chosen password should be easy to remember and hard to guess.
Example of a strong password: iwc8dcus Example of a less secure password: holtonwildcats74
If you forget your password or enter it incorrectly five consecutive times and get locked out, you can use the automated Password Reset link displayed to you, or you may contact the bank to have your password reset. We monitor and record unsuccessful log-in attempts to detect any suspicious activity.
Usernames and passwords are encrypted during transmission between the bank, its provider, and its core data processor.
Login Credential Protection
It is important to us to verify that only authorized persons log into online banking. This is achieved by verifying your username and password. When you attempt to log in with your username and password, they are compared with what is are stored in our secure data center.
You can prevent others from logging on to your account. Never use a username or password that are easy to guess. Examples of bad username/password are birth dates, first names, pet names, addresses, phone numbers, social security numbers, etc. Never reveal your username/password to another person. You should periodically change your username/password in the "MySettings" link of DSB Online. We recommend that you create a password that is used only for DSBconnect and not associated with any commonly-known personal identification. The password should be memorized rather than written down.
Enhanced Multifactor Authentication
Multi-factor authentication is an industry practice for additional online security. It requires you to register the login device you frequently use, or use a One-Time Passcode for verfication if you are using an unknown device. For more on enhanced MFA, read here.
Time Out and Sign Off
DSB Online/Mobile will time out after 10 minutes of inactivity. This prevents curious persons from continuing your online banking session in case you have left your device unattended without logging out. Click the "Sign Off" link in top right corner to end a DSB Online session. This will expire all the cookies that were set in your session. Do not use the "Back" key to return to previously-viewed pages.
We are not responsible for any electronic virus or viruses that you may encounter. We encourage our customers to routinely scan their PCs using a reliable anti-virus product to detect and remove any viruses found. An undetected or unrepaired virus may corrupt and destroy your programs, files and even your hardware. Additionally, you may unintentionally transmit the virus to other computers.
Banks Invest in Security Technology and Training
Lawmakers, regulators and the banking industry have forged substantive standards for safeguarding customers' "nonpublic personal information." Uniform examination procedures are in place to monitor and enforce these standards, and bank examiners regularly go on-site to assess how bank security measures are being implemented. For example, a federal regulator will typically review a bank's internal controls and policies, with a view to establishing whether the institution considered and adopted the appropriate controls.