We care about your security.

Encryption

How Encryption Works

  • When visiting online banking’s sign-on page, your browser establishes a secure session with our server.
  • The secure session is established using a protocol called Transport Layer Security(TLS) Encryption. This protocol requires the exchange of what are called public and private keys.
  • Keys are random numbers chosen for that session and are only known between your browser and our server. Once keys are exchanged, your browser will use the numbers to scramble (encrypt) the messages sent between your browser and our server.
  • Both sides require the keys because they need to descramble (decrypt) messages received. The TLS protocol assures privacy, but also ensures no other website can “impersonate” your financial institution’s website, nor alter information sent.
  • To learn whether your browser is in secure mode, look for the secured lock symbol at the bottom of your browser window.

Encryption Level

The numbers used as encryption keys are similar to combination locks. The strength of encryption is based on the number of possible combinations a lock can have. The more possible combinations, the less likely someone could guess the combination to decrypt the message.

For your protection, our servers require the browser to connect at 128-bit encryption (versus the less-secure 40-bit encryption). Users will be unable to access online banking functions at lesser encryption levels. This may require some end users to upgrade their browser to the stronger encryption level.

To determine if your browser supports 128-bit encryption:

  • Click “Help” in the toolbar of your Internet browser
  • Click on “About [browser name]”
  • A pop-up box or window will appear.
  • For Internet Explorer: next to “Cipher strength” you should see “128-bit”
  • For Netscape: you should see “This version supports high-grade (128-bit) security with RSA Public Key Cryptography”

If your browser does not support 128-bit encryption, you must upgrade to continue to access the website’s secure pages.

Firefox and Safari browsers and DI

July 2005 —

  1. Firefox and Safari – Encryption levels
    Both browsers recently designated as supported for use with DI products, Firefox 1.0 and Safari 1.2, use strong 128-bit encryption when accessing secure sites, to ensure safe and secure transmittal of private data such as account and payment information.
  2. Firefox and Safari – How end users can determine which levels of encryption they have
    1. Firefox – In Firefox, this option is not visible until connected to a site. Negotiation occurs between the client browser and the server at run-time. To view the encryption level being used while connected to a specific secure site, you can do the following:
      • Click to the ‘Tools’ menu
      • Select ‘Page Info’
      • Click the ‘Security’ tab

      Or: double-click the yellow ‘lock’ icon in the lower right corner of the screen while connected to a secure site.

    2. Safari – The Safari browser displays a ‘lock’ icon at the top right corner of the browser window when you’re viewing a secure (https://) site. This symbol is absent when viewing an unsecured (http://) site. Safari can use both 40-bit and 128-bit “strong” encryption; the website determines which level of encryption is used at a given time.

Other browsers that support 128-bit encryption also may work. More information on some common browsers is available via these links:

 

Authorization

It is important to verify that only authorized persons log into online banking. This is achieved by verifying your password. When you submit your password, it is compared with the password we have stored in our secure data center.

We allow you to enter your password incorrectly a limited number of times; too many incorrect passwords will result in the locking of your online banking account until you call us to reinitialize the account. We monitor and record “bad-login” attempts to detect any suspicious activity (i.e. someone trying to guess your password).

You play a crucial role in preventing others from logging on to your account. Never use easy-to-guess passwords. Examples:

  • Birth dates
  • First names
  • Pet names
  • Addresses
  • Phone numbers
  • Social Security numbers

Never reveal your password to another person. Do not write your password down. You should periodically change your password in the User Option screen of online banking.

Use a different password to access your online banking accounts than the ones you use for other applications.

Always log off your online banking session before leaving your computer.

We will NEVER email you for your personal information.  Any email claiming to be the bank requesting personal information such as Social Security numbers, IDs, or passwords should not be trusted.

Electronic Funds Transfer Act.  Please refer to your Electronic Funds Transfer Act Disclosure for details.

Network Security

The network architecture used to provide the online banking service was designed by the brightest minds in network technology. The architecture is too complex to explain here, but it is important to convey that the computers storing your actual account information are not linked directly to the Internet.

  • Transactions initiated through the Internet are received by our online banking Web servers
  • These servers route your transaction through firewall servers
  • Firewall servers act as a traffic cop between segments of our online banking network used to store information, and the public Internet.

This configuration isolates the publicly accessible Web servers from data stored on our online banking servers and ensures only authorized requests are processed.

Various access control mechanisms, including intrusion detection and anti-virus, monitor for and protect our systems from potential malicious activity. Additionally, our online banking servers are fault-tolerant, and provide for uninterruptible access, even in the event of various types of failures.

Security Features

We provide a number of additional security features in online banking. For example, online banking will “timeout” after a specified period of inactivity. This prevents curious persons from continuing your online banking session if you left your PC unattended without logging out. You may set the timeout period in online banking’s User Options screen. We recommend that you always sign off (log out) when done banking online.

Enhanced MFA (EMFA)

LBBs enhanced multi-factor authentication solution conforms to the latest FFIEC authentication guidelines.  After successfully authenticating using a username and password, a one-time password (OTP) is sent to the user’s phone.  The user must then enter this OTP into the banking application to complete the login.  The user may receive this OTP via a voice call or text message.  EMFA reduces the risk of credential exposure due to phishing, keystroke loggers, Man-in-the-Middle, and brute force attacks.

Identity Theft Info

What is ‘Phishing’?

Phishing (FISH.ing) pp. Phishing is a high-tech scam that uses spam or pop-up messages to deceive you into disclosing your credit card numbers, bank account information, Social Security number, passwords, or other sensitive information. -phisher n.

Example Citations:
Phishing is the term coined by hackers who imitate legitimate companies in email messages to entice people to share passwords or credit-card numbers. Recent victims include Bank of America, Best Buy and eBay, where people were directed to Web pages that looked nearly identical to the companies’ sites.

What is ‘Spoofing’?

Pretending to be something it is not, whether an email, website, etc…

What is ‘Keylogger’?

A Keylogger is a  software program that records the keystrokes entered on the PC on which it is installed and transmits a record of those keystrokes to the person controlling the malware over the internet.  Keyloggers can be surreptitiously installed on a PC by simply visiting an infected website or by clicking on an infected website banner advertisement or email attachment.

For more information visit http://www.consumer.ftc.gov/

What is ‘Man-in-the-Middle’ (MIM)?

Man-in-the-Middle (MIM) or Man-in-the-Browser (MIB), a Hack, is where the fraudster inserts himself between the customer and the bank and hijacks the online session.  The fraudsters conceal their action by directing the customer to a fraudulent website that is the mirror image of banks website.

For more information visit https://www.fdic.gov/consumers/assistance/

 

 

For more tips on how to protect your identity and computer:

Protect your computer and your privacy