Internet Security

Overview

The Internet is a rapidly changing marketplace with a wide variety of goods and services available online. Although financial institutions agree on the merits of Internet financial services, some consumers are concerned about security.

This online service is built on a foundation of stringent security policies, rigorously tested technologies, and a highly trained and experienced staff. Our combination of Internet expertise and in-depth knowledge and experience in the financial services industry provide a secure solution to consumer concerns. You may rest easy knowing that financial information will be protected with state-of-the-art security every step of the way.

 

Secure Systems – Technology, Policies & People

Secure systems are a combination of technology, policies, and people. Our system is designed with security as a dynamic feature of the product, not an afterthought or add-on. The result is an architecture that utilizes a multi-layered approach to information security, providing safeguards and privacy throughout the process.

This architecture offers client-server authentication, data integrity, complete transactional privacy, and above all, resistance to all forms of “hacking” attempts. Layered security means that, rather than relying on a single security measure, layers of technology are utilized within the security architecture to distance the potential “hacker” as far as possible from the core of sensitive information and resources.
 

Security Architecture – Multi-layered Approach

Every financial transaction uses multiple layers of security and every layer adds a different technology resulting in a trusted system that is monitored at all times. The four basic layers are:

  • Browser
  • Firewall
  • Internal Network
  • People

 

The Web Browser Layer

The first layer of online financial security is the 128-bit Secure Sockets Layer (SSL) encryption between your browser and the Web Servers. SSL is the industry standard that provides secure access to online financial services from anywhere on the Internet using any current Internet browser.

SSL provides a secure channel for data transmission over the Internet. It allows for the transfer of digital signatures to authenticate users and provides message integrity, ensuring that your data cannot be altered en route. Browsers can also display a certificate to the user about the source of a secure transmission. This assures Internet users that they are communicating with the financial institution’s service provider and not a third party trying to intercept the transaction on the Internet.

Encryption changes everything that travels across the Internet during your online session (including your Password, your bank statement, or instructions to pay a bill) into a string of unrecognizable numbers. Both our servers and the browser you use to surf the Web understand the mathematical formulas, called algorithms that turn your financial information into numeric code, and back again to meaninpbful information. These algorithms serve as the locks and keys of your account information. While the destination computer and your browser can easily translate this code back to meaninpbful language, this process is an overwhelming, almost impossible task for unauthorized intruders.

There are two types of encryption commonly in use – “domestic grade” or 128-bit encryption and “international-grade” or 40-bit encryption. The difference between these two types of encryption is strictly one of capability. 128-bit encryption is stronger than international-grade encryption. Using 128-bit encryption, means there are 300,000,000,000,000,000,000,000, 000 (a three followed by 26 zeros) times as many key combinations as there are for 40-bit encryption. That means a computer would require exponentially more processing power than for 40-bit encryption to find the correct key.

We require the use of 128-bit encryption for all financial transactions to provide the best security possible. In addition to browser encryption, there is server encryption for users who log in with a browser that has only 40-bit encryption. The server will accept the message and start a 128-bit encryption session from the server end. This ensures that all of your transactions have the strongest level of encryption.

To start a transaction, you enter an address in the browser to send a secure message that is encrypted by SSL to a server. The server responds by checking to see who you are (this is called authentication), comparing your encrypted User ID and Password against an encoded list, and starting the session encryption. If, for any reason, the secure session link is broken, the online session automatically terminates.
 

The Firewall Layer

An Internet firewall provides a point of defense. This is a controlled and audited access path to services from inside and outside the organization’s private network. The firewall provides a second layer of security, selectively permitting or blocking traffic between the Internet and the protected network. Specifically, the firewall shields the server from any unauthorized Internet traffic. Only messages addressed to the secure server can pass through the firewall – all other traffic from the Internet is rejected. To pass through this checkpoint, your browser must know the protocol to use – in other words, the language to speak – that will allow it to obtain authorized information, but only from designated systems. The firewall creates extensive logs of all network traffic, providing centralized auditing and security monitoring.

The platform chosen for our Web Servers and Firewalls is Microsoft Windows NT. We collaborate closely with software and hardware manufacturers as well as telecommunications and security experts to provide a solution that not only meets or exceeds our essential security requirements, but also has the scalability, reliability, and endurance required to address the changing needs of our users.

Windows NT Server is designed with a sound, integrated, and extensible security model. It has been certified at the C2 level by the U.S. government and the E3 level by the U.K. government. We are not alone in this choice. Many of the largest corporations and government agencies around the world are using Windows NT.

 

The Internal Network Layer

The third layer of security – the internal network systems – prevent unauthorized users from accessing any transaction data from the Internet by means of physical or logical access controls. Transaction processing systems are not physically connected to the Internet. TCP/IP – the Internet’s communications protocol – is not installed on the transaction processing system.

Once your transactions have been accepted by the server, they are carried over the proven secure network that financial institutions have been using for decades. The entire process from the financial institution to you is as secure as possible.
 

The People Layer

The fourth layer of security is people. Internet security does not rely on technology alone. Without everyone’s participation, all of the security systems and technology in the world are worthless. Users must treat the User ID and Password for online accounts with the same care as an ATM or Credit Card and PIN. In addition, users must make sure that no one is physically watching when you enter your Password. If you are logged in to the service, be sure to exit the browser when you the leave the computer unattended. You should also take standard precautions to keep your system clean and free from viruses that could be used to capture Password keystrokes and financial information.

We don’t view security as something that is set up once and left alone. Your online service provider constantly monitors the security system to be sure that your information is safe and secure. Any attempt to break into the system will be observed.

New advances in security technology are happening daily. As an active member of the Internet financial services community, we are continuously reviewing and enhancing security architecture to ensure that it provides the highest level of privacy and safety for you.

Where to Learn More about Internet Security and Electronic Commerce

The following is a website you can browse for additional information concerning Internet security:

Using RSA Public Key Cryptography - http://rsasecurity.com/

INTERNET BANKING SECURITY >>> PARTNERING WITH YOUR BANK

The Best Protection Against Online Banking Fraud and Identity Theft

Tips for Protecting Yourself and Your Business

Pioneer Bank Wants You to Be Protected

When you travel the Internet to access online banking, you want to be assured, first and foremost, that effective safeguards are in place to make your visit safe, secure and reliable. When you use online banking to visit our bank, whether it's to learn about rates, to review your accounts or to pay your bills, you are entering a secure area. At Pioneer Bank, protecting you and your personal information is our first priority. 

How We Protect You

To ensure the best protection possible, we use a layered approach to securing your account information. Layered security is the use of different security or access controls at different points throughout the transaction process. To further increase your safety, Pioneer Bank has recently added a number of security measures and industry-standard technologies to provide enhanced protection from fraud and identity theft. We are committed to consistently safeguarding your personal and financial information. You may rest easy knowing that your financial information is protected with state of the art security every step of the way. Our layered security approach includes a combination of the following measures, based on the nature of the transaction: 

  • Enhanced Authentication -We use multifactor authentication in conjunction with other security controls, including firewalls, password and PIN protection, and device identification, to provide a layered approach. 
  • Fraud Detection and Monitoring -Includes analysis and consideration of the customer's history and behavior and enables us to respond timely to detected anomalies.
  • Enhanced Transaction Verification -Techniques we use to verify a transaction during submission include:
    • Dual Control -Provide tools for validation of high risk transactions by more than one user on more than one device (e.g. separate initiation and authorization to process a wire transfer.)
    • Subsequent Verification -Reporting or notification to a designated authorizer to confirm a transaction.
    • Out of Band Validation -Validation by means other than that by which the transaction was originated. 
    • Payment limits -Use of payment controls such as transaction limits, transaction confirmation, payment velocity or payment threshold controls.
  • Encryption - We require full 128-bit encryption for online banking. Encryption is a process that transforms sensitive information into a string of unrecognizable characters before they are sent over the Internet and helps keep your information private between the Bank's computer system and your Internet browser.
  • Activity Blocking -We block activity from IP addresses with known or suspected fraudulent activities.
  • Automatic Timeout-To further protect you from fraud, your online banking sessions will automatically terminate if you are logged in for an extended period with no activity.
  • Privacy Policies and Training -We enforce strict privacy policies and procedures and train frequently to ensure our workforce is knowledgeable and proficient in protecting sensitive customer information. 

Partnering with your bank provides the most protection from online banking fraud and identity theft. While we employ the utmost in diligence to ensure your ongoing safety, the best defense against online account fraud and identity theft is a teamwork approach, where customer awareness and responsible use of online banking is the first line of defense.

How to Protect Yourself

  • Use strong passwords -Experts advise a combination of letters and numbers and advise against easily guessed passwords, such as names, birthdays, home addresses, etc. To protect your password, do not share it. Change your password frequently. Monitor your account- Monitor account activity regularly and notify us of any unauthorized transactions. (See below for a description of your rights under Regulation E.) 
  • Avoid fraudulent Web sites -To help ensure the Web site you have visited is authentic and secure, when conducting financial transactions online look for a lock icon on the browser's status bar or a Web site URL that begins "https:" (the "s" stands for secure).
  • Log off-Always sign off from the secured area when you are finished with online banking transactions. 
  • Use Anti-Spyware -Always maintain up to date antivirus software that detects and blocks spyware programs that can give criminals access to your computer. 
  • Be wary of e-mail -Most e-mail is unsecure. Do not share sensitive information via email. Always BEWARE of any email asking you to input or verify any banking or personal information, as they are likely to be fraudulent attempts to obtain your online banking credentials. Such attempts are frequently conducted by criminals in phishing and social engineering attacks. Fraudulently obtained user names and passwords are then used by the criminal to transfer money out of your account. 

How to Protect Your Business

Pioneer Bank uses the latest in online security tools to help protect your accounts. However, no one ·knows your business like you do. To best ensure your protection, we urge all of our business online banking customers to periodically assess your own level of risk, and evaluate the controls in operation at your place of business, to further protect you against online banking fraud. Corporate Account Takeover is the most common online fraud perpetrated against businesses. Continue reading for a description of how it works and some tips on how to avoid becoming a victim. 

Corporate Account Takeover- One of the biggest threats to a business account holder is called "Corporate Account Takeover," whereby the fraudster gains access to the business's online banking accounts and quickly transfers the money into their own account. Here's how it works. 

  • Target the Victim -The fraudster targets an employee of the company, often a senior executive, using any number of techniques designed to either directly gather the login information or infect the computer with malware that can obtain it. These techniques include but are not limited to phishing, attachments or links to Web sites infected with malware, fake friend requests on social networking sites and more. 
  • Install Malware -The next step is to install the malware onto the victim's computer. This malware often contains the ability to transmit what key strokes are taken and even screenshots of what the victim is looking at. The Zeus Trojan is an example of one of the more prevalent pieces of malware on the Internet that targets online banking customers. 
  • Gather Information -When the victim logs into online banking the malware transmits the login information to the fraudster. 
  • Initiate the Takeover - Once the login information is transmitted to the fraudster, they can use it to log in and transfer money out of the accounts, while appearing to be a legitimate user.

Help protect your business with the following tips:

  • Educate yourself and your employees about this type of scheme.
  • Don't respond to or open attachments or click on links in unsolicited emails. If it appears to be from a trusted source {e.g. bank, IRS, Better Business Bureau, UPS, etc.) contact the source directly through other means to verify authenticity.
  • Be wary of pop-up messages claiming your machine is infected and offering to fix the problem. These are often vehicles to install malware.
  • Use and install spam filters.
  • Install and maintain anti-virus, anti-spyware, anti-malware and firewalls. Set them to update automatically.
  • Be sure to install all security updates for your operating systems and other applications.
  • Monitor your accounts every day and report any suspicious activity to your bank and law enforcement. 
  • If possible, use a dedicated computer for online banking. 
  • Always shred confidential information prior to disposal. 

Consumer Protection Under Regulation E

Banks follow specific rules issued by the Federal Reserve Board for electronic transactions. Known as Reg. E, the rules cover various situations revolving around transactions made electronically, including Internet banking transactions. With the protections provided under Reg. E, consumers can recover Internet banking losses according to how soon they are reported. These protections are extended to consumers on consumer accounts and do not generally apply to business accounts. Please contact us for a copy of our disclosures describing your rights under Regulation E. 

If You Detect Fraudulent or Suspicious Activity 


If you believe your online banking credentials have been compromised, or your identity has been stolen it's critical that you report it without delay. Any incidents of fraud or suspected fraud should be immediately reported to the Bank's Security Officer. Pioneer Bank will not contact you via e-mail or any other means to obtain or verify your online banking credentials {user name/password), or any other personal financial data. If you receive an unscheduled or unsolicited email or phone call requesting personal financial data, and claiming to be from Pioneer Bank, do not respond. Please report any such activity to us immediately at the following number: Pioneer Bank, Ellen Fogarty, BSA and Security Officer, 518.730.3000

Other Helpful Resources 
FDIC Consumer Fraud Resources: www.fdic.gov/consumers/theft/index.html 
Credit Reporting Agencies: 
Equifax Credit Information Services, Inc. -www.equifax.com 
Experian Information Solutions, Inc. -www.experian.com 
Trans Union -www.transunion.com 

Federal Trade Commission (FTC): 
The FTC maintains the Identity Theft Data Clearinghouse, the federal governments centralized identity theft complaint database, and provides information to victims. www.consumer.gov/idtheft 

Other Agencies: 
Postal Inspection Service -www.usps.com 
Department of Motor Vehicles -www.dmv.org 

Social Security Fraud Hotline: 800.269.0271