NorthStar Bank is pleased to
offer electronic banking services via the Internet. Delivering
these services requires a solid security framework that protects
you and our institution's data from outside intrusion. After
researching many different providers, ASB has chosen the Premier
E-Commerce product to deliver these services to you. The Premier
E-Commerce product ensures the best interface with Fiserv
Des Moines, our core processor. In turn, Fiserv has enlisted
the services of ISS (Internet Security Services) for communications
and firewall/security protection. ISS has provided secure
communications for many years and has earned the reputation
of a trusted vendor. Fiserv and ISS provide continuous monitoring
and auditing of all transactions originating from or outbound
to the Internet. We are committed to working with our service
bureau and communications providers to produce the safest
operating environment possible for our customers. The information
below summarizes our security framework, which incorporates
the latest proven technology. A section at the end also summarizes
your responsibilities as a user of the home banking system
with regard to security. There are several levels of security
within our security framework. User Level deals with cryptography
and Netscape¹s Secure Sockets Layer (SSL) protocol, and
is the first line of defense used by all customers accessing
our Banking Server from the public Internet. Server Level
focuses on firewalls, filtering routers, and our trusted operating
system. Host Level deals specifically with our home banking
and bill payment services, and the processing of secure financial
There are several components of User Level security that ensure
the confidentiality of information sent across the public
Internet. The first requires your use of a fully SSL-compliant
128 bit encrypted browser such as Netscape Navigator or Microsoft
Internet Explorer. SSL is an open protocol developed by Netscape
that allows a user¹s browser to establish a secure channel
for communicating with our Internet server. SSL utilizes highly
effective cryptography techniques between your browser and
our server to ensure that the information being passed is
authentic, cannot be deciphered, and has not been altered
en route. SSL also utilizes a digitally signed certificate
which ensures that you are truly communicating with the Online
Banking Server and not a third party trying to intercept the
After a secure connection has been established between your
browser and our server, you then provide a valid User ID and
Security Code to gain access to the services. This information
is encrypted, and a request to log on to the system is processed.
Although SSL utilizes proven cryptography techniques, it is
important to protect your User ID and Security Code from others.
You must follow the Security Code parameters we specify at
the time you sign up for an Online banking account. We also
recommend changing your Security code often. Session time-outs
and a limit on the number of logon attempts are examples of
other security measures in place to ensure that inappropriate
activity is prohibited at the User Level.
All transactions sent to our Banking Server must first pass
through a filtering router system. These filtering routers
automatically direct the request to the appropriate server
after ensuring the access type is through a secured browser
and nothing else. The routers verify the source and destination
of each network packet, and manage the authorization process
of letting packets through. The filtering routers also prohibit
all other types of Internet access methods at this point.
This process blocks all non-secured activity and defends against
inappropriate access to the server. The Banking Server is
protected using the latest firewall platform. This platform
defends against system intrusions and effectively isolates
all but approved customer financial requests. The platform
secures the hardware running the Online applications and prevents
associated attacks against all systems connected to the Banking
Server. The system is monitored 24 hours a day, seven days
a week for a wide range of anomalies to determine if attempts
are being made to breach our security framework.
Once authenticated, the customer is allowed to process authorized
home banking transactions using host data. In addition, communication
time-outs ensure that the request is received, processed,
and delivered within a given time frame. Any outside attempt
to delay or alter the process will fail. Further password
encryption techniques are implemented at the host level, as
well as additional security logging and another complete physical
security layer to protect the host information itself.
While our service provider continues to evaluate and implement
the latest improvements in Internet security technology, users
of the online banking system also have responsibility for
the security of their information and should always follow
the recommendations listed below:
- Utilize the latest 128 bit encryption version of either
Netscape Navigator or Microsoft Internet Explorer. The online
banking system is best viewed and is most secure when you
use one of these two browsers, as they are both certified
for use at our site.
- Your Security Code must be kept confidential. You must
follow our specific parameters for a Security Code and change
it frequently to ensure that the information cannot be guessed
or used by others.
- Be sure others are not watching you enter information
on the keyboard when using the system.
- Never leave your computer unattended while logged on to
the online banking system. Others may approach your computer
and gain access to your account information if you walk
- Click Exit when you are finished using the system to properly
end your session. Once a session has been ended, no further
transactions can be processed until you log on to the system
- Close your browser when you are finished, so that others
cannot view any account information displayed on your computer.
- Keep your computer free of viruses. Use virus protection
software to routinely check for a virus on your computer.
Never allow a virus to remain on your computer while accessing
the online banking system.
- Report all crimes to law enforcement officials immediately.
When you follow these simple security measures, your interaction
with the online banking system will be completely confidential.
We look forward to serving your online banking and bill
payment needs both today and into the future - securely.