At First National Bank USA
we take security very seriously. We have taken every precaution necessary to be
sure your information is transmitted safely and securely. The latest methods in
Internet system security are used to increase and monitor the integrity and
security of our system.
To develop a sound
architecture, First National Bank USA has incorporated the capabilities of
firewalls, control capabilities of routers, operating system level controls,
application level controls, report consolidation methods, and security
monitoring devices such as Intrusion detection systems and scanners. In this
architecture, every piece is layering on the capabilities of the other to create
overlapping controls and fail-over. What this means to you is that if a single
layer of security is broken, other layers of security are there. This is
referred to as "security in-depth".
Data security between the
customer browser and our Web server is handled through a security protocol
called Secure Sockets Layer (SSL). SSL provides data encryption, server
authentication, and message integrity for an Internet connection. In addition,
SSL provides a security "handshake" that is used to initiate the
connection. This handshake results in the client and server agreeing on the
level of security they will use and fulfills any authentication requirements for
the connection. Currently First National Bank USA's online banking application
supports data encryption at the highest level (128 bit). In order to get this
level of encryption, you will need a browser that supports it. Both versions 3
and 4 of the most popular browsers support 40-bit encryption as a default,
although you can upgrade your security level very easily. For those clients that
are using Internet Explorer, the upgrade process is fairly simple. By simply
clicking on Help and About Internet Explorer after bringing up the browser, you
will notice a Cipher Strength. This will tell you the security level, and give
you an opportunity to upgrade via the hyperlink to Upgrade Information.
For those of your clients
using Netscape, there is a similar process. By clicking on Help and Software
Upgrades after bringing up the browser, you will be taken to a SMART upgrades
screen from which you can download the updated version of 128-bit encryption
All other browsers will
probably need to go to their software company's home page, where many times the
upgrades are available for download.
When accessing our Internet
Banking site, you will be forwarded to a Web page with a URL address that starts
with https://. This will cause your browser's HTTPS layer to start an encrypted
session using SSL. You will then receive a login screen. Since the encrypted
session has already been started, your user name and password are safe and
secure. The data traveling between the user and the server is encrypted and can
only be decrypted with the public and private key pair. These two keys are the
only combination possible for that session. When the session is complete, the
encryption keys expire and the whole process starts over when a new session is
Our network intrusion
detection system is running 24 hours a day, 7 days a week. The network intrusion
detection engine sits on the same network as the Internet Banking site and
monitors all traffic on that segment. The engine is looking for attack
signatures - watching for evidence that an attempted intrusion is taking place.
When the engine detects unauthorized activity, it responds immediately by
terminating the connection, sending an alert to specially trained staff and
recording the session. This allows security architecture to automatically
monitor network traffic, detect and respond to suspicious activity, and
intercept and respond to network abuse before systems are compromised.
Internet security does not
rely on technology alone. Without everyone's participation, all the security
systems and technology in the world are worthless. You must treat your User ID
and password with the same care as an ATM or credit card and PIN. In addition,
you must make sure that no one is physically watching when you enter your
password. If you are logged in to the service, be sure to log off of the service
and exist the browser when you leave the computer unattended. You should also
take standard precautions to keep you system clean and free from viruses that
could be used to capture password keystrokes and financial information.
If you should have
additional questions regarding the security of our Internet site, please contact
us at (985) 785-8411.
Copyright 2008 © First National Bank USA. All rights reserved.
Designed and Hosted by Complete Network Management, Inc.