We provide this information to educate you on ways that Stafford Savings Bank ensures the security of your account data and log in information when using online banking solutions.
We use debit card fraud detection and monitoring systems to spot inconsistencies.
We use enhanced multi-factor authentication for logging into online banking solutions.
Limits are set for repeated failed login attempts and incorrect Username and Password entries to help prevent unauthorized access to your Stafford Savings Bank accounts.
We need you. Remember, you play a crucial role in preventing unauthorized access to your online banking:
- Never use customer IDs or passwords that are easy to guess, such as:
- Names, addresses, and phone numbers
- Birth dates, social security numbers, etc.
- Never reveal your customer ID and password to anyone
- Do not write your customer ID and password down
- Do not let others watch you enter your customer ID and password
- Always use the log off button instead of just closing the browser
- When using a public computer, be aware that viruses and programs exist that read keystrokes and could compromise your online banking
- Always use Firewall and Anti-Virus protection. Scan for viruses frequently and install System patches as they are made available.
We recommend that you change your password periodically by using the appropriate function in your online banking.
Your cooperation helps maximize the effectiveness of our security measures. Safford Savings Bank employs the latest technology to protect your financial information online, but when you take steps to protect your information and take ownership of your online safety, your security is strengthened.
Information Collected on the Internet
It is the policy of Stafford Savings Bank to comply with The Children's Online Privacy Protection Act (COPPA). Stafford Savings Bank does not knowingly market to or solicit information from children under 13.
Stafford Savings Bank may also collect non-personal information about you or your online activities whenever you visit our web site. We may use standard software to collect non-identifying information about our visitors, such as:
- Date and time our site was accessed
- IP address
- Web browser used
- City, state, and country
Verifying User Authenticity
To begin a session with the bank’s server the user must key in a Username. The user will then be required to accept a telephone call or text message from us to authenticate the log in. This process is called Out of Band authentication (OOB). The user that is prompted to receive a call must enter a one-time security code into the phone which is displayed on the online banking device screen. The user that receives a text message security code must then enter the code on the online banking screen. Once verified, the user may enter the correct password at which time access is granted. The Out of Band authentication process may apply from time to time and on any new device that is used to access accounts.
Privacy and Security
- Your browser establishes a secure session with our server using a protocol called Extended Validation Secure Sockets Layer (EV SSL) Encryption. The certificate provides the strongest cryptography and a visual confirmation by changing the URL address bar to green.
- This protocol requires the exchange of what are called public and private keys. Keys are random numbers chosen for that session and are only known between your Internet browser and our online banking server.
- After the keys are exchanged, your browser will use the numbers to scramble (encrypt) the data sent between your browser and our server. Both sides require the keys because the data needs to be de-scrambled (unencrypted) when it is received.
The EV SSL protocol not only ensures privacy, but also ensures that no other browser can "impersonate" your browser, nor alter any of the data that is transmitted. You can tell whether your browser is in secure mode by looking for a lock symbol.
Router and Firewall
Requests must filter through a router and firewall before they are permitted to reach the server. An additional level of security is achieved through the use of proxy-based firewalls which route only authorized traffic such as your log in attempt and requests for account data to our online banking servers. These firewalls isolate your account data from the outside world and protect it from all unauthorized traffic.