Online Banking Safety Tips – How We Protect You
At Infinity Bank, protecting the privacy and confidentiality of our clients’ information is a priority. Our privacy policy extends to online banking and we are committed to ensuring measures are in place to mitigate the potential of having your confidential information compromised while visiting our website.
Here are some of the steps we take to protect your information:
- Our employees, along with the tools that enable them to do their jobs, are our strongest assets in the fight against cyber attackers. We train and test that our employees understand policy, regulations, and security. We periodically evaluate the preparedness of our employees through simulations of cyber-attack.
- Our internal examiners perform audits and evaluations of our internal control environment.
- We’ll always send alerts for critical changes to your account, including changes to your address, email, phone number, Personal ID, passcodes, PINs and other verification credentials.
{beginAccordion}
Links to Other Websites
We are not responsible for practices employed by websites of other companies linked to our website, nor the information or content contained therein. We cannot, and do not, make any representations about the security, practices and policies of these companies, and are not responsible in any way for how these companies use cookies or any information you provide to them. This remains true even where the linked site appears within the parameters or window/frame of our website. Often, links to other websites are provided solely as pointers to information on topics that may be useful to users of our site. Please remember that when you use a link to go from our website to another website, our Privacy Policy is no longer in effect. Your interaction on any other website, including websites which have a link to our site, is subject to that website's own rules and policies. Please read those rules and policies before proceeding.
Protecting Children’s Privacy Online
From our websites, we do not knowingly collect or use personal information from children under 13 without obtaining verifiable consent from their parents. However, we are not responsible for data collection and use practices from nonaffiliated third parties to which our website may link.
For more information about the Children’s Online Privacy Protection Act (COPPA), please visit the FTC website at fcc.gov/consumers/guides/childrens-internet-protection-act .
Privacy & Security with Online Access - How We Protect You
At Infinity Bank, protecting the privacy and confidentiality of our clients’ information is a priority. Our privacy policy extends to online access and we are committed to ensuring that measures are in place to mitigate the potential of having your confidential information compromised while visiting our website.
Here are some of the steps we take to protect your information:
- Our employees, along with the tools that enable them to do their jobs, are our strongest assets in the fight against cyber attackers. We train and test that our employees understand policy, regulations, and security. We periodically evaluate the preparedness of our employees through simulations of cyber-attack.
- Our internal examiners perform audits and evaluations of our internal control environment.
- We will never send you e-mails requesting your personal or account information.
Security Procedures
We want you to use our website with confidence, knowing that the information you submit to us is secure. The encryption strength varies depending on the browser you are using; however, most current browsers offer 128-bit encryption. Additionally, many browsers display a secured lock symbol in the URL to indicate a secure connection.
The presence of a "closed lock" icon in your browser indicates encryption is being used on the webpage you are viewing. In addition, an internet address that begins with "https://..." indicates the page you are viewing uses encryption. The "s" stands for "secured."
Emails that you may send to us outside our online banking service may not be secure unless we advise you that security measures will be in place prior to your transmitting the information. For that reason, we ask that you do not send confidential information such as social security or account numbers to us through an unsecured email. We provide a secured email option on our “Contact Us” page, which can be utilized for encrypting and securing email messages.
Our system performs various layers of validation to guard against any tampering during communication. Validation layers include cross-site scripting, cross-site request forgery, and business layer validation to ensure relationships exist between accounts and customers.
We have implemented multifactor and multilayer authentication, in addition to online banking user security, which requires multiple pieces of information to validate identity while ensuring compliance with regulatory requirements and FFIEC recommendations.
- Multifactor authentication automatically monitors accounts for unusual activity based on account history and requires customers to verify their identity by providing a “one-time passcode” that is delivered to a registered device. The authentication is based on two factors -- something you know (a password or PIN) and something you have (an authenticator).
- Multilayer authentication is a technique in which the identity of an individual or system is verified by more than one authentication process. It provides multiple levels of authentication, depending on the underlying transaction, system or operational environment.
We offer multi-layered security with a range of authentication types:
- Bank home page login
- Single sign-on from a trusted source
- Password. Stored user passwords are encrypted using a one-way hash algorithm with a per-user salt.
- Advanced Login Authentication (ALA) is implemented as a separate component. Business online banking receives a RSA SecurID token once the user has successfully authenticated (including any required Out-ofBand requirements). Token solutions for business online banking provide hacker-resistant multi-factor authentication protection for online funds movement transactions or if requested, at the initial login as added layer of security.
Each user is profiled and paired with the device that they are using. Out-of-Band confirmation is required if future profile\user\device combinations have sufficiently changed. Options for Out-Of-Band are:
- Text message (code is sent to the device)
- Phone voice (code is displayed by ALA and entered in the phone)
Ongoing Monitoring
We have additional security measures that may be activated in response to unusual online activity. If your online behavior looks out of the ordinary from your usual activities, we may restrict account access or prevent certain types of transactions. These measures help safeguard your personal and account information. Contact our Treasury Management Services team for assistance.
Information Collection
Various tools are provided on our website to help clients and potential clients learn about the products and services we offer. When browsing our website, we do not collect, capture or retain your personal information. We use website browser software tools such as cookies and web server logs to gather information about the usage of our website to constantly improve our site and better serve our clients. We also use website log files and IP addresses to analyze trends, administer the website, track user movements and gather broad demographic information for aggregate use. IP addresses are not linked to personally identifiable information.
{endAccordion}