MSB Online Security

• Privacy and Security
• Authorization
• Security Pledge
• Security 101

When Monson Savings Bank customers use our Online Banking, ensuring they have a safe and secure online banking environment is our number one priority. We provide the information here to educate you on ways that Monson Savings ensures the security of your account data and log in information.

Privacy and Security

The privacy and security of the communications between you (your computer's internet browser) and our servers is ensured using cryptography. Cryptography scrambles data exchanged between your browser and our online banking server. Encryption happens as follows:

• When you go to the sign-on page for online banking, your browser establishes a secure session with our server. This secure session is established using a protocol call Secure Sockets Layer (SSL) Encryption.
• This protocol requires the exchange of what are called public and private keys. Keys are random numbers chosen for that session and are only know between your internet browser and our online banking server.
• After the keys are exchanged, your browser will use the numbers to scramble (encrypt) the data sent between your browser and our server. Both sides require the keys because the data needs to be de-scrambled (unencrypted) when it is received.

The SSL protocol not only ensures privacy, but also ensures that no other browser can "impersonate" your browser, nor alter any of the data that is transmitted. You can tell whether your browser is in secure mode by looking for a lock symbol at the bottom of your browser window.

The numbers used as encryption keys are similar to combination locks. The strength of encryption is based on the number of possible combinations that a lock can have. As the number of possible combinations increases, it becomes less likely that anyone or any other computer would be able to match the combination in order to decrypt the message. Internet browsers offer 40-bit or 128 bit encryption. Both result in a large number of combinations, 2 to the 40th and 2 to the 128th power. Our online banking servers require the use of 128-bit encryption to ensure the highest level of security for your data.

An additional level of security is achieved through the use of proxy-based firewalls which route only authorized traffic, your log in attempt and requests for account data, to our online banking servers. These firewalls isolate your account data from the outside world and protect it from all unauthorized traffic.

Authorization

One of the most important security aspects of online banking is ensuring only authorized users log into online banking. We do this by requiring each user to create their own customer ID and password. When you submit your information to log in, it is compared to the data we have in our secure online banking server and either grant or deny you access to your account information. After a number of unsuccessful log in attempts, your account access becomes "locked" and can not be accessed again until you call us to reinitialize your account. We monitor bad log in attempts to prevent some one from trying to guess your customer ID and password.

Remember, you play a crucial roll in preventing unauthorized access to your online banking:

• Never use customer IDs or passwords that are easy to guess, ie.:
  • Names, addresses, and phone numbers
  • Birth dates, social security numbers, etc.
• Never reveal your customer ID and password to any one
• Do not write your customer ID and password down
• Do not let others watch you enter your customer ID and password
• Always use the log off button instead of just closing the browser
• When using a public computer, be aware that viruses and programs exist that read keystrokes and could compromise your online security

We recommend that you change your customer ID and password periodically by using the appropriate function in the User Options of your online banking.

Security Pledge

Monson Savings Bank stands behind the security of our Online Banking product and that is why we offer you this pledge:

You will not be held liable for any funds improperly removed from your account as a result of online theft of your customer ID and password. This especially includes any loss due to the security features of Monson Savings Bank's Online Banking being compromised.

You are, of course, responsible for keeping your customer ID and password, and any other personal financial information confidential. Monson Savings Bank is not responsible for losses incurred due to the misuse of this confidential information. If you have additional security questions or need to contact us about stolen information or fraudulent activity, please call 413-267-1204.

Security 101

More and more we see, read or hear about individuals being taken advantage of by Internet fraud and Monson Savings Bank realizes the importance of having a well-informed public on this issue. In an attempt to educate our customers' and the general public, Monson Savings Bank is proud to introduce Online Security 101.

Online Security 101 is designed to keep our customers, as well as the general public, informed on the Internet fraud scams that are taking place, and to also help educate people on the importance of online security, as well as what to look out for when releasing personal information over the internet.

Our goal at Monson Savings Bank is to provide a safe, secure and efficient product for our customers, and we find that it is vital for our consumers to be aware of what is out there.

Here is some important literature to help educate you on our Fraud Policy, Identity Theft and Phishing Scams. These brochures require Acrobat to View them. Click here to download acrobat if you do not already have it.

• Consumer Fraud Notice
• Identity Theft
• Phishing

Lesson 1 "Phishing" (additional reading)

"Phishing," (pronounced "fishing") is becoming a more widely used form of online fraud. It involves the use of what seems to be legitimate e-mail messages and Internet Web sites in an attempt to deceive consumers into providing their personal information. The main purpose of the phishing scam is to obtain personal information such as Social Security numbers, Credit or Debit card numbers, Bank Account and Routing numbers, Personal Identification Numbers (PIN) and even the passwords and ids consumers use to log into any account they have online.

Most e-mail phishing schemes are preformed by requesting the recipient of the e-mail to either "update" or "validate" their financial or personal information in order to maintain their accounts; this in turn directs the person to a fraudulent site that will look like a legitimate online business Web site. In order to further deceive the consumer into believing the e-mail was from a legitimate business the recipient has a relationship with, the perpetrator will use what might appear to be valid bank logos, Web links and various graphics. Once at the "fake" Web site, you will be prompted to enter your personal information into required fields. Any information disclosed on these sites will grant the perpetrator access to whatever information you may have. Whether it is bank accounts or credit card numbers, the perpetrator will have found out your user id, password, account number, credit or debit card number and even your social security number.

Please be assured however, under NO circumstances will Monson Savings Bank ask you to verify your information online. We know who you are. If you have any concerns about an e-mail that you think came from Monson Savings Bank, please call us to verify it.

Click on the link to view an example of a legitimate web site:

Click on the link to view an example of a schemers web site:

If you have additional security questions or need to contact us about stolen information or fraudulent activity, please call 413-267-1204.