logo SBSU Online Banking Security

This Online Banking System brings together a combination of industry-approved security technologies to protect data for the bank and for you, our customer. It features password-controlled system entry, a Digital ID issued by a trusted Certificate Authority for the bank's server, Secure Sockets Layer (SSL) protocol for data encryption, and a firewall to regulate the inflow and outflow of server traffic.

Using the following technologies, your Online banking transactions are secure.

logo Secure Access and Verifying User Authenticity

To begin a session with the bank's server the user must key in a Log-in ID and a password. Our system, the Online Banking System, uses a "3 strikes and you're out" lock-out mechanism to deter users from repeated login attempts. After three unsuccessful login attempts, the system locks the user out, requiring either a designated wait period or a phone call to the bank to verify the password before re-entry into the system. Upon successful login, the Digital ID from VeriSign, the experts in digital identification certificates, authenticates the user's identity and establishes a secure session with that visitor.

logo TWO FACTOR AUTHENTICATION

Our Online Banking security is one that requires more than just a user name and password to gain access, which is a one-factor system. The new system uses two factors.

The first factor is one of recognition. Have we seen your computer before? If not, the user is presented a challenge question in order to proceed. Several challenge questions are setup as part of the first-time login process.

The second factor is one of familiarity. Does the user recognize something unique about us? In order to answer that question we require the user to select a picture and type a brief phrase. Both appear each time the user logs into our Online Banking System.

Pay attention to what you see. You play the most important role in security. If you don't see the correct picture or the passphrase is wrong, chances are you are being phished and have landed at a spoofed web site.

Call us at (435)865-2394 if you think something is wrong before divulging any personal or banking information. Whatever you do, do NOT provide your Debit Card number and PIN as an attempt to "To confirm your identity" regardless of the site you are on. Bank cards are useless for proving identity, but are valuable to thieves who want to drain your account from a foreign ATM.

logo Secure Data Transfer

Once the server session is established, the user and the server are in a secured environment. Because the server has been certified as a secure server by a trusted Certificate Authority, data traveling between the user and the server is encrypted with Secure Sockets Layer (SSL) protocol. With SSL, data that travels between the bank and customer is encrypted and can only be decrypted with the public and private key pair. In short, the bank's server issues a public key to the end user's browser and creates a temporary private key. These two keys are the only combination possible for that session. When the session is complete, the keys expire and the whole process starts over when a new end user makes a server session.

logo Router and Firewall

Requests must filter through a router and firewall before they are permitted to reach the server. A router, a piece of hardware, works in conjunction with the firewall, a piece of software, to block and direct traffic coming to the server. The configuration begins by disallowing ALL traffic and then opens holes only when necessary to process acceptable data requests, such as retrieving Web pages or sending customer requests to the bank.

logo Extra Security Measures

Online banking is safe.  It allows you to view your account activity regularly and discover any errors before your monthly statement arrives.   Moreover, it allows you to transfer money or pay bills from the convenience of your own home.  

Truncated Account Number Display: One change you will immediately notice is that we have hidden all but the last four digits of your account numbers.  This oft-requested change will shield your account information from shoulder-surfers or others.

Password Assistance: Reset your own password anytime, day or night.  We’ll E-mail a new one to the address we have on file after you correctly answer one of your challenge questions. 

Multi-Factor Authentication to keep you Safe:  

  • Always look for the unique image and phrase that you previously selected.  It will appear after entering your login-ID but before entering your password.  They are there to tell you that you have reached our official website, not some fake.  If you don’t see the image and phrase, contact us immediately at (435)865-2394.
  • Challenge questions:  We’ll ask a challenge question whenever you sign in from a computer that we don’t recognize.

logo Safety and Balance Alerts

You may setup alerts to notify you by E-mail whenever certain events occur, such as the following:

  • Account balance alerts
  • Address change
  • Password change or resets
  • Unsuccessful login attempts

Moreover, if you use bill pay, an alert is sent to the E-mail address on file whenever a payee is added or changed, or if the E-mail address is changed.

logo Safe and Secure Best Practices

Online banking is safe and secure if you follow simple precautionary measures:

  • Do not allow your browser to save password information.
  • Always use a browser with 128-bit encryption.
  • Memorize your password. Do not write it down.
  • Exit Online Banking when finished. Do not leave a computer with a live session in process.
VeriSignVeriSign's Digital ID certificate protects your online transactions. Click logo to the left to learn more about VeriSign.

logo SYSTEM REQUIREMENTS

Your browser must have 128-bit encryption to connect to our interactive Online Banking System.

All current browsers have at least 128-bit encryption. Only older versions of browsers run the risk of having inadequate security. Update your browser to the most current version. Choose from any of the browsers below.