Powerful Safeguards In Place

One of the most important updates with our new OlyFed Digital Banking platform is an upgrade to our login security protocols for online and mobile banking. A key part of this upgrade is the use of a randomly generated six-digit Secure Access Code (SAC) instead of pre-determined security questions. An SAC is sent to a customer the first time they use a new device to log into our digital banking platform in order to configure that specific device to their Digital Banking profile. You’ve most likely experiences a similar process in use with other technology providers like Apple and Google.

In today’s world, security professionals have come to a consensus that the most effective form of user identification and verification comes with two-factor authentication (2FA), which requires two different types of certification to prove your identity. The most common form of 2FA is with “something you know” and “something you have”. Think of 2FA in terms how of your ATM card. In order to withdraw cash from an ATM, you need to have your card (“something you have”) and it requires a PIN number (“something you know”). Just having one of the two items won’t get you anywhere at the ATM; you must have both.

With our Digital Banking system, we are requiring 2FA for “unregistered devices/browsers”. This means devices and browsers you haven’t used to log into your account before will require a second form of authentication to prove your identity in order to register a new device/browser. The second factor authentication used here is the 6-digit code sent to you via SMS/text, email or voice call. All of these are the “something you have” to complete the second half of the 2FA process.

Once the server session is established, the user and the server are in a secured environment. Because we are using using a 256 bit server utilizing Secure Sockets Layer (SSL) protocol, communication between the user and the server is encrypted therefore data traveling between the bank and customer is secure.

In short, utilizing the industry standard for technology as described above, the bank’s server issues a public key to the end user’s browser and creates a temporary private key. These two keys are the only combination possible for that session. When the session is complete, the keys expire and the whole process starts over when a new end user makes a server session.

Requests must filter through a router and firewall before they are permitted to reach the server. A router, a piece of hardware, works in conjunction with the firewall, a piece of software, to block and direct traffic coming to the server. The configuration begins by disallowing ALL traffic and then opens holes only when necessary to process acceptable data requests, such as retrieving web pages or sending customer requests to the bank.

We restrict access to nonpublic personal information about you to those employees who need to know that information to provide products or services to you. We maintain physical, electronic, and procedural safeguards that comply with federal standards to guard your nonpublic personal information.

Please see the Federal Financial Institutions Examination Council’s (FFIEC) IT Examination Handbook for more details on the standards OlyFed maintains to protect your identity and your personal financial information.