e-Branch Security

Security and confidentiality are critical components of a financial institution’s online banking system. Public Employees Credit Union understands the security and privacy issues and concerns involved in an online banking environment. PECU is committed to provide safe and secure measures to protect PECU members account information and financial transactions being transported to and from their personal computers over the Internet.

Three key components incorporated in PECU e-Branch to provide safe and secure financial transactions over the Internet are Secure Sockets Layer (SSL), computer/browser registration, and the firewall. All three components will be discussed in more detail to further educate yourself about your online banking system and maintain confidence when conducting transactions and inquiries.

Your PECU Temporary Access Code (TAC) is a security element that protects your account from unauthorized users. The TAC is used to electronically register a user’s computer and link the registration to the user’s Login ID and password, effectively restricting unauthorized access from any unregistered computer. When you first log into your account, enter the login ID you were assigned and select the box indicating you are a first time user. You will be directed to a page displaying the secure contact information we have on file for your account. You may select from one of three delivery options to receive your TAC; by Phone, SMS (Text) Messaging, or E-mail. Select one contact from the list that you can immediately access and our system will deliver you a TAC within minutes. Enter the TAC you receive on the following page. Depending on your account status, you may have the ability to choose whether or not you want to 1) activate your computer to avoid this registration process in the future or 2) take one-time access to your accounts. If you are on a public computer, you should always choose one-time access so the system does not register the public computer.

Once you have successfully entered your TAC, you will be directed to create and confirm your new password that will be used in combination with your login ID on future logins. You will be required to register each computer that you are using to access online banking, and to re-register the computer each time your browser cache is cleared. If each of the contact options we have on file is inaccurate or out-of-date, or if you are completely locked out, you cannot proceed any further. Please contact us to provide updated information or to unlock your account by calling 512-474-1955 or by coming into any of our branch locations.

During a login, you have five attempts at entering your password. After five unsuccessful attempts your account will be frozen. If you have forgotten your password but have not been locked out, select the box labeled “Forgot Password?” upon login to e-banking. When you are required to securely register your computer or you forget your password and request a new, temporary password, our system will present you with your provided Secure Delivery contact information again.

This security verification measure is enforced and is effective if an unauthorized user or an impostor is attempting deceit by impersonating the primary member to access the account.

Secure Sockets Layer (SSL)

A protocol known as Secure Sockets Layer (SSL) is a component of PECU e-Branch that provides secure financial transactions, protecting information by preventing other computers along the route of the transmissions from eavesdropping by encrypting all data being transmitted between your computer and PECU e-Branch. Data encryption means to convert computer data to an encoded, unreadable format by means of a key and can only be decoded and re-converted to a readable format by an authorized recipient holding the matching key. In a SSL environment, all communication between PECU e-Branch and member’s personal computers with SSL-enabled browsers are private and authenticated.

Intermediate computers would see each packet of information as a meaningless jumble of bytes. The sending end encrypts, or encodes the data with one key before it is transmitted. The receiving end decrypts, or decodes the data with another key. The two-key cryptography scheme was developed by a team of mathematicians at MIT and is currently patented by RSA Data Security, Inc.

PECU members who live in the United States can use browsers that support 128-bit keys. Cracking a 128-bit key would involve trying all 2128 combinations, which would require eons.

PECU members who live abroad are currently restricted by the U.S. government to using browsers that support 40-bit keys. Cracking a 40-bit key would involve trying all 240 combinations, which are over one trillion combinations. A 40-bit key is less secure than a 128-bit key, but does provide an adequate level of security for member financial services.

In other words, it might be worth a hacker’s effort to try to crack a 40-bit key if the data were related to national security, but it would really not be worth their effort to attempt to crack a 40-bit key for one person’s account number. Again, PECU members who live in the United States can enjoy the benefit of military-grade security.

Important . . . your browser must be Secure Sockets Layer 3.0 (SSL 3.0) compatible. PECU e-Branch now supports Microsoft Internet Explorer version 6.0 or higher and Netscape Navigator version 7.0 or higher satisfying the SSL 3.0 requirement. Older versions of these browsers and other browsers may function but are not supported by PECU e-Branch.

Firewall

PECU installed another component called a firewall to safeguard the credit union and it’s members. The firewall is the most critical element in the electronic security package. The firewall offers protection to PECU’s network and electronic traffic conducted over the Internet and permitting or denying the request or access based on PECU policy.

All traffic coming into PECU from the Internet must pass through the firewall before it can reach PECU e-Branch web server. The firewall prevents any Internet user coming into PECU e-Branch web server from getting beyond the web server into PECU internal network, protecting members’ accounts from unauthorized intrusions. Outside users with intent to “hack” or illegally access PECU’s internal network will be denied because the firewall, acting as buffer to verify the source and destination, recognizes the computers as being unauthorized.

Note: Segments of this document were inserted and referenced from Symitar Systems, Inc. Q2 Software, Inc. Online Help.