Home › Security

BankDirect Online BankingBankDirect delivers secure real-time consumer Internet banking with a wide range of powerful features and functions to satisfy your online transaction requirements.

• Secure Transactions. Operating from a ICSA-certified (TruSecure) data center, BankDirect's Online Banking System allows users to transfer funds, verify balances, pay bills, and more.
• Money Management. Users download account information directly into popular money management software.
• Financial Mobility. 24 hour access via 128 bit encryption-supported browsers.

BankDirect operates in accordance with all the rules and regulations of banking and bank security as set forth by the Federal Deposit Insurance Corporation (FDIC) and The Office of the Comptroller of the Currency (OCC).

There are several levels of security within our security framework. User Level deals with cryptography and Secure Sockets Layer (SSL) protocol, and is the first line of defense used by all customers accessing our Banking Server from the public Internet. Server Level focuses on firewalls, filtering routers, and our trusted operating system. Host Level deals specifically with our online banking and bill payment services, and the processing of secure financial transactions.

User Level There are several components of User Level security that ensure the confidentiality of information sent across the public Internet. The first requires your use of a fully SSL-compliant browser such as Netscape Navigator or Microsoft Internet Explorer. SSL is an open protocol developed by Netscape that allows a user's browser to establish a secure channel for communicating with our Internet server. SSL utilizes highly effective cryptography techniques between your browser and our server to ensure that the information being passed is authentic, cannot be deciphered, and has not been altered en route. SSL also utilizes a digitally signed certificate which ensures that you are truly communicating with the Online Banking Server and not a third party trying to intercept the transaction.

After a secure connection has been established between your browser and our server, you then provide a valid Access ID and Password to gain access to the services. This information is encrypted, and a request to log on to the system is processed. Although SSL utilizes proven cryptography techniques, it is important to protect your Access ID and Password from others. We recommend using a full 8-digit Password and changing it often. Session time-outs, a limit on the number of logon attempts, and special browser caching techniques are examples of other security measures in place to ensure that inappropriate activity is prohibited at the User Level.

Server Level All transactions sent to our Banking Server must first pass through a filtering router system. These filtering routers automatically direct the request to the appropriate server after ensuring the access type is through a secured browser and nothing else. The routers verify the source and destination of each network packet, and manage the authorization process of letting packets through. The filtering routers also prohibit all other types of Internet access methods at this point. This process blocks all non-secured activity and defends against inappropriate access to the server.

The Banking Server is protected using the latest firewall platform. This platform defends against system intrusions and effectively isolates all but approved customer financial requests. The platform secures the hardware running the Online Banking applications and prevents associated attacks against all systems connected to the Banking Server.

Administration of the platform cannot occur remotely and must be initiated by authorized personnel in direct physical contact with the master console. Thus, a level of physical security has been implemented that rivals some of the most secure government facilities. Additional measures to ensure the security of information involve the separation of server applications from host data. This means that information of value does not physically reside on the Banking Server. Logging of security information occurs at all times and there is always a backup of the information logged about every attempt made to access the system. These security logs allow us to constantly monitor for a wide range of anomalies and to determine if attempts have been made to breach our security framework.

Host Level After passing through the Banking Server, the transaction is sent via secure dedicated communication lines to our Transaction Server which verifies customer identity. Once authenticated, the customer is allowed to process authorized online banking and bill payment transactions using host data. No direct database access occurs between the Banking Server and the Transaction Server. Only specific transactions in the proprietary format are allowed into the Transaction Server. Protocol conversions have also been implemented to ensure that information does not remain in a single state of existence, further securing the information at any given point in the transaction process. In addition, communication time-outs ensure that the request is received, processed, and delivered within a given time frame. Any outside attempt to delay or alter the process will fail. Further password encryption techniques are implemented at the host level, as well as additional security logging and another complete physical security layer to protect the host information itself.

User Responsibilities While we continue to evaluate and implement improvements in Internet security technology, users of the online banking system also have responsibility for the security of their information. We strongly recommend strict adherence to the following:

• BankDirect will NEVER ask you to verify your Security Code, PIN or Password via phone or e-mail. Do not disclose these or any other types of personal information to ANYONE.
• Internet e-mail is NOT a secure method of communications. Do not send ANY personal information via e-mail. If you need to send personal information to BankDirect, log into the "Manage Your Account" section on the BankDirect website and use the "Mail" function. This method of communication IS secure.
• Utilize a full 8-digit Password and change it frequently to ensure that the information cannot be guessed or used by others.
• Be sure others are not watching you enter information on the keyboard when using the system.
• Never leave your computer unattended while logged on to the online banking system. Others may approach your computer and gain access to your account information while you are away.
• Logout when you are finished using the system to properly end your session. Once a session has been ended, no further transactions can be processed until you log on to the system again.
• Close your browser when you are finished, so that others cannot view any account information displayed on your computer.
• Utilize the latest version of either Microsoft Internet Explorer or Netscape Navigator. The online banking system is best viewed and is most secure when you use one of these two browsers, as they are both certified for use at our site.
• To reduce any chance of misspelling or mistyping and to ensure that you log on to the correct site, be sure to bookmark BankDirect's Web site address (www.bankdirect.com/). Simply click on "Favorites" up in the menu bar, and click on "Add to Favorites." Then to access the site, go to "Favorites" and scroll down the list until you find "Banking Online with BankDirect." Select it (or click on it) from the list, and www.bankdirect.com/ will automatically launch.
• Keep your PC's Operating System up-to-date by applying "Critical" security patches when available.
• Keep your computer free of viruses. Use virus protection software to routinely check for a virus on your computer. Never allow a virus to remain on your computer while accessing the online banking system.
• Report all crimes to law enforcement officials immediately.

When you follow these simple security measures, your interaction with the online banking system will be completely confidential. We look forward to serving your online banking and bill payment needs both today and into the future - securely!