CANNON FINANCIAL FEDERAL CREDIT UNION
Cannon Electronic Services

Home | About Us | Contact Us | Privacy | NCUA

 

 

   Key to Security Security on the World Wide Web    Alpha ATOAlpha Z
CFFCU Home Page

Really, Dear Watson  Overview

   The Internet has become a global marketplace with a wide variety of goods and services available from
   any kind of computer around the world. We are joining this global marketplace, seeking new ways to
   improve services and make financial transactions more convenient for consumers.

With the promise of a lower-cost delivery channel offering better service, more features, and more financial products, Internet commerce has been fully embraced by the financial industry. Although financial institutions agree on the merits of Internet financial services, security is a concern that makes some consumers hesitant about financial transactions over the Internet.

Security of any system is a combination of technology, policy, and people. This online service is built on a sound and balanced foundation of stringent security policies, rigorously tested and evaluated technologies, and a highly trained and experienced staff. A solid foundation of Internet expertise and in-depth knowledge and experience in the financial services industry provide a secure solution. Consumers may rest easy knowing that financial information will be protected with state-of-the-art security every step of the way.

Secure Systems: Technology, Policies, and People

Developed and built from the ground up with security in mind, our system is designed with security as a dynamic feature of the product, not an afterthought or add-on. The result is an architecture that utilizes a multi-layered approach to information security, providing safeguards and guaranteeing privacy throughout the process.

This architecture offers client-server authentication, data integrity, complete transactional privacy, and above all, resistance to all forms of "hacking" attempts. Layered security means that, rather than relying on a single security measure, layers of technology are utilized within the security architecture to distance the potential "hacker" as far as possible from the core of sensitive information and resources.

 

 security key                                 Security Architecture: Multiple Layers

     Every financial transaction uses multiple layers of security and every layer adds a different technology
     resulting in a trusted system that is monitored at all times. The four basic layers are:

                        Browser Encryption
                        Firewalls
                        Internal Networks
                        People

The Browser Layer

All financial transactions conducted on the Internet should use some form of encryption. The first layer of online financial security is the 128-bit Secure Sockets Layer (SSL) encryption between your browser and the Web Servers. SSL is the industry standard that provides secure access to online financial services from anywhere on the Internet using any current Internet browser.

SSL provides a secure channel for data transmission over the Internet. It allows for the transfer of digital signatures to authenticate users and provides message integrity, ensuring that your data cannot be altered en route. Browsers also have the capability to display a Certificate to the user about the source of a secure transmission. This assures Internet customers that you are communicating with the financial institution's service provider and not a third party trying to intercept the transaction on the Internet.

Encryption changes everything that travels across the Internet during your online session (including your password, your bank statement, or instructions to pay a bill) into a string of unrecognizable numbers. Both our servers and the browser you use to surf the Web understand the mathematical formulas, called algorithms, that turn your financial information into numeric code, and back again to meaningful information. These algorithms serve as the locks and keys of your account information. While the destination computer and your browser can easily translate this code back to meaningful language, this process is an overwhelming, almost impossible task for unauthorized intruders.

There are two types of encryption commonly in use – "domestic-grade" or 128-bit encryption and "international-grade" or 40-bit encryption. The difference between these two types of encryption is strictly one of capability. 128-bit encryption is stronger than international-grade encryption. Using 128-bit encryption, means there are 300,000,000,000,000,000,000,000,000 (a three followed by 26 zeroes) times as many key combinations as there are for 40-bit encryption. That means a computer would require exponentially more processing power than for 40-bit encryption to find the correct key.

We require the use of 128-bit encryption for all financial transactions to provide the best security possible. In addition to browser encryption, there is server encryption for users who log in with a browser that has only 40-bit encryption. The server will accept the message and start a 128-bit encrypted session from the server end. This ensures that all your transactions have the strongest level of encryption.

To start a transaction, you enter an address in the browser to send a secure message that is encrypted by SSL to a server. The server responds by checking to see who you are (this is called authentication), comparing your encrypted User ID and Password against an encoded list, and starting the session encryption. If, for any reason, the secure session link is broken, the online session automatically terminates.

Our standards are high; if the session isn't secure enough, it cannot be used to conduct transactions during your online session. You know when a session is encrypted by looking for the following icons (pictures) in the lower portion of your browser.

 

Ring'O'Fire

  The Firewall Layer

  Computer networks by their nature are designed to allow the flow of information. The purpose of
  an Internet firewall is to provide a point of defense, a controlled and audited access path to
  services from inside and outside the organization’s private network. The mechanism providing
  the second layer of security, for selectively permitting or blocking traffic between the Internet and
  the protected network, is a series of state-of-the art firewalls. One such firewall is used to shield the servers from any unauthorized Internet traffic. Only messages addressed to the secure server can pass through the firewall – all other traffic from the Internet is rejected. To pass through this checkpoint, your browser must know the protocol to use – in other words, the language to speak – that will allow it to obtain authorized information, but only from designated systems. The firewall creates extensive logs of all network traffic, providing centralized auditing and security monitoring.

The platform chosen for our Web Servers and Firewalls is Microsoft Windows NT. We collaborate closely with software and hardware manufactures as well as telecommunications and security experts to provide a solution that not only meets or exceeds our essential security requirements, but also has the scalability, reliability, and endurance required to address the changing needs of our customers.

Windows NT Server is designed with a sound, integrated, and extensible security model. It has been certified at the C2 level by the U.S. government and the E3 level by the U.K. government. We are not alone in this choice. Many of the largest corporations and government agencies around the world are using Windows NT.

Beyond the Internet – Internal Network Layer

The third layer of security – the internal network systems – prevent unauthorized users from accessing any transaction data from the Internet by means of physical and logical access controls. Transaction processing systems are not physically connected to the Internet. TCP/IP – the Internet’s communications protocol – is not installed on the transaction processing system.

Once your transactions have been accepted by the server, they are carried over the proven secure network that financial institutions have been using for decades. The entire process from the financial institution to you is as secure as possible.

The People Layer

The fourth layer of security is people. Internet security does not rely on technology alone. Without everyone’s participation, all the security systems and technology in the world are worthless. Customers must treat the User ID and Password for online accounts with the same care as an ATM or Credit Card and PIN. In addition, customers must make sure that no one is physically watching when you enter your password. If you are logged in to the service, be sure to exit the browser when you leave the computer unattended. You should also take standard precautions to keep your system clean and free from viruses that could be used to capture password keystrokes and financial information.

We don't view security as something that is set up once and left alone. Your online service provider constantly monitors the security system to be sure that your information is safe and secure. Any attempt to break into the system will be observed.

New advances in security technology are happening daily. As an active member of the Internet financial services community, we are continuously reviewing and enhancing security architecture to ensure that it provides the highest level of privacy and safety for you.

Where to Learn More about Internet Security and Electronic Commerce

The following is a list of sites you can browse for additional information concerning Internet security:

Back to Top

© 1999 Online Resources & Communications Corporation

7600 Colshire Drive Suite 600 * McLean, VA 22102
Phone: 703.394.5100 * Fax: 703.394.5105
E-Mail: info@orcc.com * All rights reserved.