Rocky Mountain Bank

 

Security Statement
 
Our Online Banking security not only meets, but exceeds industry standards using the latest technologies to protect your private financial information. It features two-factor authentication, a TriCipher Digital ID on the bank’s server; Secure Sockets Layer (SSL) protocol for data encryption; and security questions. 
 
User Authenticity Verification and Two-Factor Authentication 
Rocky Mountain Bank's Online Banking system incorporates multi-factor authentication into the login process.  Authentication, when used in this context, means the verification of the identity of a user. When using the Online Banking system, you are “authenticated” when you log in.

There are three possible “factors” that can be used to verify your identity; something you know (a password), something you have (an ATM card) or something you are (your fingerprint). Most financial transactions conducted using means other than the Internet require you to provide at least two of these three factors. For instance, when you visit an ATM, you are required to present your ATM card (something you have) and to enter your PIN (something you know) before you can access your account(s). Using something you have (ATM card) and something you know (PIN number) is referred to as two factor authentication.

Rocky Mountain Bank's Online Banking system implements a form of multi-factor authentication.  You first tell the system who you are by entering your user ID and then our system uses your computer as the second factor of authentication (your computer is something that you have). By placing a cookie (a short text file containing user information) on your computer our system is able to recognize you each time you log on.  If you delete the cookie or block it you will be asked to answer a security question to verify your identity. You then enter your password as the second means of verification.

Rocky Mountain Bank’s Online Banking system uses a “three strikes and you're out” policy, meaning that after three unsuccessful attempts to log in to the system you are locked out of your account. If your account has been locked, you must contact the bank to have your account unlocked. This disabling of Online Banking access prevents malicious individuals from attempting to guess your password and also prevents the use of “crack” programs (computer programs that run through letter/number/special character combinations eliminating the invalid ones until they arrive at a match).  As an additional protection your password is stored in an encrypted format which means that no one within the Bank or outside has access to your password unless you provide it to them.  Anytime your password is changed on your Online account an email is sent to the email address on record to make you aware that a change was made.


Secure Data Transfer 
Once you have successfully logged in, the Digital ID from TriCipher authenticates your identity and establishes a secure Online Banking session. The establishment of a session in this manner ensures that all communication between your computer and the bank’s server takes place in a secured environment. Data traveling between your computer and the bank’s server is encrypted with Secure Sockets Layer (SSL) protocol. SSL essentially establishes a new encryption code for every session. Only your computer and the bank’s server have the ability to decrypt, and therefore to understand, this code. A unique code is created for each session and is destroyed once the session is ended. 
 
Account Masking
To further protect you account numbers are masked (only the last the last 4 numbers of the account are shown) and no confidential personal information (such as social security number) is stored on the site.  If someone sees your information while you are logged in they will not have the full account or social security number.