Skip to Content

Security Statement

We take security seri­ously. Here’s what we do to protect you. 

Keeping You Secure

Our Online Banking security exceeds industry stan­dards using the latest tech­nol­ogy to protect your privacy and your assets. It features Multi-Factor Authentication (MFA); a TriCipher Digital ID on the Bank’s server; and Secure Sockets Layer (SSL) protocol for data encryp­tion. Trust us, it’s secure.


By using MFA for authen­ti­ca­tion in the log in process, you’re sure to be the only one that can log in. Authentication means the veri­fi­ca­tion of the identity of a user. 

When using the Online Banking system, you are authen­ti­cated” when you log in. There are three possible factors” that can be used to verify your identity; some­thing you know (a password), some­thing you have (an ATM card) or some­thing you are (your finger­print). Most finan­cial trans­ac­tions outside of the internet require you to provide at least two of these three factors. For instance, when you visit an ATM, you are required to present your ATM card (some­thing you have) and to enter your PIN (some­thing you know) before you can access your account(s). Using some­thing you have (ATM card) and some­thing you know (PIN number) is referred to as two factor authentication.

Rocky Mountain Bank’s Online Banking system imple­ments a form of MFA. You first tell the system who you are by entering your user ID and password (some­thing you know) and then our system sends a one time passcode to your regis­tered phone or email address (some­thing you have). You then enter the passcode and a cookie (a short text file contain­ing user infor­ma­tion) is installed on your computer so our system is able to recog­nize you each time you log on. If you delete the cookie or block it you will be sent a new one time passcode.

Rocky Mountain Bank’s Online Banking system uses a three strikes and you’re out” policy, meaning that after three unsuc­cess­ful attempts to log in to the system you are locked out of your account. If your account has been locked, you must contact the bank to have your account unlocked. This disabling of Online Banking access prevents mali­cious indi­vid­u­als from attempt­ing to guess your password and also prevents the use of crack” programs (computer programs that run through letter/​number/​special char­ac­ter combi­na­tions elim­i­nat­ing the invalid ones until they arrive at a match). As an addi­tional protec­tion your password is stored in an encrypted format which means that no one within the bank or outside has access to your password unless you provide it to them. Anytime your password is changed on your Online account an email is sent to the email address on record to make you aware that a change was made.

Secure Data Transfer 

Once you have success­fully logged in, the Digital ID from TriCipher authen­ti­cates your identity and estab­lishes a secure Online Banking session. The estab­lish­ment of a session in this manner ensures that all commu­ni­ca­tion between your computer and the bank’s server takes place in a secured envi­ron­ment. Data trav­el­ing between your computer and the bank’s server is encrypted with Secure Sockets Layer (SSL) protocol. SSL essen­tially estab­lishes a new encryp­tion code for every session. Only your computer and the bank’s server have the ability to decrypt, and there­fore to under­stand, this code. A unique code is created for each session and is destroyed once the session is ended. 

Account Masking

To further protect you account numbers are masked (only the last the last 4 numbers of the account are shown) and no confi­den­tial personal infor­ma­tion (such as social security number) is stored on the site. If someone sees your infor­ma­tion while you are logged in they will not have the full account or social security number.