We take security seriously. Here’s what we do to protect you.
Keeping You Secure
Our Online Banking security exceeds industry standards using the latest technology to protect your privacy and your assets. It features Multi-Factor Authentication (MFA); a TriCipher Digital ID on the Bank’s server; and Secure Sockets Layer (SSL) protocol for data encryption. Trust us, it’s secure.
By using MFA for authentication in the log in process, you’re sure to be the only one that can log in. Authentication means the verification of the identity of a user.
When using the Online Banking system, you are “authenticated” when you log in. There are three possible “factors” that can be used to verify your identity; something you know (a password), something you have (an ATM card) or something you are (your fingerprint). Most financial transactions outside of the internet require you to provide at least two of these three factors. For instance, when you visit an ATM, you are required to present your ATM card (something you have) and to enter your PIN (something you know) before you can access your account(s). Using something you have (ATM card) and something you know (PIN number) is referred to as two factor authentication.
Rocky Mountain Bank’s Online Banking system implements a form of MFA. You first tell the system who you are by entering your user ID and password (something you know) and then our system sends a one time passcode to your registered phone or email address (something you have). You then enter the passcode and a cookie (a short text file containing user information) is installed on your computer so our system is able to recognize you each time you log on. If you delete the cookie or block it you will be sent a new one time passcode.
Rocky Mountain Bank’s Online Banking system uses a “three strikes and you’re out” policy, meaning that after three unsuccessful attempts to log in to the system you are locked out of your account. If your account has been locked, you must contact the bank to have your account unlocked. This disabling of Online Banking access prevents malicious individuals from attempting to guess your password and also prevents the use of “crack” programs (computer programs that run through letter/number/special character combinations eliminating the invalid ones until they arrive at a match). As an additional protection your password is stored in an encrypted format which means that no one within the bank or outside has access to your password unless you provide it to them. Anytime your password is changed on your Online account an email is sent to the email address on record to make you aware that a change was made.
Secure Data Transfer
Once you have successfully logged in, the Digital ID from TriCipher authenticates your identity and establishes a secure Online Banking session. The establishment of a session in this manner ensures that all communication between your computer and the bank’s server takes place in a secured environment. Data traveling between your computer and the bank’s server is encrypted with Secure Sockets Layer (SSL) protocol. SSL essentially establishes a new encryption code for every session. Only your computer and the bank’s server have the ability to decrypt, and therefore to understand, this code. A unique code is created for each session and is destroyed once the session is ended.
To further protect you account numbers are masked (only the last the last 4 numbers of the account are shown) and no confidential personal information (such as social security number) is stored on the site. If someone sees your information while you are logged in they will not have the full account or social security number.