Security Policy

We take security very seriously

It is of utmost importance for us to protect customers' personal information when they are online to our website. We go to great lengths to make sure that their transactions are confidential and secure. This Internet Banking System brings together a combination of industry-approved security technologies to protect data for the bank and for our customers. It features password-controlled system entry, a VeriSign-issued Digital ID for the bank's server, Secure Sockets Layer (SSL) protocol for data encryption, and a router loaded with a firewall to regulate the inflow and outflow of server traffic. To begin a session with the bank's server the user must key in a Log-in "5 strikes and you're out" mechanism to deter users from repeated login attempts. After 5 unsuccessful login attempts, the system locks the user out, requiring a phone call to the Internet Banking Division to have the password reset before re-entry into the system. Upon successful login, the Digital ID from VeriSign, the experts in digital identification certificates, authenticates the user's identity and establishes a secure session with that visitor. Once the server session is established, the user and the server are in a secured environment. Because the server has been certified as a 128-bit secure sever by VeriSign, data traveling between the user and the server is encrypted with Secure Sockets Layer (SSL) protocol. With SSL, data that travels between the bank and customer is encrypted and can only be decrypted with the public and private key pair. In short, the bank's server issues a public key to the end user's browser and creates a temporary private key. These two keys are the only combination possible for that session. When the session is complete, the keys expire and the whole process starts over when a new end user makes a server connection.

Firewalls, And Other Protection

Requests must filter through a router and firewall before they are permitted to reach the server. A router, a piece of hardware, works in conjunction with the firewall, a piece of software, to block and direct traffic coming to the server. This configuration begins by disallowing ALL traffic and then opens holes only when necessary to process acceptable data requests, such as retrieving web pages or sending customer requests to the bank. As referenced above, all personal and account information that passes between the customer's computer and Franklin Synergy Bank's Online Banking is encrypted. This means that while the customer's information is in transit, it is scrambled so that only Franklin Synergy Bank's computer equipment can reassemble it to its original text format. When we send personal account information to the customer, it is also encrypted so that only the customer's computer can decipher it and reconstruct the data transmitted. The Internet Banking Division will monitor security logs on a weekly basis. These logs will be checked for patterns of unusual activity regarding logging in to the Internet Banking site. Excessive instances of userid or password reset requests will require a phone call to a signer on the customer's account to verify that they are, in fact, attempting to reset their own userid and password.

 

Intrusion Detection Policy

In the event that a computer intrusion has been discovered where a hacker may have gained access to customers' personal information, all individual customers will be notified as soon as possible. This notification may come in the form of an email, a written letter, or a message posted on the Internet Banking web page. This notification will be made without unreasonable delay unless the disclosure of such information would hinder a criminal investigation. Personal information is here defined as the customer's first name plus one or more of the following pieces of information:
  1. Social Security Number
  2. Driver's license number or identification card number
  3. Account number, credit or debit card number and any required security code or password that would permit access to an individual's financial account.

Customer User ID/Password and Privacy of Customer Information

The most important way of protecting Online Banking transactions is by the customer's self-selected User ID and Password. We recommend that the customer keep them a secret, memorize them and, if it is necessary to maintain a written record of the codes, it is recommended that the customer store them away from their computer in a secure place and not in their wallet or purse. It is recommended that the customer always make sure that no one is watching them enter the information and that they always log off the Online Banking website whenever they are away from their computer (click exit). If their computer is left unattended and the browser is running with their User ID and Passwords entered, anyone can gain access to their accounts. It is recommended that the customer change their Password often and that they do not use simple words or numbers in sequence. It is recommended that the customer use upper case and lower case numbers and letters and use symbols that are unique to them. Avoid obvious words and numbers, like a family member's birthday or name.

Passwords for all Franklin Synergy Internet Banking applications must be at minimum six characters in length and are case-sensitive. Passwords for all Franklin Synergy Bank Internet Banking applications are automatically required to be changed every 120 days. When resetting a password for all Franklin Synergy Bank Internet Banking applications, users must not reuse any of their previous two passwords.

Visitors to this bank Website remain anonymous. We do not collect identifying information about visitors to our site. We may use standard software to collect non-identifying information about our visitors, such as; (1) Date and time out site was accessed; (2) IP address (A numeric address given to servers connected to the Internet); (3) Web browser used; (4) City, State, and country. The bank uses this information to create summary statistics and to determine the level of interest in information available on our site. Visitors may elect to provide us with personal information via E-mail, online registration forms, or our guest book. This information is used internally, as appropriate, to handle the sender's request. It is not disseminated or sold to other organizations. Some areas of our Website may use a "cookie" temporarily stored in the visitor's computer memory (RAM) to allow the web server to log the pages the customer uses within the site and to know if the customer has visited the site before.