FMFCU Security Info
FMFCU Security Center | e-Banking Security
e-Banking uses a three-layer security model to prevent unauthorized users from viewing or modifying account member data. By using the most current home banking security hardware, software, and procedures, each layer is designed to protect a critical area of the system. These areas include network security, data integrity, and authentication.
The credit union's database is not hosted on a machine connected to the Internet. All calls to the database must be passed through the e-Banking web server. The e-Banking web server is a multi-homed machine with one network interface exposed to the Internet. On this exposed card all non-e-Banking related traffic is blocked by several firewalls that simply drop any packets that attempt to communicate with anything but the password protected site. The user must authenticate to the web server to make a proxy connection to a secondary machine that will in turn connect to our mainframe systems.
When the user attempts to connect to the system the server will redirect them to a secure session using RSA 128 bit encryption over SSL. If the user's browser does not support this they will be denied access and presented with a page describing why and where they can download the correct software. If the user has the proper software installed then the e-Banking server will identify itself to the user’s PC using a digital certificate issued by Verisign to ensure that the client is connected to the authentic e-Banking server. Next the client PC and server will negotiate a session key, and from this moment on all communication between the client and the server will be a 128-bit encrypted session, which is considered unbreakable with today’s technologies. After the client and server have established a secure connection the user will be prompted for their account name and password in order to proceed into the web site. At no time are password stored or transmitted in an unencrypted form.
Manual member determination of site validity:
The third layer in the e-Banking security model prevents unauthorized visitors from accessing member account data at the authentication level. Each member is assigned a randomly generated password issued by the credit union that they use to login to e-Banking, along with their member number. Members may then change their passwords at anytime during an e-Banking session, but only after successfully logging in with the initial passwords. To prevent "brute force" attempts at guessing, or cracking a password, e-Banking can lock out the account after a certain number of invalid logons. Finally, e-Banking sessions expire after a certain number of minutes when no activity takes place. This is done to prevent someone other than the logged-in member from continuing the session if that member has left their computer terminal. In addition, the credit union uses Multi-Factor Authentication (MFA) to provide an additional level of security. For more information about MFA, click here.
Copyright © 2013 FMFCU. All Rights Reserved. Federally insured by NCUA.