Security Policy

SOUTH OTTUMWA SAVINGS BANK is pleased to offer Online (Internet) Banking, Mobile Banking and Bill Payment services. Delivering these services requires a solid security framework that protects you and our institution's data from outside intrusion. We are committed to working with our Internet service and communications providers to produce the safest operating environment possible for our customers. The information below summarizes our security framework, which incorporates proven technology. A section at the end summarizes your responsibilities as a user of the Internet banking system with regard to security. There are several levels of security within our security framework. User Level deals with cryptography and Secure Sockets Layer (SSL) protocol and is the first line of defense used by all customers accessing our Banking Server from the public Internet. Server Level focuses on firewalls, filtering routers and our trusted operating system. Host Level deals specifically with our Internet banking and bill payment services and the processing of secure financial transactions.

USER LEVEL

There are several components of User Level security that ensure confidentiality of information sent across the public Internet. The first requires your use of a fully SSL compliant 128 bit-encrypted browser such as Google Chrome or Mozilla Firefox. SSL is an open protocol that slows a user's browser to establish a secure channel for communicating with our Internet server. SSL utilizes highly effective cryptography techniques between your browser and our Server to ensure that the information being passed is authentic, cannot be deciphered and has not been altered en route. SSL also utilizes a digitally signed certificate, which ensures that you are truly communicating with the Online Banking Server and not a third party trying to intercept the transaction.

After a secure connection has been established between your browser and our Server, you then provide a valid User ID and Password to gain access to the services. This information is encrypted, logged by the Server forming another complete physical security layer to protect the Server's information and request to log on to the system is processed. Although SSL utilizes proven cryptography techniques, it is important to protect your User ID and Password from others. You must follow the Password parameters we specify at the time you sign up for an Internet banking account. We also recommend changing your Password often. Session time-outs and a limit on the number of logon attempts are examples of other security measures in place to ensure that inappropriate activity is prohibited at the User Level.

SERVER LEVEL

All transactions sent to our Banking Server must first pass through a filtering router system. These filtering routers automatically direct the request to the appropriate server after ensuring the access type is through a secured browser and nothing else. The routers verify the source and destination of each network packet and manage the authorization process of letting packets through. The filtering routers also prohibit all other types on Internet access methods at this point. This process blocks all non-secured activity and defends against inappropriate access to the Server.

The Banking Server is protected using a firewall platform. This platform defends against system intrusions and effectively isolates all but approved customer financial requests. The platform secures the hardware running the Online applications and prevents associated attacks against all systems connected to the Banking Server. The system is monitored twenty-four (24) hours a day, seven (7) days a week for a wide range of anomalies to determine if attempts are being made to breach our security framework.

HOST LEVEL

Once authenticated, the customer is allowed to process authorized Online (Internet) Banking and BillPay transactions using a host data. In addition, communication time-outs ensure that the request is received, processed and delivered within a given time frame. Any outside attempt to delay or alter the process will fail. Further password encryption techniques are implemented at the host level, as well as additional security logging and other complete physical security layer to protect the host information itself.

USER RESPONSIBILITIES

While our service provider continues to evaluate and implement the latest improvements in Internet security technology, users of the Online (Internet) banking system also have responsibility for the security of their information and should always follow the recommendations listed below:

  • Utilize the latest 128-bit encryption version of a current secure browser is recommended (ie Firefox).
  • Install and periodically update anti-spyware, virus protection and firewall software.
  • Maintain patches to operating systems and browers.
  • Always keep current operating system security updates
  • Do not open e-mail from untrustworthy sources.
  • Keep web browser security setting set at medium or higher.
  • Your Password must be kept confidential. You must follow our specific parameters for a Password and change it frequently to ensure that the information cannot be guessed or used by others. Be sure others are not watching you enter information on the keyboard when using the system.
  • Never leave your computer unattended while logged on to the Online (Internet) banking system. Others may approach your computer and gain access to your account information if you walk away.
  • Click the Home button when you are finished using the system to properly end your session. Once a session has been ended, no further transactions can be processed until you log on to the system again.
  • Close your browser when you are finished, so that others cannot view any account information displayed on your computer.
  • Keep your computer free of viruses. Use virus protection software to routinely check for a virus on your computer. Never allow a virus to remain on your computer while accessing the Online (Internet) banking system.
  • Report all crimes to law enforcement officials immediately.

Links

Links to non-South Ottumwa Savings Bank Websites, if contained in our site, are offered only as pointers to sources of information on subjects that may be of interest to users of the South Ottumwa Savings Bank's website, and South Ottumwa Savings Bank is not responsible for the content of such sites as we have no control over what is displayed there. South Ottumwa Savings Bank does not guarantee the authenticity of documents at such sites, and links to non-South Ottumwa Savings Bank sites do not imply any endorsement of or responsibility for the ideas, opinions, information, products or services offered at such sites. Use of links to any non-South Ottumwa Savings Bank's website is solely at the user's own risk. Any linked company's products and/or services may not be FDIC insured and South Ottumwa Savings Bank does not guarantee these products and/or services.
When you follow these simple security measures, your interaction with our Online (Internet) banking system will be completely confidential. We look forward to serving your online banking and bill payment needs both today and into the future securely!

Our Internet Website

Visitors to the SOUTH OTTUMWA SAVING BANK'S - web site www.sosb-ia.com remain anonymous. We do not collect personal identifying information about site users, unless you choose to submit such information on our feedback form. Standard software is used to collect and store ONLY the following non-identifying information about our visitors: the name and the internet service provider from which you accessed the internet, the date and time you accessed our site and the internet address of the web site from which you linked directly to our site.

Visitors may elect to provide us with personal information via e-mail or our feedback form. This information is used internally, as appropriate, to handle the sender's request and manage the SOUTH OTTUMWA SAVINGS BANK web site. It is not disseminated or sold to other organizations. Visitors should, however, keep in mind that e-mail is not necessarily secure against interception. If you do not agree with the use of this information, or are not comfortable with this level of privacy, please use the clear button on the feedback form or cancel the e-mail before it is sent. Visitors should call us directly at 641-682-7541 if requests include sensitive or private information, such as your account number, credit card numbers and/or Password/PIN number for your SOUTH OTTUMWA SAVINGS BANK ATM card or debit/chek cards. SOUTH OTTUMWA SAVINGS BANK is committed to protecting your privacy.
Our intent throughout our online presence is to collect only the information we need to deliver excellent service, use that information responsibly and keep you fully informed of how that information is being used.

Protecting Children

SOUTH OTTUMWA SAVINGS BANK does not knowingly solicit data from children, and we do not knowingly conduct online marketing to children. We recognize that protecting children's identities and privacy is important and the responsibility to do so rests with both the online industry and with parents.