In This Section

Online Banking System Security (click here to visit our security site)

In online banking as with traditional banking methods, security is a primary concern. Bank of Bolivar / BOB Community Financial has taken every necessary precaution to be sure your information is transmitted safely and securely. We use the latest methods in online banking system security to increase, and monitor, the integrity and security of the system.

Bank of Bolivar / BOB Community Financial's online banking security is addressed at three levels: the security of customer information as it is sent from the customer's PC to the web server, the security of the environment in which the online banking server and customer information database reside, and the security of the login process in order to prevent unauthorized users from attempting to log in to the online banking section of the website.

firewall diagram

Data security between the customer browser and our web server is handled through a security protocol called Secure Sockets Layer (SSL). SSL provides data encryption, server authentication, and message integrity for an internet connection. In addition, SSL provides a security "handshake" that is used to initiate the connection. This handshake results in the client and server agreeing on the level of security they will use and fulfills any authentication requirements for the connection. Bank of Bolivar / BOB Community Financial's online banking application supports data encryption at the highest level (128 bit). In order to get this level of encryption, you must use a browser that supports it. Both versions 3 and 4 of the most popular browsers support 40-bit encryption as a default, and have complete versions as well as patches that will support the stronger 128-bit encryption. Check with your browser manufacturer's website for more information.

Requests for online banking information are passed on from the web server to the online banking server. The online banking application uses a three-tiered architecture that provides a double firewall, completely isolating the web server from the customer information SQL database. The World Wide Web interface receives SSL input and sends requests through a firewall over a dedicated private network to the online banking server. The World Wide Web interface is the only process capable of communicating through the firewall to the online banking server. Therefore, only authenticated requests communicate with the online banking server.

The customer information database is housed on a Microsoft SQL Server, which implements Microsoft NT security in addition to the firewall technology. This database is stored on a RAID-5 drive array, which provides uninterruptible data access, even in the event of a hard drive failure. Just as the World Wide Web interface is the only process capable of communicating with the online banking server, the online banking server is the only process able to send requests to the SQL database. Thus, the outside world is removed from the customer database by two dedicated private networks.

A security analyzer constantly monitors login attempts and recognizes failures that could indicate potentially unauthorized attempts to log in to an account. When such trends are observed, steps will be taken automatically to prevent that account from being used.

As you can see, security concerns have been addressed from every angle within the architecture of the online banking application. Implementation of the SSL security protocol on the web server and customer browser ensures authenticated data have been received from the customer. The three-tiered architecture creates a double firewall that sends information requests over dedicated networks designed to handle specific functions. Placing all business logic and event logging within the online banking server creates a controlled environment that allows quick incorporation of online security technologies as they evolve. And finally, the security analyzer monitors login attempts in order to prevent unauthorized logins.