Online Security & Privacy
Information on protecting your accounts, use of encryption and cookies.
Online privacy options, email security, and tips on safeguarding your information.
- Why has the login process changed?
We are providing more protection for you during the log on process. We have added an additional layer of security (besides a password) that is stored in a cookie in your browser. Note: Your internet browser must allow first-party cookies. Our website will look for this cookie when you log on as additional assurance that your password has not been stolen and is being used from a different computer.
- Why am I being asked to answer security questions when I log in?
We require you to provide answers to security questions to help identify you in certain situations. There are a few reasons why you are asked to answer security questions when logging into your account.
- You are a new user and need to enroll your account online for the first time.
- You are manually deleting your cookies.
- You have your PC security software on a very high setting that deletes 'first party' cookies. Most PC security software deletes only 'third party' cookies, but the setting can be changed to include 'first party'.
- You are using a different browser or PC each time you go to the website.
- How do I avoid answering the security questions every time I log in?
Depending on the situation, you can:
- When manually deleting cookies, be careful not to delete our cookie.
- Change the setting on your PC security software to delete only third party cookies, or add our cookie to the 'safe cookie' list.
- Log on to our website from browsers that you have already setup with our cookie.
- What is a personal message?
When you log on to your account, we will show you a message that you chose when enrolling your account online. Look for this message each time you log on! A fraudulent site will not have access to this information, so it will be missing. Beware of broken links where your personal message should be. If you get a broken link, type our web address directly into your browser address line and try again.
- How secure are your online services?
- With online account access, customer information and account data is protected by several state-of-the-art safety features: firewalls, data encryption and Password verification.
- Your User ID and Password should only be known only by you, so only you can access your accounts. Your Internet Service Provider and York State Bank do NOT know your Password. York State Bank will not send any account information to you electronically unless your unique User ID and Password are entered correctly.
- Your secure session will automatically terminate after 10 minutes of inactivity. If this happens, you will have to logon again to access your accounts.
- What can I do to protect my accounts and company information while I am online?
- Memorize your User ID and Password. It is essential that you do not reveal your User ID and Password to anyone! We also recommend that you do not use easily verifiable information such as birth dates, social security numbers and addresses when selecting your Password and User ID.
- Frequently change your Password. You can easily change your Password online in the Managing Online Access section.
- Completely sign-off after each online session. For security purposes, online account access will automatically sign you off after 10 minutes of inactivity.
- What should I do if I think someone may know my User ID or Password?
If you think someone may know your User ID or Password, please call an an Online Representative immediately at 1-800-853-9586 7:00 AM through 7:00 PM CT, Monday through Friday to assist you in changing your information. You can also change your Password online in the Managing Online Access section. We suggest that you change your Password at least once a month for added security.
- What is encryption?
Encryption is the encoding of a file in order to protect its contents. This entails a word or a group of words essentially written in a secret code language - a language that is useless to anyone but you and your bank, to protect that message from unwanted viewing or tampering. The term "encryption" is a computer-age extension of the term "cryptic," which means something being hidden or mysterious.
- How is encryption used and how does it relate to me?
Encryption, in all of its forms, is a major reason why we can offer you online account access. Basic encryption involves the transmission of data from one party to another. The sender encodes the data by scrambling it, then sends it on. The receiver must decode the data with the correct "decoder" in order to read and use it. Your computer, as well as our computer system, recognizes the mathematical formulas of the encrypted messages during transactions. The more powerful computer system you possess on your end, the higher level or grade of encryption you can use. There are two types of encryption that you should be familiar with - domestic grade and international grade - when deciding how you will do your online banking. Domestic grade encryption, also called 128-bit encryption, is a much faster and more powerful form of encryption. On the other end of the spectrum would be 40-bit, or international grade, encryption. The 40-bit means that there are two to the 40th power of possible keys that could access your account information, but only one that could be used per Internet banking transaction. This essentially means that the chances of cracking the code for a particular transaction in 40-bit encryption are very, very small. The 128-bit encryption requires more computer processing power than 40-bit encryption but is more secure. In fact, 128-bit encryption is 309,485,009,821,345,068,724,781,056 times more powerful than 40-bit encryption.
- How do I know if my online session is encrypted?
You can determine when encryption is being used on the site by looking at the following icons on your browser. You can also verify that your are in a secured site when you set http:// in the address line. Microsoft Internet Explorer 6 displays the lock icon in the lower right corner of your browser. Mozilla Firefox displays the lock icon in the lower left corner. Apple Safari displays the lock icon in the upper right corner of the title bar.
With Mozilla Firefox, you can double click on the lock icon to obtain more security information about the site you are viewing.
- What is cache?
Cache is a temporary holding place in your computer (a.k.a. memory). As you visit Internet sites, certain pieces of the page (graphics, etc.) can be stored in cache. Depending on your browser settings, your browser may look for pieces of the page to be stored in cache as you are navigating Internet sites.
- Do you cache my information?
No. A cache is a stored file on your computer's hard drive. When dealing with sensitive and secure data, we do not want the computer to store the information on your hard drive.
- How do I clear my cache?
Microsoft Internet Explorer*
- Click on the Tools at the top of the page.
- Click on Internet Options.
- Click on Delete Files.
- Check the 'Delete all offline content' box.
- Click on the Tools at the top of the page.
- Click on Clear Private Data...
- In the 'Clear the following items now:' group, make sure that Cache is checked.
- Click Clear Private Data Now.
- Click on the Safari menu at the top of the screen.
- Click on Empty Cache...
- When presented with "Are you sure you want to empty the cache?" click Empty.
- Can I use the back button?
When using the back button on a non-secure site, a cache, or a file stored on your computer's hard drive, is created. On some secure sites, the back button is disabled. On other secure sites, the back button can be used, but instead of caching information, it allows the system to pull your information from the site's secure server. On our secure site, we do not cache information, but allow our customers to access their data again by using the back button.
- What level of encryption protection does online account access support?
All transmission of customer information through online account access is encrypted using 128-bit encryption technology.
- How secure are my accounts and transactions?
Protecting the privacy and security of your confidential financial information is our first priority. Online account access provides end-to-end encryption to secure transactions while in transit. Your accounts are also protected with a Password known only to you. Only you can access your accounts and authorize payments. To gain a greater level of protection, we recommend changing your Password(s) on a regular basis and not using birth dates, first or last names, or other documented numbers or letters that may be easy to locate. Only you know your private Password, so you can be confident that your data is secure. Your Password is NOT known to your Internet Service Provider or York State Bank.
- How do websites collect information?
Information can be collected in several ways, but typically "personally identifiable information" (information that can be traced to a single user) is not gathered on a widespread basis. Most information collected online is "usage data," or data limited to where an individual visits within a site and/or how much time is spent at a particular site. Online services, for example, may track sign-on and sign-off times for billing purposes. Individual websites (whether companies or individuals) may gather certain kinds of information about you when you visit their site. Many sites limit information gathering to broad usage statistics. Some website operators may collect information about you through your email address, the means by which you connect to their site, by the use of "cookies" or voluntary questions directed at users.
- Where does my information go when I provide it online?
You can reasonably assume that some level of information tracking will be done when you logon to the Internet. Unless a site or service provider posts its information gathering and dissemination practices, it is up to you to inquire about them. It is also up to you to decide whether you want to provide your name, mailing address, phone number or any other personal information if a website asks you to register.
- What are cookies? Can I get rid of them?
Some websites transfer a file, often referred to as a "cookie," to your computer's hard drive, which enables them to track your activities on their site. While a code in the cookie file allows a site to label you as a particular user, it doesn't reveal your real name and address unless you've provided the site with such information or set up preferences in your browser to do so automatically. Newer versions of browser software enable you to decide whether you want to receive cookie files, and some programs notify you when a website is about to deposit a cookie file. To check whether cookie files have been placed on your computer, look for a hard drive file called "cookies.txt" if you have an IBM compatible PC or "magic cookies" if you have a Macintosh. You can delete these files from your hard drive. There are also utility software programs, called "cookie cutters" or "anonymizers" that allow you to edit cookie files selectively within web browsers.
Note that after you delete our cookie, if you log on from the same browser again, you will be prompted to answer your security questions.
- Why should I accept cookies?
Your browser must accept cookies in order to access your account online. York State Bank uses a cookie to maintain authentication between our application server and your browser. This cookie holds a key, which is used to verify customer authentication. This ensures that we are maintaining a secure connection. If your browser does not accept cookies, we are unable to maintain authentication between your browser and our application.
York State Bank also uses a persistent cookie to personalize the display of information for you. For example, a persistent cookie enables you to set which entry page (personal or business) to use as the site's home page.
All York State Bank cookies are encrypted to help prevent being hacked. For security purposes, the information collected in the information will not be your Social Security Number, Password, or other personal or company information.
- How do I accept cookies?
Your browser must be configured to accept cookies. Follow the instructions below to configure your browser accordingly:
Microsoft Internet Explorer*
- Select the Tools option from the browser's toolbar.
- Select Internet Options from the drop-down menu.
- A new window will appear, select the tab titled Security at the top of this new window.
- Click on the button titled Custom Level.
- Scroll to the section titled Cookies.
- Select Enable for the following options:
- Allow Cookies that are stored on your computer.
- Allow per-session Cookies (not stored).
- Select the Tools option from the browser's toolbar.
- Select Options from the drop-down menu.
- Choose the Cookies tab.
- Check Allow sites to set Cookies.
- Select the Safari menu from the top of the screen.
- Select Preferences...from the drop-down menu.
- Choose the Security icon from the top icon row.
- At Accept Cookies, choose either the Always or Only from sites you navigate to radio button.
No. The cookie is used to help identify you at logon, but does not gather information about your PC or look at any information on your PC.
Only our website can read our cookie. It is used only at logon, and is not used to track your activities on the Internet.
Our cookie contains only an encrypted numeric identifier with some anti-tamper content, and does not track any of the information on the web pages or any transactions you do. The cookie is unaware of the transaction, its type, amount and does not store any personal information about you.
- What is spamming?
Spamming is the practice of sending unsolicited electronic mail to many users simultaneously. The email message itself is referred to as "spam".
- What can I do if my credit card number or other personal information is being used fraudulently?
To prevent credit card misuse, don't give out your credit card number online unless you know and trust the requesting website, or are assured that proper security measures are in place. To ensure security, your credit card number should be encrypted using the latest software technology. Don't believe a website that tells you that your information doesn't need to be encrypted and contact companies providing the encryption technology to check whether it's actually being used as advertised. If your credit card or personal information is being used fraudulently, immediately contact (by phone and in writing) your card issuers and all creditors with whom your credit card number or name has been used or may be used. Also contact the fraud units of the three major credit reporting companies: Experian (experian.com), Equifax (equifax.com), and TransUnion (transunion.com). Request that your credit report be flagged for potential or actual fraud, and inquire about attaching a "victim's statement" to your report. Beyond the initial reporting steps, there are many avenues available for dealing with or obtaining information about the varied aspects of credit card or identity theft. The primary resource is the Federal Trade Commission.
- What is phishing?
Phishing is a fraudulent email scam that uses spam to attempt to get consumers to disclose or verify their account numbers, personal identification numbers (PIN), Social Security Numbers, Passwords, or other sensitive information. This email typically resembles an email from a familiar company and may have a similar Internet address to that company in the text; however, it will usually have a couple of letters transposed.
- What can I do to protect myself against phishing?
In an effort to protect yourself, use caution when applying for items via email. Be sure to verify the Internet address and check to see if the site is secure before you enter any personal data. If you receive an email from York State Bank that looks suspicious, please call to verify that we sent it to you.
- What is privacy?
The term 'privacy' is used in connection with how organizations gather, manage, share, and safeguard customer information.
- What do I need to know about the privacy standards at York State Bank?
- What kind of information does York State Bank collect?
The information we collect depends on the type of accounts you have with us. We will almost always require nonpublic information (such as name, address, social security number, assets, IP address and income), and may also ask for information about your credit history, assets, debts and employment information. We also maintain transaction information (such as your creditworthiness or payment history) generated by the use of your accounts.
- Why is my information shared internally at York State Bank?
Information about you helps us provide high quality products and services that will benefit you. It also allows us to know our customers better which could help in the prevention of fraudulent activity on your accounts.
- Does York State Bank sell customer lists or other customer information?
We do not sell customers' personal or company information to other companies for marketing purposes. Sometimes we do select companies to bring you financial products on our behalf such as credit cards. When we do this, we make available only the information they need to offer and administer these products. These companies are not permitted to use this information or to contact our customers for any other reason than providing the specific products or services intended.
- How does York State Bank protect the security of customer information?
We continually enhance our security tools and processes to protect customer information. In addition, we take steps to protect your identity and your accounts by asking you for information that only you should know. In addition, we maintain physical, electronic and procedural safeguards to protect your information.
- What does York State Bank do to help make my Internet access secure?
* Microsoft® and Internet Explorer® are registered trademarks of Microsoft Corporation in the United States and/or other countries.
† Mozilla® and Firefox® are registered trademarks of the Mozilla Foundation.
‡ Apple® and Safari™ are registered trademarks or trademarks of Apple Computer, Inc.