Click To Return To Security Page

Secure Access and User Authenticity

To begin a session with the bank's Web server, the Internet Banking customer must key in a User ID and a password. SumxNet™ will allow a user three attempts to log in before that user is x-cluded. SumxNet x-cluded procedure is evoked to deter users from repeated login attempts. After three unsuccessful login attempts, the system x-cludes the user, requiring either a designated wait period or a phone call to the financial institution to verify the password before entry is allowed into the system. Upon successful login, VeriSign's Digital ID authenticates the user's identity and establishes a secure session with the user. In addition, SumxNet automatically signs the user off after 20 minutes of inactivity, which will prevent anyone from pressing the "back" key to view the user's financial information.

Data security between the customer's secured browser and Sumx's Microsoft NT or IBM OS/2 Web servers is handled through a security protocol called Secure Sockets Layer (SSL). SSL provides data encryption,  server authentication and message integrity for a TCP/IP connection.

Requests for Internet banking information are passed from the SumxNet Web server to the SumxNet SQL Database server. Requests must filter through a router and a firewall before they are permitted to reach the SQL database server. A router, a piece of hardware, works in conjunction with the firewall, a piece of software, to block and direct traffic coming to the server. The configuration begins by disallowing ALL traffic and then opens connections only when necessary to process acceptable database requests. The financial institution is further protected because all of the customer data is maintained on a separate SQL Database server machine. Sumx provides a double firewall, completely isolating client side applications such as the World Wide Web interface from SumxNet financial information SQL database.

Digital ID's from VeriSign, the leading expert in digital identification certificates, provides a standard of authentication to confirm the identity of the user prior to accessing the SumxNet Internet Banking System. VeriSign describes Digital ID's as ..."electronic credentials that establish an individual's or entity's identity. A server secured with a Digital ID ensures visitors of the site's authenticity and allows the session with the client to be encrypted."... It is essentially "additional evidence" that end-users who are seeking and receiving data are indeed those rightful users that the server understands them to be.