Online Banking Security
Online Banking uses several different methods to protect your information. All information within Online Banking uses the SSL (Secure Socket Layer) protocol for transferring data. SSL is encryption that creates a secure environment for the information being transferred between your browser and One Bank of Tennessee. To help protect your privacy while you are using the service, we will sign you out of the Online Banking service after 20 minutes of inactivity.
At a high level, SSL uses public key cryptography to secure transmissions over the Internet. In practice, your browser will send a message via SSL to the bank's server. The bank responds by sending a certificate, which contains the bank's public key. Your browser authenticates the certificate (agrees that the server is in fact One Bank of Tennessee's), then generates a random session key which is used to encrypt data traveling between your browser and the bank's server. This session key is encrypted using the bank's public key and sent back to the server. The bank decrypts this message using its private key, and then uses the session key for the remainder of the communication.
Secure Socket Layer (SSL) protects data in three key ways:
- Authentication ensures that you are communicating with the correct server. This prevents another computer from impersonating One Bank of Tennessee.
- Encryption scrambles transferred data.
- Data integrity verifies that the information sent by you to One Bank of Tennessee wasn't altered during the transfer. The system detects if data was added or deleted after you sent the message. If any tampering has occurred, the connection is dropped.
One Bank of Tennessee requires customers to have an additional layer of security when using Internet-based bank products. The Federal Financial Institutions Examination Council (FFIEC) issued guidance this year that describes methods for Online Banking users. These methods are being put into place to ensure the security of our customers' personal and financial information.
What is Enhanced Security?
Enhanced Security is a free and easy way to help verify that it is actually you logging into your One Bank of Tennessee Online Banking account. This new login feature confirms that you are accessing your One Bank of Tennessee online accounts via a computer which you previously authorized.
This feature works by requiring two methods to identify that you are the correct user accessing your online accounts. The first method is your user ID and password and the second method is to register the actual computer that you are using for your online banking. When you enroll, the computer you are using will simultaneously be registered. Thereafter, you can register additional computers using your Challenge Questions.
What are “Challenge Questions”?
They are a series of questions presented to you when you login to Internet Banking. You will be asked to answer a random selection of these questions. Your answers should be something difficult for others to guess and easy for you to remember. If you use more than one computer to access your Online Banking account, you will be asked to answer two of these questions to register your computer.
What if I forgot my Challenge Question answers?
Please call us at (931) 528-5132. Our Online Banking Administrator can reset your Challenge Questions for you. Then you can go online and choose new Challenge Questions and enter your answers.
What if I access Online Banking from more than one device?
You can register as many computers as you like into Enhanced Security (your home, office, relative's computer, etc.) so that you can bypass the Challenge Questions upon subsequent logins.
The Enhanced Security feature stores an encrypted cookie-based credential onto any computer you choose to register.
If you delete this cookie from a computer which you wish to use for your Online Banking accounts, you will be prompted to enter your Challenge Questions as if it were an unregistered computer. You will then be able to register it again. If you purchase a new computer, it too, will need to be registered to obtain the encrypted cookie.