St. Paul Federal Credit Union Security Policy

When you visit our secure website to access your account, you will be asked for a personal identification number (PIN), which will give you access to the member-only section of our website. This information enables St. Paul Federal Credit Union to regulate entry to the member-only portions of our website and to measure member usage. Any identifying information gathered is not sold or given away to third parties.

Secure Sockets Layer (SSL) Encryption

Using cryptography ensures the privacy of the communications between you (your browser) and our server. Cryptography simply scrambles messages exchanged between your Internet browser and our Internet Account Access server. Encryption happens as follows: when you go to the log-in page for Internet Banking, your browser establishes a secure session with our server. The secure session is established using a protocol called Secure Sockets Layer (SSL) Encryption. The SSL protocol requires the exchange of what are called public and private keys. Keys are random numbers chosen for that session and are only known between your browser and our server. After the keys are exchanged, your browser will use the numbers to scramble (encrypt) the messages sent between your browser and our server. Both sides require the keys because they need to de-scramble (decrypt) the messages when they are received. The SSL protocol, not only ensures privacy, but also ensures that no other browser can “impersonate” your browser, nor alter any of the information sent. You can tell whether your browser is in secure mode by looking for the secured lock symbol at the bottom of your browser window. You will also know you are in the secure site by the https:// designation in the location bar of your web browser. Today’s browsers offer 40-bit, 56-bit or 128-bit encryption. All result in a very large number of possible combinations. Our servers are compatible with these encryption levels, however we recommend using 128-bit capable browsers for the highest level of security. Members accessing their account from outside the United States will be limited to 40-bit encryption due to international standards.

St. Paul Federal Credit Union Home Page: www.stage.stpaulfcu.org

Portions of this website are also secure with SSL in the same manner as outlined for the Internet Account Access server at a 40-bit encryption level only. The areas of this web site that are secured include online forms and applications. All other areas of this web site are for information purposes only and no member information is sent over the Internet from these pages.

Your Browser’s Encryption Level

Follow these steps to determine the level of encryption that your browser supports. In Netscape, go to a secure page then click on “View” in the main menu, then on “Page Info.” The level of encryption should be shown under “Security.” In Internet Explorer, go to “Help” then “About Internet Explorer.” Some information will appear, including Cipher Strength (encryption level). To determine the security of a Web page within a frame, use the right mouse button to click inside the frame, click “Properties” on the menu that appears.

Obtaining a Secure Connection

The use of SSL requires that you have an SSL compatible browser. While older browser versions may support SSL sessions, St. Paul Federal Credit Union recommends using the following browsers to access our web site.

PC Operating Systems: Minimum browser requirements: Microsoft Windows XP at a minimum. Microsoft Internet Explorer 8 or later, Firefox 3.6 or later, Chrome 18 or later.

Macintosh Operating Systems:Minimum browser requirements: Mac OS 10.4 or later. Safari™ 5.0 or later, Firefox 3.6 or later, Chrome 18 or later.

Personal Identification Number (Password)

St. Paul Federal Credit Union is dedicated to providing alternative financial options with stringent security measures to protect our members. Our online Internet Banking solution is dedicated to providing you privacy and protection.

Therefore, it is important to verify that only authorized persons log into your Internet Banking account. This is achieved by verifying your password. You will receive a password when you sign-up for Internet Banking. When you enter your password at the log-in screen, it is compared with the password we have stored in our secure server. We allow you to enter your password incorrectly three (3) times per log-in. After three failed attempts, it is determined to be fraudulent activity and the account is “locked out” and no further log-in attempts will be allowed until you contact the Credit Union to regain access to your online account. We require that you change your password after you log-in the first time for security reasons.

You play a crucial role in preventing others from logging on to your account. Never use a password that is easy to guess. You can and should periodically change your password from the “Change Password” button in Internet Banking from the “More Features Menu.”

St. Paul Federal Credit Union is dedicated to providing alternative credit union options with stringent security measures for our members. We have your privacy, protection, and piece of mind at the forefront of our online Internet Banking solution.

Since you will have the capability to print account information displayed on your computer screen, remember to secure this information in the same manner as your normal credit union statements and receipts.

Automatic Sign-off or Timeout

We provide a number of additional security features in our online Internet Banking service. Internet Banking will “timeout” or sign you off after a pre-determined period of inactivity. This prevents curious persons from continuing your Internet Banking session in case you have left your PC unattended without logging out.

However, we strongly recommend that you always sign-off (log out) when you are done with your Internet Banking session. We also strongly recommend that you close all open browser windows to ensure all access to your account is logged off.

Firewalls

It is important to point out that the computers that store your actual account information are not hooked up to the Internet. The requests you make through the Internet are handled by our Internet Banking servers, which retrieve the information you requested from our data processor’s mainframe via a proxy-based firewall server. All incoming IP (internet protocol) traffic is actually addressed to the firewall, which only allows authorized information to flow into the credit union’s servers. This firewall server acts as the go-between when you conduct transactions on our online Internet Account Access computers, which are secured as discussed earlier.

To protect the accuracy of data and guard against unanticipated threats, standard data processing practices are employed for regular backup of data. This includes archiving and off-site storage, computer virus protection and identification as part of our formal disaster recovery plan. This plan includes regular testing of this plan as well as a business resumption plan in the event of a disaster. We have also instituted data processing auditing processes to regularly review processes for appropriate access to customer data and other standard security objectives. Our Internet processes also include data security devices to protect against unauthorized access. We will permit only authorized employees who are trained in the proper handling of member information to have access to your information.

Our goal is to provide you with the best financial products and services available. Our commitment is to protect your privacy in all situations and to work closely with you – our members – to meet your needs.