Security

Security FAQ

What controls does Bank of Prairie du Sac use to keep my Online Banking information secure?

Security configurations (e.g., password parameters, failed login attempts and account lockout) are implemented on production web, application and database servers. Passwords used to access servers and network devices are subject to password composition requirements, including minimum length, complexity, history, account lockout, and periodic change intervals. Access to perform system administrative functions on production systems and network devices require multifactor authentication.

In order for our Online Banking users to be authenticated, end users must successfully validate their user ID with their password and present a One-Time Passcode (OTP) sent to the user’s phone or smart device to respond to the challenge.

Access to the Online Banking applications is suspended after a defined number of consecutive invalid access attempts. The financial institution administrator can list and disable accounts that are considered inactive or whose accounts have been closed. Disabled accounts are not granted access to the online banking application. Time-out intervals for online banking sessions have been set. If an end user exceeds the time-out interval, the end user must re-authenticate by entering their user ID and password before accessing confidential information.

What is a cookie, and how does Bank of Prairie du Sac use cookies?

A “cookie” is a small piece of information (a text file), which a web server can store temporarily with a web browser. Once the cookie is stored, the site's web server can later retrieve that information for that browser. For example, when you browse through an “online shopping mall” and add items to a “shopping cart” while continuing to shop, your browser stores a list of the items that have been added to the cart so that you can pay for all of the items at once when you are finished shopping. It's much more efficient for each browser to keep track of information like this than have a web server remember who bought what, especially if there are thousands of people using the web server.

When browsing the web, any cookies that are sent to a browser are stored in the computer’s memory. When the browser is closed, any cookies that have not expired are written to a cookie file so they can be reloaded next time the browser is used.

Online Banking uses a different kind of cookie known as a session cookie, a non-persistent cookie, or a pre-expired cookie. These cookies are placed temporarily and are never stored to the user’s computer memory. Instead, these pre-expired cookies are used as part of the stringent security measures in the Online Banking product. As the end user navigates through Online Banking a pre-expired cookie is set each time a page is viewed. Because the HTML page they are viewing is not saved on your computer, it must always be re-retrieved from the server.

The pre-expired cookies keep the session alive until the end user logs out properly or times out of Online Banking. Once this occurs, the end user must login with their User ID and Password to gain access again. This ensures that another user using the same computer cannot access the previous session.

This website uses pixel tags, otherwise known as web beacons, to set, read, and/or modify targeting cookies. Pixel tags may be used to obtain information about the computer accessing the website, such as an IP address, the time the pixel tag is sent, the computer operating system and browser type, and information similar to the foregoing. We use the information collected by pixel tags to deliver more targeted advertising, enhancing the advertising experience for each website user.

How does Bank of Prairie du Sac protect customer data on mobile applications?

All data exchanged between mobile banking apps with Online Banking servers is protected in transit using Transport Layer Security (TLS). All offerings provide strong password requirements and aggressive idle timeouts. Mobile banking apps use the device’s secure storage to host sensitive data.

What controls are used to prevent unauthorized access to customers’ accounts in the mobile banking apps?

Mobile banking apps use out-of-band multifactor authentication to authenticate users at login.

How does Bank of Prairie du Sac keep online banking information (including login credentials) secure?

Online Banking does not store any information in the user’s device or the web browser cache. Mobile banking apps use the device’s secure storage to host sensitive data. All data is securely transmitted to Online Banking servers using TLS.

Does Bank of Prairie du Sac use challenge questions on the mobile channel?

No. Answers to challenge questions can be discovered or guessed easily. Instead, one-time passcodes (OTPs) sent out of band using SMS or phone calls are used.

If a customer’s mobile device is lost or stolen, can anyone access his or her banking information or take over the account and identity?

No. If a customer’s mobile device is lost or stolen after authentication, the account cannot be accessed without the username and password.

How does Bank of Prairie du Sac secure Mobile Remote Deposit Capture?

Mobile Remote Deposit Capture is secured by the same means as the rest of the mobile application, as described in the Online Security section.