Banks Never Ask That campaign 

Take the quiz on what is legit and what is a scam

 View: what DSB will and will not ask customers to reveal - samples of real fraud texts received

DSBconnect Digital Banking Security Policy and Procedures

Ensuring you have a secure digital online/mobile banking experience is a top priority when delivering service to you. This level of security is achieved by:

  • Protecting the privacy and the confidentiality of the communications between your browser and our servers. (By "our," we refer to our contracted digital service provider).
  • Verifying that only authorized persons are allowed to access online banking.
  • Maintaining isolation of our computers from the Internet.

Security refers to preventing unauthorized access to a computer system or network. Denison State Bank and its digital banking provider CSI (Computer Services Inc.) use several layers of technology to prevent unauthorized users from gaining access to the internal network. We have in place a sophisticated networking architecture of screening routers, filtering routers, and firewalls. We use software that incorporates full data encryption to ensure the security and privacy of transactions. 

The computers that store your banking account information are not hooked up to the Internet. The requests you make through the Internet are handled by our servers, which retrieve the information you requested from our mainframe via proxy-based firewall servers. These servers act as the connection between you and our provider's mainframe computers.

Encryption

The privacy of the communications between you (your browser) and our servers is ensured using cryptography that scrambles messages exchanged between your browser and our online banking server. Encryption happens as follows:

When you go to any DSB Online area, your browser establishes a secure session with our server. The secure session is established using a protocol called Secure Sockets Layer (SSL) Encryption. This protocol requires the exchange of what are called public and private keys. Keys are random numbers chosen for that session and are only known between your browser and our server. After the keys are exchanged, your browser will use the numbers to scramble (encrypt) the messages sent between your browser and our server. Both sides require the keys because they need to de-scramble (decrypt) the messages when they are received. The SSL protocol not only ensures privacy, but also ensures that no other browser can "impersonate" your browser nor alter any of the information sent.

The numbers used as encryption keys are like combination locks. The strength of encryption is based on the number of possible combinations that a lock can have. As the number of possible combinations grows, it becomes less likely that anyone would be able to guess the combination in order to decrypt the message. Modern browsers offer 40-bit encryption or 128-bit encryption; DSB Online requires the use of 128-bit capable browsers.

Logins: Username and Password

When you register for DSBconnect, you will be prompted to choose a Username and Password. You accept responsibility for the confidentiality and security of your Username and Password, which includes to:

  • Not disclose them or otherwise make them available to anyone else;
  • Use them as instructed;
  • Immediately notify us of any loss or theft; and
  • You acknowledge that we are entitled to rely on the use of your username and password as your authorization for any transaction through the service. You are responsible for all transactions you initiate or authorize using the service. If you permit any other person to use the service or your username/password, your account may have unauthorized transactions, of which you are protected against if you contact the bank in allowed timeframe. 

The registered customer always selects the password. Neither Denison State Bank nor its service provider ever have direct possession or knowledge of customers' passwords unless a registered customer were to reveal that password to us in order to trouble-shoot a registration. Specifically, this bank observes the following password protection practices:

  • Minimum password length is 8 characters, and maximum length is 25 characters.
  • At least one capital letter, at least one numeral, and at least one special character must be included in the password.
  • Passwords are case sensitive. You must enter it exactly as you originally set it up.
  • A well chosen password should be easy to remember and hard to guess. Using initials of words in a memorable phrase is advised. 
    Example of a strong password: NluhatwJ78!     Example of a less secure password: holtonwildcats74!

If you forget your password or enter it incorrectly seven consecutive times and get locked out, contact the bank to have your password reset. We monitor and record unsuccessful log-in attempts to detect any suspicious activity.

Usernames and passwords are encrypted during transmission between the bank, its provider, and its core data processor.

Why doesn't DSBconnect remember my password? 

Logins: Biometrics

You can use Touch and Eye scan logins if your device is enabled for that. View more about Apple/iOS biometric logins.

Login Credential Protection

It is important to us to verify that only authorized persons log into digital banking. This is achieved by verifying your username and password. When you attempt to log in with your username and password, they are compared with what is are stored in our secure data center.

You can prevent others from logging on to your account. Never use a username or password that are easy to guess. Examples of bad username/password are birth dates, first names, pet names, addresses, phone numbers, social security numbers, etc. Never reveal your username/password to another person. You should periodically change your username/password in the Profile section. We recommend that you create a password that is used only for DSBconnect and not associated with any commonly-known personal identification. The password should be memorized rather than written down.

Enhanced Multi-factor Authentication

Multi-factor authentication is an industry practice for additional online security. Our MFA requires two authentications when triggered:  identity questions-and-answers about yourself, and Out of Band authentication (OOBA) through registered phone number or email address.

Questions and Answers:
When you first register, you will be prompted to choose from any 3 provided identity questions about yourself, and you provide and store answers to them that only you should know.  If triggered, the question will be asked during a login and the answer must be entered exactly as set up. That means only you should know the 3-way lock of username, password, and security answer. 

Out Of Band multi-factor authentication (OOBA MFA)
OOBA is set up and used on digital banking logins, when triggered. This authetnication is triggered if your login is entered on an unrecognized device. When that happens, before the login access is allowed, a verification is sent by text, automated phone call or on DUO app to the registered user, asking for verification.  Adding this additional layer of authentication minimizes the risks of unauthorized logins commonly done in fraud and scam situations that pressure the digital user to reveal their login credentials, and the fraudster can then attempt to login as the user and illegally access and transfer funds out of accounts.  This helps ensure that only the registered user is able to login and access their bank account information.

Time Out and Sign Off

DSBconnect will time out after 30 minutes of inactivity. This prevents curious persons from continuing your online banking session in case you have left your device unattended without logging out. Click the "Log Off" link to end a session.

Virus Protection

We are not responsible for any electronic virus or viruses that you may encounter. We encourage our customers to routinely scan their PCs using a reliable anti-virus product to detect and remove any viruses found. An undetected or unrepaired virus may corrupt and destroy your programs, files and even your hardware. Additionally, you may unintentionally transmit the virus to other computers.

Banks Invest in Security Technology and Training

Lawmakers, regulators and the banking industry have forged substantive standards for safeguarding customers' "nonpublic personal information." Uniform examination procedures are in place to monitor and enforce these standards, and bank examiners regularly go on-site to assess how bank security measures are being implemented. For example, a federal regulator will typically review a bank's internal controls and policies, with a view to establishing whether the institution considered and adopted the appropriate controls.