Sterling Bank & Trust

Security

Sterling Bank and Trust is committed to complying with the highest level of security the internet has to offer for our customers. Sterling Bank and Trust's methods of security are outlined on this page as well as information about our customers' role in insuring secure transactions over the internet.

• Upgrading of Browser on your PC (Home Computer)
• Secure Socket Layer (SSL) and Verisign
• Firewalls, Internet and Log Files
• E-mail Scams: Phishing
• Protect Yourself
• Website Usage Policy
• Terms and Conditions

1. Upgrading of Browser on your PC ( Home Computer)

Our Web site supports versions of Netscape NavigatorÈ* and Microsoft Internet Explorer^Â* browsers that use  128-bit encryption. Encryption is a means of scrambling information for transmission, in this case, between your PC and Sterling Bank and Trust's computing systems. Information that is encrypted at one end is decrypted (decoded) upon receipt at the other end.

128-bit encryption is the strongest, most secure form of encryption that is generally available in Internet browsers. Sterling Bank and Trust requires that their customers use 128-bit encryption when conducting financial transactions over the Internet. We also recommend the use of 128-bit encryption for all non-financial transactions over the Internet, e.g. the completion of application forms. This is because these browsers support Private Communication Technology (PCT) and Secure Sockets Layer (SSL) protocols, which are used to establish secure channel services and protect data transmitted between clients and servers.

Currently, the most popular browsers with this feature are:

• Microsoft Internet Explorer Version 4.0 or higher with 128-bit "high" encryption *
• Netscape Navigator Version 4.0 or higher with 128-bit encryption (4.5, 4.72, 4.73 versions)
• Netscape Communicator Version 4.0 or higher with 128-bit "strong" encryption (4.5, 4.72, 4.73 versions)
• America Online Version 4.0 (with Internet Explorer Version 4.0, as noted above)

* There is a known issue with Netscape browsers with version 4.7 only. Please upgrade to one of the next two builds, 4.72 or 4.73.

You can also download Netscape NavigatorÈ* or Microsoft InternetExplorer^Â* with 128-bit encryption by clicking on the respective icon below. You should note that 128-bit encryption is an optional feature for both Microsoft and Netscape browsers, and may not be available outside of the United States and Canada.

The level of encryption and version of your browser can be checked by performing the following:

Netscape Communicator:

1. In Navigator or Communicator, choose the Help menu and select About Navigator (or Communicator).
2. Look for the section that reads "Contains encryption software from RSA Data Security, Inc".
3. If the next paragraph says "This version supports U.S. security...", that means you have 128 bit security. If it says you have International security, that means you have 40 bit security. Download the 128 bit encryption from the above link for your operating system.

Microsoft Internet Explorer:

1. Open the browser and click on "Help" in the top menu. Then choose the "About Internet Explorer" option.
2. In the box that appears, look at "Cipher Strength". If it does not view as 128bit encryption, then click on the "update information" link and download the 128 bit encryption version for Internet Explorer or you can download the 128 bit encryption from the above link for your operating system.

* Important Notice for Internet Explorer 5.0 Users!

There is an option in IE 5.0 that lets you save passwords for secure sites. If these options are enabled, the browser will prompt you to "save passwords" and from that point forward that browser will sign on to Online Banking without a password.This is a security risk.It means that anyone who opens your browser on your PC could access your bank information without needing the secret logon information.

Here are the menu instructions to disable the password storing feature of IE 5.0.

If you have Internet Explorer 5.0, open the browser and go to

• Tools>Internet Options>Content tab>"Personal Information" section>Auto Complete button
• uncheck "User Names and Passwords on Forms"
• uncheck "Prompt Me to Save Passwords"
• press "Clear Passwords" button
• press "OK" to save changes.

* Important Notice for Internet Explorer 5.01, 5.5, 6.0 Users!

Customers using Internet Explorer 5.01, 5.5 or 6.0 browser(s) should read Microsoftês August 2002, Cumulative Patch for Internet Explorer (Q323759). Microsoft is urging users to install a new patch this week that will correct vulnerabilities in its Internet Explorer browser. [Read more.] [Download patch.]

 AOL User:

1. 128 bit encryption is supported by AOL Version 4.0 with Internet Explorer Version 4.0, as noted above. If you have trouble downloading, please contact America Online Customer Service by calling (888) 265-8006.

Go to Keyword: 128browser. Follow the instructions for downloading and installing your new 128-bit browser.

Top of page

2. SSL Technology

SSL uses authentication and encryption technology.The Online Banking System brings together a combination of industry- approved security technologies to deliver a product that keeps your data safe. It features password-controlled system entry, a VeriSign-issued Digital ID loaded onto the bank's server, Secure Socket Layer (SSL) protocol for data encryption, and a router loaded with a firewall to regulate the inflow and outflow of server traffic.

(SSL) Secure socket Layer protocol is used as the "gateway" to provide privacy for the data flowing between the browser and Sterling Bank and Trust's server. SSL provides a secure channel for data transmission over the Internet. It allows for the transfer of digital signatures for authentication procedures and provides message integrity, ensuring that the data can't be altered en route. Sterling Bank and Trust's customers can be assured they are actually communicating with Sterling's web server and not a third party trying to intercept the transaction on the Internet. You can tell when you are secure by looking at the location (URL) field. If the URL begins with https:// (instead of http://), the document comes from a secure server. This means your data cannot be read or deciphered by unauthorized individuals.

To start a transaction, the customer uses his or her browser to send a secure message via SSL to Sterling Bank and Trust's server. The Sterling Bank and Trust server responds by authenticating the customer and initiating session encryption. When a session is encrypted, the key icon at the lower left corner of your screen becomes solid, and a blue line appears at the top of the screen. If the key icon appears broken, encryption is not in use and the current session is not secure.

Click here to view our secure and active Verisign-issued Digital ID

Top of page

3. Firewalls, the Internet, Log files

Sterling Bank and Trust also protects financial transactions through barriers such as an Internet firewall and filtering routers that prevent unauthorized access. Each presents an additional barrier between the Internet and the internal bank network.

Filtering routers are used to verify the source and destination of each information packet sent to the bank, and filters out all packets not addressed to specific network services. The filtering router verifies the source and destination of each Internet packet, and determines whether or not to let the packet through. Access is denied if the packet is not directed at a specific, available service. Also, filtering routers prevents many common Internet attacks. 

Sterling Bank and Trust's firewall is monitored by a leading firewall providers 24 hours a day 7 days a week. This internet firewall is a combination of hardware and software designed to securely separate the Internet from our internal computer systems and databases. Only Sterling Bank and Trust traffic is allowed to pass through the firewall - all other traffic from the Internet is rejected. All Internet data flows through a series of safety check points on its way to and from our internal systems so that only authorized messages and transactions enter our computing environment. Firewalls work in a similar way, examining each packet of information that is sent across the Internet to the customer service network. The purpose of the firewall is to protect the bank's internal network from outside observation.

System and application activity logs are another mechanism Sterling Bank and Trust uses to protect our systems and your information. These logs are reviewed regularly and any anomalies or discrepancies are investigated thoroughly.

Top of page

4. E-mail Scams: Phishing

What is phishing?

All Internet users should be aware of the online scam known as "phishing" (pronounced "fishing"). Phishing involves the use of e-mail messages that appear to come from your bank or another trusted business, but are actually from imposters.

Phishing e-mails typically ask you to click a link to visit a Web site, where you're asked to enter or confirm personal financial information such as your account numbers, passwords, Social Security number or other data. Although these Web sites may appear legitimate, they are not. Thieves can collect whatever data you enter and use it to access your personal accounts.

How can I spot a phishing scam?

Look for these warning signs:

• Language and tone. The message you receive may urge you to act quickly by suggesting that your account is threatened. It may say that if you fail to update, verify or confirm your personal or account information, access to your accounts will be suspended. The wording may also be sloppy and contain misspellings.
• Requests for personal information. Scam e-mails typically ask for personal or account information such as:
  - Account numbers 
  - Credit and check card numbers 
  - Social Security numbers 
  - Online banking user IDs and passwords 
  - Mother's maiden name 
  - Date of birth 
  - Other confidential information
• Non-secure Web pages. Clever thieves can build a fake Web site that looks nearly identical to an authentic one. They can even alter the URL (the Web address) that appears in your browser window. Watch out for non-secure Web pages that ask for sensitive information (secure sites will typically display a lock in the status bar at the bottom of your browser window).

Examples of phishing scams

The scams identified below are examples of scams that have been reported by financial institutions, retailers, brokerage firms and other customer oriented companies.

• Some financial institution customers have received e-mail messages stating that "there have been a large number of identity theft attempts” targeted at financial institution customers. The e-mail requests that customers confirm their identity for personal online banking by clicking a link and logging onto their accounts.
• Another fraudulent e-mail pretends to be a "Security Center Advisory" that informs customers their account "has been randomly selected for maintenance," and that they need to click a link to verify their identity.
• Another fraudulent e-mail message states that –a customers online banking account has been locked because of too many failed login attempts.” The e-mail requests that customers unlock their profile and confirm their identity by clicking a link and logging into their profile using personal information.
• Yet another fraudulent e-mail states that there is a pending charge (often a quite large one) to the customer's account, and in order to decline the transaction, the customer needs to click a button or a link in the e-mail.

All of these e-mail messages include links that appear to take customers to the companiesê web siteãhowever, the Web pages they go to are not legitimate. They actually take customers to fake Web pages where the scammers collect personal and account information.

How can I decrease my risk of being a phishing victim?

Here are some safety tips:

• Be suspicious of demanding messages. Messages threatening to terminate or suspend your account without your quick response should be treated as suspicious. A legitimate bank or business should not request personal information from you over an unsecured Web site. When in doubt, call the business' customer service number (available on your account statement) to confirm the status of your account. Do not use telephone numbers found on the suspected Web site.
• Always type in the URL of the Web page you need. Phishing scams rely on embedded links that take you to fake Web sites. It's safer to type your bank's Web address directly into your browser so you know you're visiting the legitimate site.
• Protect your password. Don't write down sensitive personal information such as your password or Social Security number. Change your password frequently.
• Keep your computer up-to-date. We recommend that you install anti-virus and firewall programs to help keep your computer safe.

Report an online scam

Please note that Sterling does NOT solicit personal information through email messages. If you receive a suspicious e-mail that appears to come from Sterling Bank & Trust, please notify us immediately by forwarding the e-mail to scam@sterlingbank.com (do not open any attachments or click any links found in the suspicious e-mail).

You may also want to forward it to the Federal Trade Commission at spam@uce.gov, or contact them at www.consumer.gov/idtheft* or 877.IDTHEFT (877.438.4338).

If you believe you have provided personal or account information in response to a fraudulent e-mail or Web site, please contact us at 1-800-944-2265 and contact the other business with which you have accounts.

Learn more about phishing

To learn more about phishing, read the FDICês phishing brochure * provided by The Federal Deposit Insurance Corporation. (*Click here for the FDIC's phishing brochure)

Top of page

5. Protect Yourself

Ensure you protect the privacy of your banking information by not revealing your password to anyone else. In addition, when you leave your PC after completing activities in an encrypted area of the site, you should clear the cache (in Netscape Communicator) or clear history (in Microsoft Internet Explorer).

You are responsible for keeping your online password, account numbers, personal identification information, and other account data confidential. Sterling Bank and Trust cannot be responsible for customer errors or negligent use of the service and will not cover losses due to:

• Input errors or misuse of the service.
• Negligent handling or sharing of passwords leading to unauthorized access to accounts.
• Leaving a computer unattended during an Online Banking session -- click "Sign Off" to end your session.
• Failure to report known incidents of unauthorized account access within 2 business days.

Your Online Banking Accounts with Sterling Bank and Trust are Password Protected

• Three strikes and you're Out!- Sterling Bank and Trust does not give unauthorized individuals the opportunity to enter random passwords and account information. If any password is entered incorrectly three consecutive times, account access will be blocked or locked out. This feature is a security item that helps protect the system, the bank and your data. The account can be reactivated by the authorized user by contacting Sterling Customer Service Center and answering a few validation questions that only the authentic customer would know. Protect your password! - When changing your password, we can't emphasize enough the importance of picking a good, secure password. It should be a password that is not easily guessed by another person. It's very important to keep this password in a safe place and to change it frequently. Choose a password that is 6-10 characters long, with as many different characters as possible and at least one numeric and one alpha character. Stay away from using personal information such as your name, social security number, birth date, phone number, or spouse's name. Don't use passwords that are easily recognized while you are typing. Most importantly, change your password frequently.
• Don't forget to log out!If you forget to log off after an online banking session, it could compromise the security of your account. Sterling Bank and Trust will automatically log you off after 60 minutes (whether activity is occurring or not), but go ahead and log off as an added security measure.

Tips for safe online banking:

• Computer viruses have become commonplace for PC users today. Computer viruses can effectively damage important data if not adequately controlled. However, you can safely deal with the threat of computer viruses by following a few simple guidelines: Use commercially available virus protection software. The best protection against computer viruses is to install virus protection software (readily available from most computer stores.) This software can scan your computer system for known computer viruses and add an extra level of safety for PC users. In order for your anti-virus software to remain effective you must also update it regularly. There are new viruses being introduced every day. Be sure to update virus software definition files on a regular basis from the manufacturer of your virus protection software. While Sterling Bank and Trust does not guarantee the performance of commercially available software or endorse a particular brand, we suggest that you obtain the software to help reduce the risk of viruses getting onto your computer.

• Do not accept email attachments from unknown senders. Many viruses today are accidentally spread by users receiving and running programs sent to them by someone they do not know. Although it may seem harmless, the next chain-letter or great offer may be the trojan horse for a virus. Protect yourself and your data.

• Scan all diskettes before use. Diskettes that are passed from user to user have a high susceptibility to virus infection because not all systems utilize virus protection software. Protect your data. No anti-virus software is 100% effective. Another effective way to protect yourself is to backup your data regularly. If you can't afford to lose it, back it up.

Do not send us any personal information (example: account numbers and/or card numbers) by Internet email. Emails are not secure via the internet.

Sterling Bank and Trust and the bank's subsidiaries and affiliates, will not be responsible for any damages you may incur if you communicate confidential information to us over the Internet, or if we communicate such information to you, at your request.

Top of page