With online banking,and as with traditional banking methods, security is a prime concern for TheMorris State Bank. Our online banking platform brings forth a combination ofindustry‐standardsecurity technologies to protect both customer and Bank data from exposure tounauthorized entities. This level of security is achieved in part by:
· Protecting the privacy and the confidentiality of thecommunications between your browser and our servers.
· Verifying that only authorized persons are allowed to accessonline banking.
· Maintaining isolation of our computers from the internet.
Our online bankingplatform features a password‐controlledsystem entry, Secure Sockets Layer (SSL) protocol for data encryption, andfirewall technology to regulate the inflow and outflow of server traffic. Theprivacy of the communications between you (your browser) and our servers isensured using encryption. Encryption scrambles messages exchanged between yourbrowser and our online banking server. Our servers require your browser to connectat a minimum 256‐bitencryption. Users will not be able to access online banking functions at lesserencryption levels. This may require some end users to upgrade their browser tothe stronger encryption level in order to access online banking functions.
Securityand User Identification
Online security isachieved by credential verification. To begin an online session, a user musthave a Login ID and a Password. Customers accept responsibility for the confidentialityand security of access credentials. For security purposes, passwords must bechanged during the initial log‐in toour online banking platform and then periodically. Customers determinepasswords based on Bank‐definedconventions. Customers play a crucial role in preventing others from logging onto their account(s). Customers should never use passwords that are easy toguess. Examples of bad passwords include birth dates, first names, pet names,addresses, phone numbers, social security numbers, etc. Customers should neverreveal passwords to another person.
Commercial customersare granted customized access based on services. The Bank will provide accesscredentials to an authorized Company Administrator. Company Administrators havefull account access and are responsible for maintaining users, which includesadding, assigning entitlements and removal of users. In addition, we may providecompany users additional layered security methods due to Cash Managementservices granted. Customers agree that the security credentials assigned by theBank constitute a reasonable security procedure, and the Bank can rely on, andact in accordance with, any inquiry, message or instruction transmittedelectronically using the assigned security credentials, which will constituteconclusive evidence that such inquiry, message or instruction is correct andhas been duly authorized by the company.
Our system also uses alock‐outprotocol to deter unauthorized users from repeated login attempts. After acertain number of unsuccessful login attempts, the system locks the user out,requiring a phone call to the Bank to verify the identity of the customer.
Customers areencouraged to take advantage of additional online banking tools offered whichadd another layer of protection, under the “Account Alerts” tab of the userprofile.
Once a server sessionis established, the user and the server are in a secure environment. Becausethe server uses the industry standard 256‐bit technology, data traveling between the user and the server is encryptedand can only be decrypted with a public and private key pair. The Bank’s serverissues a public key to the end user’s browser and creates a temporary privatekey. These two keys are the only combination possible for that session. Whenthe session is over, the keys expire and the whole process starts over when anew user begins a server session. Note that asymmetric encryption is usedduring the initial key exchange. Symmetric encryption is used for the remainderof the session.
Requests must filterthrough a firewall before they are permitted to reach our server. Theconfiguration begins by disallowing ALL traffic, and then grants access whenappropriate to process acceptable data requests. Multiple layers exist withinthe network to protect access to critical systems. All traffic is load‐balanced as it communicates with ourservers, and malformed protocol requests are immediately dropped when detected.Strict access control lists are used to permit only authorized traffic to passthrough each layer of the network. Redundant intrusion detection systems tomonitor for traffic anomalies or other unauthorized attempts to gain access tothe network or systems used.
Protectingyour Login ID and Password
You should not keepyour Login ID and password information on or near your computer. Keep both in asecure area away from your computer to prevent any unauthorized access to youraccounts. Never share your Login ID or password with anyone. For securityreasons, we auto enforce password changes periodically. Some browser softwaremay store user names and passwords to make it easier when you revisit awebsite. The Morris State Bank does not recommend using this feature to accesssites containing sensitive information. You can disable this feature in yourbrowser. Please note that if you enable this feature, unauthorized users may beable to access your account without your knowledge. Do not leave your computerwhile you are logged into online banking, especially if others may have accessto your computer. Before leaving your computer, be sure to click on the Log Offoption or EXIT button to end your online session.
You understand you maysend and receive secure email messages to and from the Bank through onlinebanking. Messages sent to the Bank through online banking will automatically berouted to a Bank email box. The Bank is not responsible for any delay inmessages being retrieved. Urgent messages should be verified by a telephonecall to the Bank. You are responsible for periodically checking for messagessent by the Bank. You cannot use secure email to stop payments, transfer fundsor perform bill payment. Regular non‐encrypted internet email may not be secure and should not be usedas a method to communicate sensitive information. If you are uncertain aboutthe security of an email or the confidentiality of any message, you can contactus by phone at 918.733.4511, by mail at The Morris State Bank, PO Box 70,Morris, OK 74445, or by visiting our bank at 800 West Ozark, Morris, OK 74445.
BestPractices to Mitigate Phishing Scams
An increasinglyprevalent scam currently being employed by unscrupulous individuals isphishing. Phishing is a high‐techscam that uses spam or pop‐upmessages in an attempt to deceive you into disclosing your credit card numbers,bank account information, social security number, passwords, and/or othersensitive information. Spoofing is one person or program pretending to besomething it’s not on the internet, usually via an email or website.
The sophistication ofphishing and spoofing scams sent out to consumers continues to dramaticallyincrease. While online banking is widely considered to be as safe as or saferthan in‐branchor ATM banking, as a general rule, you should be careful about giving out yourpersonal financial information over the internet. Remember, The Morris StateBank will never request your personal information via email or text.
Recommendationsto follow to avoid becoming a victim of scams:
· Be suspicious of any email with urgent requests for personalfinancial information. Phishers have been known to include upsetting orenticing (but false) statements in their emails to get people to react immediately.More recently, some phishers have toned down their language, as emailrecipients have become more aware of the use of this tactic. Either way, theemail typically asks for information such as login IDs, passwords, credit cardnumbers, social security numbers, etc.
· Be careful of emails that not personalized and/or may containspelling errors and/or awkward syntax and phrasing. Many phishing emails aresent in bulk and, therefore, are not personalized. If you are suspicious of anemail claiming to be from a company you do business with, call the companywhich appears to have sent the email before responding. Many emails are beingsent from other countries from individuals for whom English is a foreignlanguage, thus resulting in misspelled words and awkward syntax and phrasing.
· Be careful of personalized emails that ask for personal financialinformation. Be suspicious of any email that contains some personal financialinformation, such as a whole or partial bank account number and asks for otherinformation, such as a PIN. We will never ask for or send you personalfinancial information by email unless it is encrypted or by some other securemethod.
· Do not use links in an email to get to any web page. Instead, callthe company on the telephone to confirm the web page address, or log onto thewebsite directly by typing in the web address in your browser.
· Do not complete forms in email messages that ask for personal financialinformation. The Morris State Bank would never ask you to complete such a formwithin an email message. Only communicate information, such as credit cardsnumbers or account information, via a secure website or the telephone. Whensubmitting financial information to a website, look for the padlock or key iconat the bottom of your browser, and make sure the internet address begins with“https:”. A secure web server designation can be found by checking thebeginning of the web address in your browser’s bar and the address should beginwith https:// rather than http://.
· Regularly log on to your online accounts, check your bank, credit,and debit card statements to ensure that all transactions are legitimate. Oneof the real advantages of banking online is being able to review your accountfor unauthorized or unusual activity. If anything is suspicious, contact yourbank and all card issuers immediately.
· Ensure that your browser is up to date and security patches areapplied. Always visit your browser’s home page to download the latest securityupdates even if they don’t alert you to do so.
· Use online statements to reduce the volume of paper mailed. Today,paper is the cause of more actual instances of identity fraud than areelectronic thefts.
The Morris State Bankdoes not intend to offer investment advice nor act as a fiduciary by publishingany information contained in this site or at linked sites. Third‐party information made available on orthrough this website is provided “as‐is,” without warranty of any kind, either expressed or implied,including (without limitation) any warranty of accuracy, completeness oradequacy of the information, title, non‐infringement of third‐party rights, merchantability, or fitness for a particular purpose.
Except as otherwiserequired by law or set forth in our agreements with users, we assume noresponsibility for any damages, expenses or losses, including withoutlimitation, direct or indirect, special, incidental or consequential damagesarising in connection with this website use thereof or reliance on anyinformation contained herein, even if we are unaware of the possibility of suchdamages.
ProtectingChildren’s Privacy Online
From our websites, wedo not knowingly collect or use personal information from children underthirteen (13) without obtaining verifiable consent from their parents. However,we are not responsible for data collection and use practices from nonaffiliatedthird parties to which our website may link.
For more informationabout the Children’s Online Privacy Protection Act (COPPA), please visit theFTC website at
Changesto this Statement
We may add to, deletefrom, or otherwise change the terms of this Statement from time to time. We maynotify you of the changes by mail, email, or by posting a modified Statement onour website. Your continued use of this site or any online service followingsuch notification will constitute your acceptance of the revised Statement. Accordingly,please check this site regularly for revisions.
If you have anyquestions regarding this Statement, you can write to us at The Morris StateBank, PO Box 70, Morris, OK 74445 or call us at 918.733.4511.