A A A

Persistent Cookie

Effective January 11, 2010, you will be required to add a persistent cookie when accessing your Online Banking account. This cookie will enhance the security of Online Banking. We take the safety of your personal information very seriously. That is why we strive to constantly upgrade our systems to further protect your valuable data. Please review the Frequently Asked Questions (FAQs) below for more information. And, as always, feel free to contact us with any concerns.

 

FAQs

How do I check how my browser (Internet Explorer versions 6, 7 & 8) handles cookies?

Open Internet Explorer.

Choose Tools from the menu bar and then Internet Options.

From the Internet Options display, select the Privacy tab at the top. Example.

Use the Slider Bar to change the cookie handling for your computer. Default setting is Medium. All settings provide for prompting for you to accept cookies other than the "Block All" and "Accept All" ratings.

Select the Apply button at the bottom to effect the changes. Then select OK

 

 

I have not noticed a change. Why?

Most browser default settings will automatically accept the cookie without creating a pop-up window. If you do not receive a pop-up window asking you to accept the cookie, your computer is performing the action automatically and no action is needed by you.

 

What is a persistent cookie?

A cookie is a small piece of text stored on your computer by a web browser. Cookies are neither spyware nor viruses. They cannot erase or read information from your computer. We use cookies to enhance the security of Online Banking.

 

What happens when the cookie attempts to write?

If you have persistent cookies set to ‘Allow’ in your browser settings, you will not notice a change.

If you have the persistent cookies set to ‘Not Allow’ in your browser settings, the cookie will attempt to write, however it will be unsuccessful and you will be routed back to the login screen with the following error message:

Notice: To better protect you and your information, it is necessary to write a one-time “cookie” to this machine at login. Please accept this cookie to continue your online banking session.

Note: If you have your browser settings to prompt you when a persistent cookie is attempting to write, you will see this prompt at each successful login until you accept this cookie. This prompt is something you should be accustomed to seeing.

 

What will happen if I delete the persistent cookie by deleting cookies/clearing cache? Will it be written again at the next login and will I be prompted to accept it again if my browser is set to prompt?

If you delete the cookie, a new cookie with a new machine value will be added once you have successfully authenticated.

If you have the setting to prompt for cookies, you will be prompted every time a new cookie is created.

 

What does the message look like when accepting a cookie?

The verbiage of the message is the same one you receive today for the required session cookies within Online Banking.

 

Does the presence of the persistent cookie lower the login risk score by IP address or is IP address not a factor?

There are several factors that make up a risk score. IP address is only one factor. Each factor has different weights that make up the overall risk score. The cookie is an additional factor and is not related to the IP or any other factor; however, the presence of the cookie may reduce the overall risk score once the system has seen it enough times.

 

What information is stored in the persistent cookies? Could a hacker get to and use the information stored? What if the cookie is copied and placed on another computer? Is the cookie encrypted?

The cookie is a hashed value that is created by Online Banking. The value includes several things that we will not disclose due to security implications. The cookie cannot be placed on another computer. The cookie is encrypted.

 

What is the benefit of using a persistent cookie?

The persistent cookie is a unique cookie that does not change between user sessions, commonly used to save preferences of a user to ease navigation. We use it for positive device tagging. This way the user and the cookie are associated with a profile. As long as the user is coming from the same cookie, then the system is more trusted. If the user has succeeded in passing a challenge then the trust is even greater. If the user fails authentication or is marked as fraud confirmed this will help in future transactions.

 

Can my cookie be used by a hacker / fraudster?

Cookie interception through the use of malware or Trojans that have been installed onto a PC can occur. In those scenarios, the cookie is one of many pieces of data that the fraudster can access including ID and password information through a keystroke program.

The capturing of cookies is not a complete guarantee against fraud but it is a strong deterrent.

Cookies are encrypted to ensure that data can’t be captured from the cookie should your PC become compromised.