Security Statement

Passwords

Login IDs and passwords are designed to protect your account from unauthorized access. At the time of enrollment, each individual user will be assigned their own Login ID and temporary password. Passwords should never be shared with anyone.

The Bank will never ask for your password

We highly recommend that you change your password frequently, at least every 90 days, and choose a password that is complex, using multiple characters. You may change your password at any time by clicking ‘Forgot Password,’ or within Online Banking under ‘Preferences/Security.’

The first time you login, the system will prompt you to change your temporary password to a new confidential password.

Secure Data Transfer

You can only access Online Banking with internet browsers configured for SSL 256-bit encryption. Once you login with your Login ID and password, a server session is established and the user and the server are in a secured environment. Because the server has been certified as a 256-bit secure server by VeriSign, data traveling between the user and the server is encrypted with Secure Sockets Layer (SSL) protocol. With SSL, data that travels between the bank and customer is encrypted and can only be decrypted with the public and private key pair. In short, the Bank’s server issues a public key to the end user’s browser and creates a temporary private key. These two keys are the only combination possible for that session. When the session is complete, the keys expire.

Account Number Masking

For security reasons, complete account number(s) never appear on the computer screen. When the account number needs to be displayed it appears, for example, as ‘XXXXX6789’ instead of ‘123456789’. We have the flexibility to determine how many digits are ‘unmasked’ and the masking will always occur from the left.

Five Strikes Rule

The Online Banking system uses a “five strikes and you’re out” lock-out mechanism to deter users from repeated login attempts. After five unsuccessful login attempts, the system will lockout your account requiring either a designated wait period or a phone call to the bank to have the password reset. As an additional precautionary measure, the Bank monitors failed login attempts.

Password Replacement

If you forget your password, you may use the “Forgot Password” link to retrieve your password or you may contact our Care Center at (833) 367-2687 to have a new, temporary password assigned. At your next login, the system will prompt you to change your password. Please note that your browser must be registered in order to use the “Forgot Password” link.

Automatic Logoff

All customers are encouraged to log off from their online banking session when finished. The system will automatically terminate your session after 20 minutes.

Multi-factor Authentication

Online banking utilizes a secure access code to confirm your identify and register your browser for future use. This multi-factor security requirement will help prevent an unauthorized person from accessing your accounts. We will never call, text, or email you to ask for your account information, online/mobile banking login credentials, or your secure passcodes. If you receive a suspicious call, text, or email, please contact our Care Center at (833) 367-2687.

Increased Mobile Security

We have increased security on our mobile app, and your access could be restricted from logging into our app due to security concerns we’ve identified. We apologize for any inconvenience: know that security is our first priority. Your access may be restricted if we detect:

1. possible malware on your device that is specially designed to disrupt, damage, or gain unauthorized access to a computer system.
2. evidence of a pharming attack of directing internet users to a bogus website that mimics the appearance of a legitimate one, in order to obtain personal information such as passwords, account numbers, etc.
3. certificate spoofing—a maliciously procured certificate that binds the public key on an attacker to the domain name of a target website or a homographic or similar name.
4. a jailbroke phone.

Information Security

The Bank’s Online Banking sites are housed securely behind a firewall. Requests must filter through a firewall before they are permitted to reach the server. A firewall is a piece of software designed to block and direct traffic coming to the server. The configuration begins by disallowing ALL traffic and then opens holes only when necessary to process acceptable data requests, such as retrieving web pages or sending customer requests to the bank. Intrusion detection technologies are used to monitor network activity 24 hours a day to ensure that unauthorized access to your information is not permitted.

The security of your account information is of the utmost importance to us. The Bank continues to monitor and review the security procedures that it has in place to protect customer information. These measures are updated as practices change and new technology becomes available. For further information or to report suspect activity, please contact your local branch, or contact our Risk Management Department at 360-533-8873 x 2251 or RiskManagement@BankofthePacific.com.