Security Center

 

Is it safe to use Online Banking?

Ensuring a secure online banking experience is our top priority. 

Privacy 

Protecting the privacy and the confidentiality of the communications between your browser and our servers.

Authorization

Verifying that only authorized persons have access to online banking.

Network Security

Maintaining isolation of our computers from the Internet.

Network Security

We provide a number of additional security features in online banking. Online banking will "timeout" after a specified period of inactivity. This prevents curious persons from continuing your home banking session in case you have left your PC unattended without logging out.  We recommend that you always sign-off (log out) when you are done with your online banking. The network architecture used to provide the online banking service was designed by the brightest minds in network technology. While the architecture is too complex to explain here, it is important to point out that the computers that store your actual account information are not hooked up to the Internet. The requests you make through the Internet are handled by our home banking servers, which retrieve the information you requested from our mainframe via proxy-based firewall servers, these servers act as the go-between you and our mainframe computers.

Authorization

It is also important to verify that only authorized persons log into online banking. This is achieved by verifying your password. When you submit your password, it is compared with the password we have stored in our secure data center. We allow you to enter your password incorrectly three (3) times. If you enter your password incorrectly three times, your online banking account will be locked until you call us to reinitialize the account. We monitor and record "bad-login" attempts to detect any suspicious activity (i.e., someone trying to guess your password). You play a crucial role in preventing others from logging on to your account. Never use passwords that are easy to guess. Examples of bad passwords are: Birth dates, first names, pet names, addresses, phone numbers, social security numbers, etc. Never reveal your password to another person. You should periodically change your password in the Profile screen in online banking.

Privacy

The privacy of the communications between you (your browser) and our servers is ensured using cryptography. Cryptography scrambles messages exchanged between your browser and our online banking server. Encryption happens as follows: When you go to the sign-on page for online banking, your browser establishes a secure session with our server. The secure session is established using a protocol called Secure Sockets Layer (SSL) Encryption. This protocol requires the exchange of what are called public and private keys. Keys are random numbers chosen for that session and are only known between your browser and our server. After the keys are exchanged, your browser will use the numbers to scramble (encrypt) the messages sent between your browser and our server. Both sides require the keys because they need to de-scramble (decrypt) the messages when they are received. The SSL protocol, not only ensures privacy, but also ensures that no other browser can "impersonate" your browser, nor alter any of the information sent. You can tell whether your browser is in secure mode by looking for the secured lock symbol at the bottom of your browser window. The numbers used as encryption keys are analogous to combination locks. The strength of encryption is based on the number of possible combinations that a lock can have.

As the number of possible combinations grows, it becomes less likely that anyone would be able to guess the combination in order to decrypt the message. Today's browsers offer 40-bit encryption or 128-bit encryption. Both result in a large number of possible combinations, 240 and 2128, respectively. Our servers are compatible with both, however we recommend the use of 128-bit capable browsers. 

Fraud Protection

Opportunity Bank Security Commitment

At Opportunity Bank, we're committed to protecting your privacy and security. We will never initiate a request for sensitive information from you via email (ie. Social Security Number, Personal ID, Password, PIN or account number). We strongly suggest that you do not share your Personal ID, Password, PIN or account number with anyone, ever (unless you have initiated the communication).

Foreign ATM and Debit Card Transactions

To help prevent fraud, we have elected not to allow foreign ATM and Debit Card transactions. Please contact us if you plan to travel outside the United States so we may activate that feature for you. Or, create a travel plan within Card Controls in your personal mobile banking app. 

What is "Phishing?"

"Phishing" refers to a person or a group of cyber-criminals who create an imitation or copy of an existing legitimate Web page to trick users into providing sensitive personal information. Responding to "phishing" emails put your accounts at risk. Receiving an email is a matter of chance and does not mean that your data or our systems have been compromised. Please contact the Bank at (888) 750-2265 immediately if you suspect you've received a "phishing" email posing as Opportunity Bank.

Who Are Cyber-Criminals?

Cyber-criminals solicit personal data from unsuspecting victims via the Internet - like personal IDs, passwords, card numbers and PINs - and sell this information to other criminals who use it for financial gain. They can also access a customer's accounts through online banking and set up false bill payments that send checks to the criminal or a conspirator. In other cases, criminals transfer funds from all available customer accounts, including credit cards, savings accounts and home equity loans into their checking account. A copy of the customer's credit card or check card is then used with their PIN at ATMs around the world to withdraw cash from their checking account.

How Cyber-Criminals Operate

To increase the number of responses, cyber-criminals include upsetting or exciting statements in their emails. They want people to react immediately and respond with the desired information without thinking. To protect yourself, take the time to examine the claims made in the email. If you receive an email requesting sensitive information, check its authenticity by contacting the company that appears to be the originator of the email, however do not use the phone number in the email, use a different source for that information.

What is "Pharming"?

Similar to phishing, pharming is a means for criminals to fraudulently gain access to your personal information. While phishing requires the victim, in some fashion, to voluntarily come to the criminal's website, pharming is more insidious. As you may know, phishing is a means to trick the user to come to a fraudulent website, usually by sending links to the fake site in emails purporting to be from the victim's financial institution. Pharming, however, redirects the victim to the fraudulent website without assistance, often regardless whether the victim is security-conscious. Pharming works by subverting a basic service of the Internet known as the 'Domain Name Service,' or 'DNS.'

COPPA Compliance - Our Commitment to Children's Privacy

Our website is structured to avoid attracting visits by children. It is our policy not to collect or maintain personally identifiable information from visitors we know are children. 

 

Consumer protection law you should know about

Get your credit report annually for free

The Fair and Accurate Credit Transaction Act (known as the FACT Act) was signed into law by President Bush in 2003. It requires that the three national credit reporting agencies (Transunion, Equifax, and Experian) provide a free credit report to consumers upon request. You can do this by using the established website https://www.annualcreditreport.com, or by calling toll free 1-877-322-8228, or by writing Annual Credit Report Request Service, PO Box 105281, Atlanta, GA 30348-5281. We encourage you to request your free credit report annually to monitor it for accuracy and notify the credit reporting agency if any errors are identified.

The FACT Act also requires the national credit reporting agencies to allow consumers to "opt-out" of receiving prescreen solicitation for credit. Briefly, this will greatly reduce the number of credit card solicitations you receive in the mail. Major credit card companies purchase lists of consumers that meet certain criteria (hence the term "prescreened"). In turn, they use these lists to send out mass mailings soliciting customers to open credit cards. You can elect to "opt-out" by using the established website https://www.optoutprescreen.com, or by calling toll free 888-567-8688.

Additional Resources

For more information on how you can protect yourself against fraud and identity theft, please visit the following web sites:

Federal Trade Commission (FTC)

IdentityTheft.gov (FTC)

State of Montana - Security Freeze and ID Theft

Online Banking, Data Security & You

How can we help you?

Planning to come visit?

Helpful Quicklinks

Back to Top