Skip to content

{beginAccordion H2}

Multi-Factor Authentication

What is multi-factor authentication and how does it work in our Internet banking product? 

Multi-factor authentication (MFA) refers to different "layers" of security instead of relying strictly on a passcode or password to log in. Passwords alone are inherently unsafe for a number of reasons.

MFA is typically described in terms of combining two or more of something you know (passwords), something you have (security token), or something you are (fingerprint or another biometric device). Combining two or more of these effectively makes it more difficult for someone to fraudulently log in to your Internet banking account. The problem is, tokens can be lost or stolen, and finger tips can be cut or abraded to the point that the authentication process cannot be completed. Each are also additional hardware that has to be purchased by someone and which can malfunction at the most inopportune time.

Danville State Savings Bank, along with our Internet banking partner First Data, has chosen to take the responsibility for MFA instead of depending on possibly unreliable devices. This is done by scoring each log on in real-time using a number of factors. These factors are: 

  • Persistent cookie, a small file that is saved on your computer which identifies that you have used this machine to log in to Internet banking previously.
  • IP address from which you log in, the numerical address which your Internet service provider assigns for your use.
  • Last login day and time, the date and time of your last Internet banking session.
  • Country to which IP address is assigned
  • Whether Billpay is enabled for any of the linked accounts, to help prevent Billpay fraud.
  • Browser, the system checks certain browser signatures to help identify whether a different browser than a typical session is used.
  • Frequency, or how often you typically log in to the Internet banking service.
  • Click count, evaluates whether the number of mouse-clicks is significantly different than your typical session.
  • Duration, the amount of time you typically spend logged into Internet banking. 

Using a 1 to 10 score of each of the above as inputs, the Internet banking system computes a "score at login" numerical rating. If this score is higher than the threshold we have set, you will be asked to choose between providing the answer to your security question or having a one-time PIN emailed to you at the email address listed in our records. Requiring this helps ensure that the log in attempt is from an authorized individual as well as allow us to comply with various consumer data security requirements.

You can certainly see the importance of maintaining both the answer to your security question and the correct email address we have for you on record. Both can be accessed by clicking on the User Services tab within Internet banking and clicking on the appropriate link. 

Danville State Savings Bank encourages you to use an appropriate Internet security product which incorporates an antivirus, anti-spyware, and an Internet firewall, anytime you are physically connected to the Internet to protect both your hardware and any personal information you may have stored on your computer. We also encourage customers to change their Internet banking passcode frequently. This can also be easily done by clicking on the User Services tab within Internet banking and clicking on the Change Passcode link under Security Settings. 

For more information, contact us via email at [email protected] or call 392-4261 (toll free 877-392-4261) 

Selecting a Secure Passcode

Our Internet Banking service's integrity depends upon the use of good, secure passcode selection. When you select a passcode, the system automatically tests what you enter against "code breaker" type software. If the software determines that the passcode is related to your personal information (i.e. Name, Social Security number, Access ID, etc) or is able to "guess" your passcode, it refuses to accept it and prompts you to select another. This can be aggravating and inconvenient, but unfortunately, it's necessary to safeguard the integrity of your personal information. Below are a few helpful hints to assist you in selecting a secure passcode:

  • Your passcode needs to be at least seven characters long, and we recommend ten or more.
  • It must be composed of at least five different characters.
  • It cannot be a word which can be found in the dictionary*.
  • It can include any character that can be entered from a standard pc keyboard.
  • Including either upper- or lower-case characters but the system is case-sensitive.
  • Your passcode can include control characters (*&^%$#@!~, etc.).
  • Remember, though, that the longest and most complex passcodes are the most secure! 

*An excellent method of selecting a passcode is to think of a word you can easily remember, such as "politely". You then need to substitute numbers or control characters for some of the letters in the word, such as the vowels. Our example word might read "p0lit3ly" now, since we've substituted a zero for the "o" and a three for the "e". Any word you can easily remember can be used in the method as long as it complies with the rules listed above. Of course, you can use a word, modified using our method, in conjunction with a series of numbers to create a very secure passcode.

PLEASE DO NOT USE THIS AS YOUR PASSCODE! This word is only used to illustrate the method and is shorter than we at your bank recommend. 

We also want to caution you not to share your Access ID or passcode information with anyone for any reason. This service is provided strictly for your convenience. You should guard your Access ID and passcode as you would a credit card or your ATM PIN number.

For more information, contact us via email at [email protected] or call 392-4261 (toll free 877-392-4261) 

Spyware Information

What the heck is all this talk about "Spyware"? 

Spyware, adware, or malware, it all amounts to the same thing but by varying degrees. They are all mini programs that are installed without your consent and often without your knowledge. They can come in with spam email, although usually, they come in with a pop-up ad or by someone clicking a link in a questionable ad. They are also capable of entering your system in the same manner as a "worm" or modern virus. Just the very act of connecting to the Internet can allow one of these vicious little bugs to enter your system.

Often, the earliest signs of spyware infection is an increase of those annoying pop-up ads. When it starts, the problem can grow exponentially. It often gets so bad that the computer is virtually unusable. By the way, don't click on any pop-up ads even if it appears to be an ad offering to clean your machine. By clicking on a pop-up ad, you invariably download and install spyware of some sort or other. 

The majority of spyware is intended to track your Internet usage merely to target you with advertising most likely to interest you. However, some of the most malicious (hence the term "malware") may download trojans or keystroke loggers to your system. 

A trojan is a program that installs a "backdoor" access which could allow a bad guy anywhere in the world to take control of your system. These are often used to create "zombie" machines that can do anything from DOS (denial of service attacks) against popular Internet sites to hosting files of questionable or illegal content for illicit websites. 

In our opinion, the scariest spyware of all comes in the form of keystroke loggers. These little devils record every keystoke on the infested machine and are sometimes capable of "phoning home". Imagine a program recording your Internet banking Access ID and password and transmitting this information to a malicious hacker. Or recording your private instant messaging conversations. Not to mention collecting your credit card number and expiration date the next time you make a purchase online. 

Fortunately, there are some excellent tools for cleaning and maintaining your computer. Most are quite easy to use and many offer a free download or trial period.

Danville State Savings Bank encourages you to use an Internet firewall anytime you are physically connected to the Internet to protect both your hardware and any personal information you may have stored on your computer. 

We also encourage you to check out the following link to many popular anti-spyware applications: How to Remove Spyware From Your PC, courtesy of PCWorld magazine.

This information is provided free of charge and is simply for the convenience of our customers. There is no warranty as to the accuracy of the information and no fitness-for-purpose guarantee for any product is to be implied. Danville State Savings Bank does not endorse the use of one product over another and is in no way able to provide individual computer support. If you require assistance, please seek out a qualified computer repair professional. 

For more information, contact us via email at [email protected] or call 392-4261 (toll free 877-392-4261)

Security Links

ScamBusters.org: Private site, contains advertising for funding.

Federal Trade Commission – Consumer Information Security: Tips about computer security and how to safeguard your information.

Federal Trade Commission: Tips and advice if you think that you may be a victim of identity theft. 

This information is provided free of charge and is simply for the convenience of our customers. There is no warranty as to the accuracy of the information and no fitness-for-purpose guarantee for any product is to be implied. Danville State Savings Bank does not endorse the use of one product over another and is in no way able to provide individual computer support. If you require assistance, please seek out a qualified computer repair professional.

120 years and just getting started

HERE FOR THE LONG HAUL

About Us