Two Factor Authentication. Software Version (SV) 1.0

Two Factor Authentication Software Version (SV) 1.0 Property of: Worldwide Interactive Services, Inc. 5025 South Orange Avenue Orlando, FL 32809

The data contained in this documentation is PROPRIETARY INFORMATION. By proceeding to view the data contained herein, you acknowledge that the data is confidential and contains privileged information of Worldwide Interactive Services, Inc. and their clients. Disclosing and copying this information is prohibited for any kind of business or personal use. Furthermore, account information contained within this manual is fictitious and does not represent any particular financial institution. 2 Revision Date: 11/16/2006

Table of Contents ABOUT TWO FACTOR AUTHENTICATION... 4 WHAT IS TWO-FACTOR AUTHENTICATION... 4 ADVANTAGES OF TWO-FACTOR AUTHENTICATION... 4 HOW DOES IT WORK... 4 PROCEDURES... 4 NEW USERS... 5 FIRST TIME LOG-IN WITH TFA... 11 UNAUTHENTICATED COMPUTER... 16 AUTHENTICATED COMPUTER... 21 LOGGING IN AFTER DELETING QUESTIONS... 22 OSCAR- TFA MAINTENANCE... 27 DISABLE/ENABLE TFA...28 To Disable... 29 To Enable... 30 DELETE ANSWERS... 31 DELETE AUTHENTICATION... 33 DELETE BOTH... 35 LOCKED OUT OF INTERNET BANKING... 37 Unblock Access ID... 38 TROUBLE SHOOTING... 40 WHAT IS A COOKIE?... 40 WHAT IS A FLASH OBJECT?... 40 WHAT DOES SSL MEAN?... 40 WHAT IS ENCRYPTION?... 40 WHAT IS AN INTERNET BROWSER?... 41 WHY DO I NEED TO SET UP CHALLENGE QUESTIONS?... 41 HOW DO YOU KNOW THAT I M SIGNING IN FROM MY OWN COMPUTER?... 41 WHAT IF SOMEONE STEALS MY ACCESS ID AND PASSWORD?... 41 3 Revision Date: 11/16/2006

About Two Factor Authentication What is Two-Factor Authentication Two-Factor Authentication (TFA) is any authentication protocol that requires two independent ways to establish identity and privileges. It consists of the following: Something you know, such as password or PIN Something you have, such as a hardware token Something you are, such as a fingerprint or other biometric Advantages of Two-Factor Authentication TFA offers increased security over single factor authentication makes it harder for unauthorized members to access internet banking and gives members an increased sense of security. How does it work There are 2 options for TFA, software-based and hardware-based. The software based application, SV1, utilizes a java based cookie script to establish a unique id for each computer that the user will access account information. The hardware based application, HV1, utilizes a piece of hardware known as a token, that displays a randomly generated 6 digit number that is used to access account information. If you need a manual for TFA HV1, or would like additional information, please contact your District Sales Manager. This manual is for TFA SV1. A Federal Financial Institutions Examination Council, FFIEC, compliant two-factor solution that is integrated directly into Internet Banking 4.0, users are prompted to authenticate the computer from which they are accessing account information. In addition to information that is saved on the computer, the software based two-factor solution, SV1, prompts the member with 20 questions, of which 10 must be answered during the authentication process. Once the member logs in from an unauthenticated computer, the member will be prompted with 3 randomly generated questions answered during the initial authentication process. The member will then have the ability to authenticate the unauthenticated computer. If the member answers the randomly generated questions incorrectly 3 times, their access ID will be disabled. The credit union may reset the user-defined questions via On-Line Service Center and Reports, OSCAR. Procedures This manual contains procedures for the following scenarios: 1. First time internet banking users, new users 2. First time users after implementation of two factor authentication 3. Accessing internet banking from an unauthenticated computer 4. Accessing internet banking from an authenticated computer. 4 Revision Date: 11/16/2006

New Users If this is the first time you are accessing internet banking, then an Access ID and password needs to be created. In some cases an Access ID and password may already be created by the financial institution. Please verify before proceeding. The New Users Click Here link should be utilized when the member is creating their Internet Banking Access ID and Password for the first time. Follow the outlined procedures to create your Access ID and Password for the first time. If you already have an access ID and password, please follow the procedures outlined for First Time Log-In with TFA In order to log into Internet Banking, an Access ID and Password is required. The member must first create an Access ID and Password by clicking on the New Users Click Here link. 1. From the Internet Log in page, click on the New Users Click Here link. The Create an Access ID page will display. 5 Revision Date: 11/16/2006

2. Enter the following information to create an Access ID. Access ID Fields Password Confirm Password SSN/Tax ID or PIN Account Security Code Table 1. Create an Access ID Descriptions The Access ID is an alphanumeric identifier created by the member for identification purposes. It must be 6-12 characters in length and include at least 1 number and 1 letter. The Access ID will be related to your Social Security Number and will allow the member to view all accounts related to the Social Security Number. The Password is an alphanumeric identifier that only the member knows. This code must be 6-12 characters in length and include at least 1 Number and 1 Letter. Re-enter your password exactly as entered in the previous password field to confirm. The SSN is the Social Security Number related to the Account(s) you would like to have access to. Please enter your 9 digit Social Security Number without any dashes or your PIN provided by the financial institution. Your Account Number. Using Visual Encryption, the security code is a randomly generated broken graphic. The only way to successfully log into the internet banking service is with the correct Access ID, PIN and Security Code. 6 Revision Date: 11/16/2006

3. Click on the Create User button. The verification screen will be displayed. Click Yes to activate your Access ID. 4. Once the Access ID is activated, the Choose a Challenge Question box will display. Select a challenge question from the drop-down or create your own challenge question. Note: The Choose a Challenge Question box will only display if the financial institution subscribes to the Forgot Password functionality. 5. The verification screen will display the Access ID has been created successfully. Click the View Account page button to view account information. 7 Revision Date: 11/16/2006

Upon successful log in, the following page will display. In order to initiate the authentication process, you must answer any 10 of the following 20 questions. In the future, when trying to access internet banking from an unauthenticated computer, you will be prompted with three (3) randomly selected questions of the original ten (10) answered questions to proceed. Important Note: The answers are case-sensitive and apostrophes, periods, or commas should not be used. These questions are also referred to as challenge questions. Please keep in mind that these challenge questions are different from the Forgot Password Challenge questions. 6. Answer 10 of the 20 questions and click the Continue button. Once you click Continue you can not return to this page. The answers entered are final. If you would like to change an answer, please contact your credit union to reset the questions. Note: If the Cancel button is clicked, you will return to the Log in page. In order to log back in, enter your access ID and password you created. Do Not Attempt to create a new access ID or password as you have already generated one. Upon successful log in, the 20 questions page will display again. 8 Revision Date: 11/16/2006

Depending on your browser settings, one of the following scenarios can happen. Follow the procedures outlined for either A or B depending on the page displayed: Scenario A) Remember this computer page Scenario B) Cookies or Macromedia Flash Player page Scenario A: 7. The following page will display. Click one of the buttons (Yes or No). Once you make your selection you will be logged into internet banking and the Account Information page will display. Yes if you would like to authenticate the computer. No if you would not like to authenticate the computer. (Suggestion: If you are using a public computer, then No should be clicked for added security.) Note: If No is clicked, then the next time you use an unauthenticated computer, you will be prompted with three (3) randomly selected questions of the original ten (10) answered questions to proceed. You will be prompted with random 3 questions each time the internet banking is accessed until the computer is authenticated. 9 Revision Date: 11/16/2006

Scenario B 7. The following page will display if your browser does not support cookie or has cookies disabled or you do not have Macromedia Flash Player installed. Click Continue and the Account Information page will display. If you choose not to enable cookies or install Macromedia Flash Player, then you will be prompted with three (3) randomly selected questions of the original ten (10) answered questions to proceed. Refer to Unauthenticated Computer. 10 Revision Date: 11/16/2006

First Time Log-In with TFA Follow the procedures outlined if: this is the first time you are accessing internet banking upon implementation of two-factor authentication solution or this is the first time using internet banking upon deletion of answers and authentication. If you do not have an access ID and password, please follow the procedures outlined for New Users 1. From the Log in page enter your Access ID and Password. Note: The Log-in page has not been modified in anyway and does not require the member to recreate their Access ID or password. 11 Revision Date: 11/16/2006

Upon successful log in, the following page will display. In order to initiate the authentication process, you must answer any 10 of the following 20 questions. In the future when trying to access internet banking from an unauthenticated computer, you will be prompted with three (3) randomly selected questions of the original ten (10) answered questions to proceed. Important Note: The answers are case-sensitive and apostrophes, periods, or commas should not be used. These questions are also referred to as challenge questions. Please keep in mind that these challenge questions are different from the Forgot Password Challenge questions. 2. Answer 10 of the 20 questions and click the Continue button. Once you click Continue you can not return to this page. The answers entered are final. If you would like to change an answer, please contact your credit union to reset the questions. If the Cancel button is clicked, you will return to the Log in page. In order to log back in, enter your access ID and password you created. Do Not Attempt to create a new access ID or password as you have already generated one. Upon successful log in, the 20 questions page will re-display. 12 Revision Date: 11/16/2006

If you click Continue without answering ten (10) questions, then the following message will display: Please answer at least 10 questions below. Answer 10 questions and click the Continue button. Note: If the Cancel button is clicked, you will return to the Log in page. In order to log back in, enter your access ID and password. Upon successful log in, the 20 questions page will display again. 13 Revision Date: 11/16/2006

Depending on your browser settings, one of the following scenarios can happen. Follow the procedures outline for either A or B depending on what you see on the screen: Scenario A) Remember this computer page Scenario B) Cookies or Macromedia Flash Player page Scenario A: 3. The following page will display. Click one of the buttons (Yes or No). Once you make your selection you will be logged into internet banking. Yes if you would like to authenticate the computer. No if you would not like to authenticate the computer. (Suggestion: If you are using a public computer, then No should be clicked for added security). Note: If No is clicked, then the next time you use the unauthenticated computer, you will be prompted with 3 random questions out of the 10 originally answered questions until the computer is authenticated. 14 Revision Date: 11/16/2006

Scenario B 3. The following page will display if your browser does not support cookie or has cookies disabled or you do not have Macromedia Flash Player installed. Click Continue and the Account Information page will display. If you choose not to enable cookies or install Macromedia Flash Player, then you will be prompted with three (3) randomly selected questions of the original ten (10) answered questions to proceed. Refer to Unauthenticated Computer. 15 Revision Date: 11/16/2006

Unauthenticated Computer If you are accessing internet banking from an unauthenticated computer, for example a public computer such as a kiosk or at a library or if you had the financial institution delete authentication, or you have cookies disabled then you will be prompted with three random questions from the ten originally answered questions. In order to access internet banking, you will have to answer all three questions correctly. If you do not have an access ID and password, please follow the procedures outlined for New Users or if this is the first time access internet banking without setting up two factor authentication, refer to First Time Log-In with TFA 1. From the Log in page enter your Access ID and Password. 16 Revision Date: 11/16/2006

If the computer you are accessing is recognized as an unauthenticated computer then the following screen will display. You must answer all three questions correctly in order to continue. 2. Enter the answers exactly the way you had initially answered during enrollment and click the Continue button. Note: If the Cancel button is clicked, you will return to the log in page. If you log back in, you may be prompted with three different questions. 17 Revision Date: 11/16/2006

If the answers entered did not match then the following message will be displayed: The answers entered did not match. Please re-enter your answers and click Continue. Reenter your answers and click Continue. Important Note: The system will only allow three chances. If after the third attempt the answers do not match the system, the member will be re-directed to the log in page and will be lock out of internet banking. The member will be prompted to contact the credit union to unblock their access ID. 18 Revision Date: 11/16/2006

Depending on your browser settings, one of the following scenarios can happen. Follow the procedures outline for either A or B depending on what you see on the screen: Scenario A) Remember this computer page Scenario B) Cookies or Macromedia Flash Player page Scenario A: 3. The following remember this computer page will display. Click one of the buttons (Yes or No). Once you make your selection you will be logged into internet banking. Yes if you would like to authenticate the computer. No if you would not like to authenticate the computer. (Suggestion: If you are using a public computer, then No should be clicked for added security). Note: If No is clicked, then the next time you use the unauthenticated computer, you will be prompted with 3 random questions out of the 10 originally answered questions until the computer is authenticated. 19 Revision Date: 11/16/2006

Scenario B 3. The following page will display if your browser does not support cookie or has cookies disabled or you do not have Macromedia Flash Player installed. Click Continue. The Account Information page will display. If you choose not to enable cookies or install Macromedia Flash Player, then you will be required to answer 3 randomly selected challenge questions from the original 10 answered each time internet banking is accessed. Refer to Unauthenticated Computer. 20 Revision Date: 11/16/2006

Authenticated Computer If the computer you are using is authenticated, upon a successful log-in, the Account Information page will display. If you do not have an access ID and password, please follow the procedures outlined for New Users or if the computer you are trying to access has not been authenticated, follow the procedures outlined for First Time Log-In with TFA or Unauthenticated Computer 1. From the Log in page enter your Access ID and Password. The system will validate that this is an authenticated computer and will log you in to the internet banking Accounts Information page. 21 Revision Date: 11/16/2006

Logging in After Deleting Questions If the challenge questions were deleted, then upon a successful login from an unauthenticated computer, you will be prompted with 20 questions. You will be required to answer 10 of the 20 questions again. If you are using a computer that is authenticated, the Account Information page will display upon login. Note: You will not be prompted with challenge questions until you log in from an unauthenticated computer or if you delete authentication, cookies and/or flash cookies. If you do not have an access ID and password, please follow the procedures outlined for New Users or if the computer you are trying to access has not been authenticated, follow the procedures outlined for First Time Log-In with TFA or About Two Factor Authentication 1. From the Log in page enter your Access ID and Password and Security Code. 22 Revision Date: 11/16/2006

Depending on whether or not you are logging in from an unauthenticated computer, one of the following scenarios can happen. Follow the procedures outline for either A or B depending on the computer being used. Scenario A) Authenticated Computer Scenario B) Unauthenticated Computer Scenario A: 2. If you are logging in from an unauthenticated computer, then the following Account Information page will display. Note: The 20 questions page will not re-display on a computer that has been authenticated. Upon accessing an unauthenticated computer, you will be prompted with the 20 questions page. If you had your financial institution delete both, answers to the question and authentication refer to First Time Log-In with TFA. 23 Revision Date: 11/16/2006

Scenario B: 2. If you are logging in from an unauthenticated computer then the following page will display. Answer 10 of the 20 questions and click the Continue button. The Account Information page will display Important Note: The answers are case-sensitive and apostrophes, periods, or commas should not be used. Note: If the Cancel button is clicked, you will return to the Log in page. In order to log back in, enter your access ID and password. Upon successful log in, the 20 questions page will re-display. 24 Revision Date: 11/16/2006

Depending on your browser settings, one of the following scenarios can happen. Follow the procedures outline for either A or B depending on what you see on the screen: Scenario A) Remember this computer page Scenario B) Cookies or Macromedia Flash Player page Scenario A: 3. The following remember this computer page will display. Click one of the buttons (Yes or No). Once you make your selection you will be logged into internet banking. Yes if you would like to authenticate the computer. No if you would not like to authenticate the computer. (Suggestion: If you are using a public computer, then No should be clicked for added security). Note: If No is clicked, then the next time you use the unauthenticated computer, you will be prompted with three (3) randomly selected questions of the original ten (10) answered questions to proceed. This will occur until the computer is authenticated. 25 Revision Date: 11/16/2006

Scenario B 3. The following page will display if your browser does not support cookie or has cookies disabled or you do not have Macromedia Flash Player installed. Click Continue. The Account Information page will display. If you choose not to enable cookies or install Macromedia Flash Player, you will be prompted with three (3) randomly selected questions of the original ten (10) answered questions to proceed. Refer to Unauthenticated Computer. 26 Revision Date: 11/16/2006

OSCAR- TFA Maintenance In order to maintain TFA a new link is added in the Today section within the Maintain Member Information page. The Two Factor Authentication Member Maintenance allows the financial institution certain administration rights to disable TFA for a one-time authentication-free access, delete answered challenge questions, delete authentication or delete both, answers and authentication. 1. Log in to OSCAR, from the Today section, click on the Maintain Member Information link. 2. The following page will display. Click on the Internet Banking/Billpay: Two Factor Authentication Member Maintenance link. 27 Revision Date: 11/16/2006

3. The following TFA Maintenance page will display. The following can be done from this page: a. Disable/Enable TFA b. Delete Answers c. Delete Authentication d. Delete Both Disable/Enable TFA The Two Factor Authentication (TFA) feature can be disabled for a particular access ID for one time authentication-free access to internet banking without answering challenge questions. After accessing internet banking one time, the system will automatically enable TFA. The next time the member attempts to log into internet banking from an unauthenticated computer, they will be prompted with challenge questions. Disabled An open lock indicates that the member can access internet banking without answering questions. If accessing internet banking from an unauthenticated computer, then they will not be prompted with challenge questions. Enabled A closed lock indicates that the TFA feature is enabled and the member will have to answer challenge questions if accessing internet banking from an unauthenticated computer. 28 Revision Date: 11/16/2006

To Disable Follow the procedures outline to disable the TFA feature. 1. Click on the closed lock icon associated with the access ID that you would like to disable. Click on lock to disable TFA feature. 2. The following confirmation page will display. Click Yes to disable. Note: If No is clicked, then you will return to the TFA Maintenance page. If Yes is clicked, the following page will display indicating Two Factor Authentication is disabled. The lock will change from a closed lock to an open lock indicating TFA is disabled and internet banking access is open without answering challenge questions. Status changed to disabled. 29 Revision Date: 11/16/2006

To Enable Follow the procedures outlined to enable the TFA feature. Important Note: If TFA was disabled and the member accessed internet banking, then the system will automatically reset to enable TFA. 1. Click on the lock icon associated with the access ID that you would like to disable. Click on lock to enable TFA feature. 2. The following confirmation page will display. Click Yes to enable. Note: If No is clicked, then you will return to the TFA Maintenance page. If Yes is clicked, the following page will display indicating Two Factor Authentication is enabled. The lock will change from an open lock to a closed lock indicating TFA is disabled and internet banking access is open without answering challenge questions. Status changed to enabled 30 Revision Date: 11/16/2006

Delete Answers Challenge questions originally answered by the member can be deleted. This feature is convenient when a member has forgotten the answers to the originally answered questions or wants to change their answers. By deleting answers, the member will be able to go back into internet banking and re-answer challenge questions from an unauthenticated computer only. The member will be prompted with all 20 questions. They will have to answer 10 of the 20 questions. Refer to Logging in After Deleting Questions Suggestion: For the member security, it is important to properly identify the member requesting the change prior to deleting answers. Follow the procedures outlined to delete answers. 1. Click on the Delete Answers icon associated with the access ID that you would like to delete answers for. Click trash can icon to delete 2. The following confirmation page will display. Click Yes to delete answers. Note: If No is clicked, then you will return to the TFA Maintenance page. 31 Revision Date: 11/16/2006

If Yes is clicked, then the following page will display indicating answers are deleted. Note: If the answers were deleted and the member did not authenticate any computers, then the Access ID will be removed from the TFA Maintenance. If answers were deleted but the authentication still exists, then the access ID will display. In the above example, test123 was removed since the Access ID no longer has challenge questions answered or a computer authenticated. This does not mean that they have to re-create an Access ID and password again. 32 Revision Date: 11/16/2006

Delete Authentication A member can request to delete authentication. This feature is convenient when a member accidentally authenticates a computer which they originally did not intend (i.e. a public computer). By deleting authentication, the member will be required to answer 3 random questions from the original 10 answered when attempting to log back into internet banking. Upon answering all 3 questions correctly, the system will prompt them with one of the scenarios: Scenario A) Remember this computer page or Scenario B) Cookies or Macromedia Flash Player page. Refer to Unauthenticated Computer. Important Note: The delete authentication feature will delete all computers that were authenticated. Suggestion: For the member security, it is important to properly identify the member requesting the change prior to deleting authentication. Follow the procedures outlined to delete authentication. 1. Click on the Delete Authentication icon associated with the access ID that you would like to delete authentication for. Click on icon delete authentication 2. The following confirmation page will display. Click Yes to delete authentication on all computers. Note: If No is clicked, then you will return to the TFA Maintenance page. 33 Revision Date: 11/16/2006

If Yes is clicked, then the following page will display. Note: If the answers were previously deleted, then upon deletion of authentication, the Access ID will be removed from the TFA Maintenance. If authentication was deleted but the answers were not, then the access ID will still display. In the above example, test123 was removed since the Access ID no longer has challenge questions answered or a computer that is authenticated. This does not mean that they have to recreate an Access ID and password again. 34 Revision Date: 11/16/2006

Delete Both To delete answered questions and authentication, the Delete Both feature should be utilized. The member can initiate the entire authentication process again once the answers and authentication are deleted. Refer to First Time Log-In with TFA Important Note: The delete both feature will delete answers and authentication from all computers. Suggestion: For the member s security, it is important to properly identify the member requesting the change prior to deleting authentication. Follow the procedures outlined to delete authentication. 1. Click on the Delete Both icon associated with the access ID that you would like to reset. Click on icon to delete authentication and answers. 2. The following confirmation page will display. Click Yes to delete answers and authentication on all computers. Note: If No is clicked, then you will return to the TFA Maintenance page. 35 Revision Date: 11/16/2006

If Yes is clicked, then the following page will display. Important Note: Once the answers and authentication is deleted for a particular access ID, the access ID is no longer displayed In the TFA Maintenance page. Deleting answers and removing authentication does not remove the access ID from the system. In other words they will not have to re-create an access ID and password. To delete an Access ID, refer to deleting access ID in the OSCAR manual. Here are examples of scenarios: If answers were deleted but the authentication was not, then the access ID will still display. If authentication was deleted but the answers were not, then the access ID will still display. If both were deleted, then the access ID will not display. In the above screen, note that test123 is no longer displayed since both, answers and authentication was removed. 36 Revision Date: 11/16/2006

Locked out of Internet Banking The member gets three chances to answer the challenge questions correctly. After the third attempt, they will be blocked out of internet banking and will be directed to contact the financial institution. The member will not be able to log back into internet banking until the financial institution unblocks the access ID. Important Note: Resetting, unblocking or deleting an access does not delete authentication. To delete authentication refer to Delete Authentication. The following message will follow if they answered the challenge questions incorrectly. The following message will follow if they try to log back into Internet Banking once they are blocked out. This is the same message that appears when the member enters an incorrect password three times in row. 37 Revision Date: 11/16/2006

Unblock Access ID Unblocking a member s Access ID does not reset their password. Follow the procedures outlined to unblock a member s account. 1. Click on the Maintain Member Information link located in the Today section followed by the Internet Banking/Billpay Access ID Maintenance link. 2. Conduct a search to find a particular member either by Access ID, Social Security Number or by Account number. 3. Click on the closed lock icon next to the member whom requests their account be unblocked. Click on closed lock icon to unblock account Note: Unblocking an Access ID does not unblock a PIN. To unblock a PIN, refer to Unblock PIN section. 4. The following confirmation page will display. Click Yes to unblock account or No to return back to Access ID page. If Yes is clicked, then the following screen will display. 38 Revision Date: 11/16/2006

5. Click the Access IDs link to return to the main Access IDs page. The Access ID will be unblocked instantly and the block icon will display under the block column. Link Open lock icon will display under Block column 39 Revision Date: 11/16/2006

Trouble Shooting If you have authenticated your computer and the system still prompts you to answer 3 randomly selected questions every time you log in, then it may be because it uses cookies and/or flash objects. If cookies and/or flash objects are not enabled on the computer, then it will prompt the member with the 3 questions every time they log in from that computer. In other words, the member cannot store their preference in order not be asked the 3 questions to log in from that computer. What is a cookie? A cookie is piece of securely-coded information sent by Worldwide Interactive Services, Inc to the user s computer when they authenticate their computer. Cookies include a randomly generated, unique number used as a sign-in or registration identifier. Every time the member logs in from that same computer, your Web browser sends Worldwide back this cookie, which is security feature that lets us know the member is using their own computer or an authenticated computer. What is a Flash Object? Macromedia Flash Objects store data on the member computer in a similar manner as cookies. If the computer has Macromedia Flash installed, Worldwide Interactive Services Inc. can use Flash Objects to recognize the member computer in the event that the cookies were erased. In this case, if the member can not be identified the by cookies, then we can identify the users as a valid member without having to prompt challenge questions. What does SSL mean? SSL stands for Secure Socket Layer. This technology allows member to establish sessions with Internet sites that are secure, meaning they have minimal risk of external violation. Once inside the Internet Banking site, you are secure through our use of SSL technology. What is Encryption? Encryption is the scrambling of information for transmission back and forth between two points. A key is required to decode the information. When you request information about your accounts, the request is sent encrypted. We then decode your request for information and send it back to you in an encrypted format. When you receive it, your information is decoded so that you can read it. Encryption protects your account information so it can't be intercepted and read by a third party. 40 Revision Date: 11/16/2006

What is an Internet browser? An Internet browser is the computer software that enables you to visit and view Web sites. Browsers translate the computer code, or language, used to build Web pages into the words, images and other content that you see on your computer screen. Browsers come in different versions that reflect when they were made. The version number usually appears immediately after the name of the browser (for example, Microsoft Internet Explorer 5.5). Why do I need to set up challenge questions? Challenge questions help prevent unauthorized people from getting access to your Internet Banking information. That way, even if they've stolen your Access ID and Password, they won't know the answer to the challenge questions. If someone signs in from a computer that we don't recognize (for example, if you sign in from a public library), we'll ask you 3 challenge questions to verify that it's really you. How do you know that I m signing in from my own computer? When you authenticate your computer, we put a secure cookie on your computer. The cookie contains a randomly generated, unique number used as an identifier. When you sign in after that, your Web browser sends us this cookie, which lets us know that you're using your own computer. The cookie is visible only to the Internet Banking site and does not contain any personal information. (What is a cookie?) What if someone steals my Access Id and Password? When an unauthorized person tries to sign in from another computer, we will recognize that they're using a different computer, and they will be prompted with the 3 random challenge questions. They won't know the answer and will not be able to sign in to your account. 41 Revision Date: 11/16/2006