FundsXpress : Privacy Statement

Home | Privacy Statement | Site Map | Contact Us

SECURITY STATEMENT

The subsidiaries of FundsXpress Inc. offer financial institutions, and your customers/members a level of security that we believe is unsurpassed by any other online financial systems. In its May 1998 issue, The Alliance of Independent Bankers called FundsXpress "the safest and most secure solution for Internet banking."

We provide you with layer upon layer of security, including the highest commercial grade encryption, digital signature authentication, firewalls and MIT’s Kerberos authentication software. This means that you and your customers/members log-on knowing that all information will remain confidential and private.

Customer and member data are owned by the financial institution and regarded as confidential by FundsXpress. Data and lists are never sold to third parties or in any way compromised.

Security and Privacy: Our # 1 Priority

FundsXpress understands that your primary concerns are security, privacy, and risk prevention. That is why our staff and technology focus intensely on security. We combine our experience in the financial services industry with our leading-edge hardware and software systems and our service bureau concept, to successfully pass the most stringent audit standards mandated by federal and state examiners for our industry. We offer redundant data center sites and a Data Securities International Source Code Escrow Account to ensure that we can always serve our customers/members.

FundsXpress’ security advantages:

Access Security

Online Account Activation

Restricted Account Activity

Access ID and Passcode

Three Strikes and 10-Minute Disable

Physical security

Internet Security

SSL Encryption

Digital Signature Authentication

Router Firewall

Kerberos Authentication Software

User Rights Security

Institution Transactions/Message Communications Encrypted E-mail

Dedicated Connection & DES Encryption

Additional Aspects of Our Security

Errors and Omissions Insurance Coverage

DSI Escrow Account

Internal compliance officer

Audits & Certifications

SAS Level II Audit

Third-party Security Process Audit

FDIC White Paper (FIL-131-97) Response

Access Security

Online Account Activation: Customers/members establish an online account after opening a traditional account with your institution.

Restricted Account Activity: Only accounts that have been authorized and established for Internet access by your institutions are transmitted to and reside at the FundsXpress Data Center. This simple design feature eliminates any possibility of external interference with the institutions account base.

Access ID and Passcode: Customers/members choose their access ID and passcode when they apply to use FundsXpress services. The online application program ensures they choose a unique access ID to avoid confusion, runs passcodes through a passcode cracker to ensure that they meet basic security standards, and rejects those less than six characters or that are dictionary words. Other passcode policies strengthen security.

Three Strikes and 10 Minute Disable: Special security measures include disabling the online account when a user tries three passcodes in a row that are incorrect. To ensure security, an online session ends if no activity is detected for 10 minutes, keeping others off the system when they’re away from their desks.

Physical Security: Access to the FundsXpress Data Center and offices are constantly monitored and controlled by our security systems. These methods include multi-layered physical, network and application controls and encryption. The FundsXpress physical security program logs all entries and employs varied levels and layers of access authorization.

Internet Security

SSL Encryption: When a customer/member requests a financial transaction page from the institution's Web site (account inquiries, bill payments, statements, applications), a secured session is invoked using the SSL protocol (secured socket layer). This provides for both domestic-grade and international-grade encryption of all communications between the users PC and the FundsXpress Data Center. If the user's browser employs less than 128-bit encryption, then the FundsXpress system generates a warning suggesting they should upgrade their Internet browser for increased security.

Digital Signature Authentication: FundsXpress has a Digital Signature attached to our data transmissions, which is certified by a third party, providing authentication. This process ensures that communications originate from FundsXpress and that the message was not modified during the transmission.

Router Firewall: Our high-end Cisco router provides a proven measure of security against interference from external connections.

Kerberos Authentication Software: This most secure authentication tool verifies that all communications with FundsXpress are conducted in a secure environment. Kerberos was originally developed by the Massachusetts Institute of Technology. FundsXpress further enhanced this protocol and now licenses it back to MIT. The FundsXpress version is now known as triple DES, a triple data encryption process that is the highest level of commercial security grade available. Kerberos provides traffic encryption and communications authentication for all internal information exchange servers used to house the FundsXpress processing system, data warehouse and financial institution clients Web sites.

User Rights Security: User security systems are employed for log-in access and rights for all systems. System back-ups and auditing/logging records are retained for recovery and research purposes for your institution.

Institution Transactions/Message Communications Encrypted E-mail: Daily account information for batch connected clients is normally transmitted to the FundsXpress Data Center using up to 2047-bit PGP (Public/Private Key) encryption from a computer at the institution's location. Stop payment requests and other communications from FundsXpress to the institution use the same encryption method.

Dedicated Connection & DES Encryption: Transactions, such as bill-pay debits and funds transfers, can be forwarded to the institutions via a communications link through ATM networks using industry standard DES encryption and a dedicated telecommunications circuit. Additionally, all transactions that occur in the FundsXpress data center are encrypted with an enhanced version of the Kerberos encryption scheme known as "triple DES" which FundsXpress developed.

Additional Aspects of Our Security

Errors and Omissions Insurance Coverage: FundsXpress has purchased Errors and Omissions insurance coverage to provide protection against claims resulting from wrongful or negligent acts performed by FundsXpress for the services we provide. We have a special addendum to provide protection against unauthorized intrusion. This policy provides an extra measure of protection against the financial risks that may be associated with offering a new technology service.

DSI Escrow Account: FundsXpress has entered into an Escrow Agreement with Data Securities International, Inc. This agreement protects your financial institution under theoretical circumstances that might render FundsXpress unable to provide services. This escrow account ensures that your financial institution has access to the source code of the FundsXpress system so that you may continue to provide banking services to the authorized customers.

FundsXpress Compliance Manager: We have on staff a compliance manager who previously worked with the Office of the Comptroller of the Currency for 17 years

Audits & Security

SAS 70 Level II Audit: We use an independent external accounting firm to review our policies, systems, facilities, management and practices against the well established auditing standards for a service bureau. Our external auditors ensure correct policies and procedures are in place and extensively tests them to ensure their quality. Such tests are conducted over a six-month period. This extra level of scrutiny, provided at no cost to our clients, puts FundsXpress ahead of competitors by providing a qualified review of the most important security issues.

THIRDE-PARTY AUDITS & CERTIFICATIONS: We have had multiple third-party vendors conduct audit reviews of our processes, security measures, and intrusion detection systems.

FDIC White Paper (FIL-131-97) Response: The FDIC published a White Paper (FIL-131-97) addressing Internet security concerns with regard to the risks posed to the financial industry as a whole. FundsXpress has prepared its own response to issues raised in the White Paper. For detailed information, please contact us for a copy of The FundsXpress FDIC White Paper Response. FundsXpress' security team is constantly reviewing the latest advances in technology for better security enhancements and will improve our security systems when warranted.