Security Statement

Your security is important to us.

Pauls Valley National Bank is committed to protecting your privacy and security. We will never initiate a request for sensitive information, such as a Social Security number, account number or PIN, from you via email. We strongly suggest that you do not share your personal ID, password, PIN or account
number with anyone.

Below are some of the safeguards we have in place to protect against security breaches in the online environment:

User ID and Password – Our system is designed to limit online account access to those possessing the User ID and Password associated with your account(s).
Encryption – We have encryption technology in place (currently, 128 bit SSL) that allows for the protection of data in transit between your computer and ours. A secure website address will begin with https:// (the “s” signifies secure). The “closed lock” icon will usually indicate whether a communication session is encrypted also.
Firewalls – Our computer systems include “firewalls” that we monitor and that are designed to protect against unauthorized access to our systems.
Timeout – Our system is designed to log you off automatically after several minutes of inactivity.
Your Account Number – Generally, we only display the last four digits of your account numbers online to prevent people looking over your shoulder from seeing the full number.

Things you should do to protect yourself online:

User ID and Password – Please follow these rules to protect yourself
- Never disclose your User ID or Password to anyone else;
- Memorize your User ID or Password, don’t write them down;
- Change your password frequently;
- Don’t use birth dates, names, or other easily guessed letters or numbers;
- Don’t be taken in: WE WILL NEVER SEND YOU AN E-MAIL ASKING FOR YOUR USER ID OR PASSWORD.
Log-off – When you are done online, log-off (look for the log-off link we provide). We suggest you do this before you shut your computer off and before you surf to any other web sites.
e-Mail – Don’t use e-mail to send us sensitive information (such as social security numbers, account numbers, etc.).
- “Phishing”, Spoofs, Hoaxes and other Deceptive e-Mails – Be careful when responding to e-mails that look like they are from us, a regulator or an auditor. Many thieves or hackers will send you an e-mail that will ask you to click on a link that takes you to a web site (or pop-up window) where you will be asked to “confirm”, “verify”, “update” or otherwise provide sensitive information (such as your account number, password, PIN, or social security number). Sometimes these e-mails will falsely say that your account will be shut down if you don’t act quickly. Don’t be intimidated by these threats. These links, web sites and pop-up windows may look like ours, but will really just take you to the thief. Clicking on one of these links can expose your computer to viruses and spyware, even if you don’t supply the sensitive information they want. WE WILL NEVER SEND YOU AN EMAIL THAT ASKS YOU TO VERIFY AN ACCOUNT NUMBER, PASSWORD, PIN OR SOCIAL SECURITY NUMBER. If you receive such a request, it is probably fraudulent. If you have any doubts about whether an email from us is authentic, don’t reply to it, open any attachments or use the link in the email. Please report to The Pauls Valley National Bank at 405-238-9321 - Online Banking Department.
Security for your own Computer – Protect your own computer by doing these things:
- Keep your operating system and browser up to date;
- Install a personal firewall;
- Install anti-virus software and keep it up to date;
- Scan your computer for spyware on a regular basis;
- Don’t download programs or files from unknown sources;
- Install a pop-up blocker from a trustworthy source;
- Disconnect from the internet when you are not online.

Additional Things you should do to protect yourself:

Don’t share your account number with anyone.
Don’t give your account number to someone over the phone especially if you did not call them.
Store checks, account statements and other sensitive information in a secure place.
Don’t share your ATM, debit or credit cards with anyone.
Review your online account information frequently and your statements promptly. Let us know right away if you see something you don’t recognize. Balance your checkbook every month. If you don’t receive a statement, let us know right away.
Obtain and review a copy of your credit report periodically. This is one way to guard against identity theft.
Check your mailbox everyday; don’t leave your mail there for thieves to steal. Consider dropping your outgoing mail in a US Postal Service mailbox. Use Online Payments and sign up for eStatements.
Don’t give sensitive information to unknown callers. Hang up and call the Company you want to talk to yourself, using a phone number that you located in the Phone book or your own records. WE WILL NEVER MAKE AN UNSOLICITED TELEPHONE CALL REQUESTING SENSITIVE INFORMATION FROM YOU.
Shred materials containing sensitive information before you throw them away.
Don’t carry your social security card, birth certificate or passport in your wallet or purse.
Don’t print your social security number or driver’s license on your checks.

If you are a victim of Identity Theft, follow these three steps:

Contact the fraud departments of each of the three major credit bureaus And report that your identity has been stolen. Ask that a “fraud alert” be placed on your file and that no new credit be granted without your approval.

EQUIFAX – 1-800-392-7816
EXPERIAN – 1-800-682-7654
TRANSUNION – 1-800-888-4213
For any accounts that have been fraudulently accessed or opened, contact the security departments of the appropriate creditors or financial institutions to close these accounts.
File a report with your local police or the police where the identity theft took place. Get a copy of the report in case the bank or credit card company needs proof of the crime at a later date.

System Security

In Internet banking as with traditional banking methods, security is a primary concern. At Pauls Valley National Bank we have taken every precaution necessary to be sure your information is transmitted safely and securely. The latest methods in Internet banking system security are used to increase and monitor the integrity and security of the system.

The security of the Pauls Valley National Bank Internet banking application is addressed at three levels. The first concern is the security of customer information as it is sent from the customer's PC to the Web server. The second area concerns the security of the environment in which the Internet banking server and customer information database reside. Finally, security measures are in place to prevent unauthorized users from attempting to log into the online banking section of the Web site.

Data security between the customer browser and our Web server is handled through a security protocol called Secure Sockets Layer (SSL). SSL provides data encryption, server authentication, and message integrity for a Internet connection. In addition, SSL provides a security "handshake" that is used to initiate the connection. This handshake results in the client and server agreeing on the level of security they will use and fulfills any authentication requirements for the connection. Currently Pauls Valley National Bank's online banking application supports data encryption at the highest level (128 bit). In order to get this level of encryption, you will need a browser that supports it. Both versions 3 and 4 of the most popular browsers support 40-bit encryption as a default, and have complete versions as well as patches that will support the stronger 128-bit encryption. Check with your browser manufacturer's website for more information. Requests for online banking information are passed on from the Web server to the Internet banking server. The Internet banking application is designed using a three-tiered architecture. The three-tiered architecture provides a double firewall, completely isolating the Web server from the customer information SQL database. The World Wide Web interface receives SSL input and sends requests through a firewall over a dedicated private network to the Internet banking server. The World Wide Web interface is the only process capable of communicating through the firewall to the Internet banking server. Therefore, only authenticated requests communicate with the Internet banking server. The customer information database is housed on a Microsoft SQL Server, which implements Microsoft NT security in addition to the firewall technology. The customer database is stored on a RAID-5 drive array, which provides uninterruptible data access, even in the event of a hard drive failure. Just as the World Wide Web interface is the only process capable of communicating with the Internet banking server, the Internet banking server is the only process able to send requests to the SQL database. Thus, the outside world is removed from the customer database by two dedicated private networks.

A security analyzer constantly monitors login attempts and recognizes failures that could indicate a possible unauthorized attempt to log into an account. When such trends are observed, steps will be taken automatically to prevent that account from being used.

Security concerns have been addressed from every angle within the architecture of the Internet banking application. Implementation of the SSL security protocol on the Web server and customer browser ensures authenticated data has been received from the customer. The three-tiered approach of the Internet banking application creates a double firewall which performs information requests over dedicated networks designed to handle specific functions. Placing all business logic and event logging within the Internet banking server creates a controlled environment which allows quick incorporation of Internet security technologies as they evolve. Finally, the security analyzer monitors login attempts in order to prevent unauthorized logins.