Security Policy

Protecting Your Internet Security

SECURITY POLICY:

Protecting customers' privacy and security is important to Merrick Bank. In order to help you understand the security measures we take, we have published this security policy.

INTERNET Privacy Pledge:

You can visit this site and find out about our products and services, check on career opportunities, or use other services that may require your account number and a password that you choose.

If you do provide personal information, we encourage you to read Merrick Bank's Privacy Pledge.

Use of Cookies:
A cookie is a small file containing information that our web site delivers to your PC's hard drive via your web browser software. Merrick Bank uses cookies that last only through a single session when visiting our web site. However, to access the secured portions of the web site, such as the Cardholder Center, you must allow cookies to be set. None will contain information that will enable anyone to contact you via telephone, email, or any other means. You can set up your web browser to inform you when cookies are set or to prevent cookies from being set. Find out how to do this by choosing "Help" at the top of your browser window.

INTERNET SECURITY: 

Safeguarding your personal information is important to us. We have implemented the following measures to enhance the protection of your personal information.

Transport Layer Security:
Transport Layer Security or TLS is a protocol for transmitting information securely via the Internet. TLS works by using a symmetric key to encrypt a private key. The private key is then used to encrypt data that is transferred over the TLS connection. Most modern browsers, including Mozilla Firefox, Google Chrome, Apple Safari, and Microsoft Internet Explorer support TLS. To ensure your browser supports TLS please make sure you are using the most recent version of your browser. You can check at https://www.whatsmybrowser.org/. Many web sites use the protocol to transmit confidential information provided by consumers, such as credit card numbers. By convention, web pages that require an TLS connection start with https: instead of http:.

Authentication:
Authentication is the process of identifying an individual, based on a unique username and password. Authentication ensures that the individual is who he or she claims to be. Authentication techniques are used when customers access their Merrick Bank account on-line.

Authorization:
Authorization is the process of allowing the individual access to the appropriate data, after an individual has been properly identified by an authentic user name and password.

Encryption:
Encryption is the translation of data into a secret code, and is an effective way to achieve data security. Merrick Bank uses encryption to protect sensitive information. To read an encrypted file, you must have access to a secret key or password that enables you to decrypt it. Unencrypted data is called "plain text," encrypted data is referred to as "cipher text."

Firewall:
A firewall is designed to prevent unauthorized access to or from a private network. Firewalls can be implemented in both hardware and software, or a combination of the two. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet. Firewalls are designed to protect sensitive customer data. Firewalls are used by Merrick Bank directly or indirectly through contracts with third party vendors.

Testing and Maintenance Devices:
System utilization logs are created on hardware components that comprise the Merrick Bank web site.

Intrusion Detection:
An intrusion detection system (IDS) attempts to detect an intruder breaking into the system or a legitimate user misusing system resources. IDS software is used at Merrick Bank's web site and is constantly working to provide notification when suspicious or illegal activity is detected.

Email:
Merrick Bank strongly discourages customers from sending sensitive information using email.

Physical Security:
All web and database servers associated with Merrick Bank's web site are in locations secured by restricted electronic badge access. Access to the servers is restricted to only those necessary to maintain the server hardware.

TIPS FOR PERSONAL SECURITY:

Merrick Bank wants to help you protect your computer and information. We have compiled the following tips for you to do this. We hope you find this information helpful.

Basic Security:

  • Control physical access to your personal computer ("PC") to prevent unauthorized use.
  • Do not leave your PC unattended while transacting business on-line. If you need to walk away from your PC, log-off or sign-off before doing so.
  • Carefully select passwords that will be difficult for others to guess.
  • Do not give your password to anyone, and do not write it down where others may see it.
  • Promptly report suspicious activity you notice relating to your application or account to Merrick Bank's Customer Service Department at 1-800-204-5936.

Virus Management:

Your PC can become infected with a virus when you download programs from the Internet, launch Email attachments or share diskettes. Merrick Bank encourages you to employ safe computing practices that include the following:

  • Do not run programs from any source you do not trust completely.
  • Use virus protection software.
  • Stay informed about security issues.

PC Software:

  • Understand and use the security features provided by your PC software.
  • Ensure that your web browser uses the strongest encryption available and be aware of the level of encryption used when you connect to various sites and applications.
  • Use software licensed only from reliable vendors.
  • Stay informed of the latest release and patch levels of the PC software you use.

PROTECT YOUR IDENTITY AND ACCOUNTS

Did you know that more than 12 million individuals each year are victims of identity theft, a fast-growing form of fraud? "Identity theft" or "account takeover fraud" involves criminals stealing a person's personal information. These criminals assume a person's identity and apply for and use credit in the victim's name, harming the victim's credit record.

AVOID BECOMING A VICTIM:

The following information may help you avoid becoming a victim:

  • Do not give your Social Security or account number to anyone over the phone unless you initiated the call.
  • Tear up receipts, old account statements and unused credit card offers before throwing them away. Criminals can steal information from your trash and use it to get credit in your name.
  • Review your account and credit card statements as soon as you receive them to check for unauthorized transactions.
  • Protect your PINs and computer passwords; use a combination of letters and numbers and change them often. Never carry this information with you!
  • Each year, obtain a copy of your credit report to make sure your repayment information is being correctly reported. If you have recently been denied credit, you are entitled to a free credit report within 60 days of the date you receive notice of such denial. Under other circumstances, you may be charged a small fee. You can call any of the three national credit reporting agencies to get a copy of your credit report: (1) Transunion 800-888-4213; or (2) Equifax 800-685-1111; or (3) Experian 888-397-3742.
  • Report any suspected fraud to your bank or relevant credit card issuer immediately so they can prevent unauthorized use of your account.

By following the above tips, you can help protect yourself against this terrible crime.