Our primary regulator is the Office of the Comptroller of the Currency (OCC). Should you have any questions we cannot adequately answer for you, you can contact the OCC here.
Security Tips | Security Statement | Additional Resources
Our Online Banking service has several effective security techniques that we encourage you to implement when using Online Banking.
Never reveal your password to anyone or leave your password anywhere that someone else can obtain or use it.
Change your password on a regular basis
Use the LOGOUT button to end each Online Banking session. Do not use the Back Button to exit the site.
Change your sessions timeout in User Options to a time that meets your needs
Never leave your session without logging out, even for a short time.
Balance your account on a regular basis using Online Banking to ensure there are no discrepancies.
The Online Banking System brings together a combination of industry-approved security technologies to protect data for the bank and for you, our customer. It features password-controlled system entry, a VeriSign-issued Digital ID for the bank’s server, Secure Sockets Layer (SSL) protocol for data encryption, a router loaded with a firewall to regulate the inflow and outflow of server traffic.
To begin a session with the Online Banking server, the user must key in a Log-in ID and a password. Our IBS system uses a “3 strikes and you’re out” lock-out mechanism to deter users from repeated login attempts. After three unsuccessful login attempts, the system locks the user out, requiring either a designated wait period or a phone call to the bank to verify the password before re-entry into the system. Upon successful login, the Digital ID from VeriSign, the experts in digital identification certificates, authenticates the user’s identity and establishes a secure session with that visitor.
Once the server session is established, the user and the server are in a secured environment. Because the server has been certified as a 128-bit secure server by VeriSign, data traveling between the user and the server is encrypted with Secure Sockets Layer (SSL) protocol. With SSL, data that travels between the Online Banking System and you is encrypted and can only be decrypted with the public and private key pair. In short, the Online Banking server issues a public key to the end user’s browser and creates a temporary private key. These two keys are the only combination possible for that session. When the session is complete, they keys expire and the whole process starts over when a new end user makes a server session. Whenever, SSL is securing your communications, the browser will typically indicate the “secure session” by changing the appearance of a small padlock icon at the bottom of the screen from “open” to “locked.” What this means to you is that your communications are scrambled from your browser to the Online Banking servers at all times, so no unauthorized party can read the information as it is carried over the Internet.
Requests must filter through a router and firewall before they are permitted to reach the server. A router, a piece of hardware, works in conjunction with the firewall, a piece of software, to block and direct traffic coming to the server. The configuration begins by disallowing ALL traffic and then opens holes only when necessary to process acceptable data requests, such as retrieving web pages or sending customer requests to the Online Banking System.
During your use of the IBS, the Online Banking System will pass a “cookie” to your browser to identify you. We do not (and cannot) use our cookies to obtain new information about you. A “cookie” is security data given to a browser by a web server and returned by the browser on subsequent transmissions to identify the user and encryption information. When you log onto the system, this cookie enables us to process multiple transactions during the session without you having to provide your Login ID and password for each individual transaction. After a predetermined amount of time set by our security system or when you log off, the session cookie is no longer accepted and the password must be re-entered. A new cookie is used for each session, so that no one can use the cookie to access your account. For Cash Management users, a cookie may also be used to restrict access to a specific PC for conducting business transactions.
Phishing is a form of e-mail fraud that criminals use to solicit your personal information to steal your identity. These fraudulent e-mails often bear the logo of legitimate businesses and even link to fake corporate websites. BankSouth will NEVER ask for your password or social security number in an e-mail or over the phone. If an e-mail asks for this information delete the email immediately and then run a virus scanner to protect your system.