ProFed's Online Privacy Practices
ProFed Federal Credit Union (ProFed) understands the importance of privacy when you visit our web site or use ProFed Online Banking, our Internet Banking service. For this reason, we have developed the following privacy statement explaining how we collect and use confidential information.
OUR COLLECTION OF INFORMATION
We collect information from you only where we feel it will assist us in providing you with superior service and quality products. When you visit our web site, all information gathered is on an aggregate basis rather than individually. We may compile statistics regarding geographical data, what pages are visited, time spent on the site, browser and Internet Service Provider types, and other information that we may use to improve our web site. On ProFed Online Banking, we may collect additional data including which members are logging in, what pages they use, and bill payment information. If you send us an e-mail, we may save your e-mail address, the e-mail, and our reply so that we may use it as a reference for other questions, to track any problems with your account, or to ensure we are providing quality member service. Some of our programs and applications track your geolocation, device type, IP address, and session information to aid in security and to provide you with appropriate services.
USE OF INFORMATION
The confidentiality and use of any consumer information we obtain is governed by the requirements of the Gramm-Leach-Bliley Act (“GLBA”). ProFed will not provide nor sell your personal information to any private party for independent use. We will only share personal information with non-affiliated companies under one of the following circumstances: you have authorized it; you have requested a transaction requiring it; we are reporting your information to a credit reporting agency; or we are required or permitted by law to disclose the information. Your information may be shared with ProFed's affiliated companies for the purpose of providing you with special products or services. For example, we contract with other companies for ProFed Online Banking and Bill Payment services that require some of your personal information. These companies have agreed not to share any of this information with any third party.
SECURITY MEASURES FOR TRANSMISSION OF INFORMATION
ProFed Online Banking uses a three-tiered security system. Each security level governs a unique aspect of the member's session and transactions with the credit union by implementing both software and hardware solutions. When combined, this security forms a system that enables members to conduct business with the credit union via the Internet with a high degree of security. Our security consists of:
- Data Source Security
- Data Transmission Security
- Account Protection Security
Data Source Security
ProFed's database cannot be directly accessed via the Internet. Appropriate security measures, such as firewalls, logs, and monitoring are in place to guard against invalid activity.
Data Transmission Protection
All transmissions via the Internet between the user and the credit union are protected by Secure Socket Layering (SSL). SSL utilizes authentication and encryption technology developed by RSA Data Security, Inc. This method of cryptography (also known as Public Key Encryption) provides for:
- Server Authentication (stopping impostors)
- Privacy using Encryption* (stopping eavesdroppers)
- Data Integrity (stopping vandals)
*Encryption is the process of taking valid data and scrambling it into a meaningless combination of numbers and letters. The scrambled or encrypted data is then transmitted across the Internet to our secure site where the data is unscrambled or decrypted.
Specifically, we are using public key encryption. This encryption technique creates a pair of asymmetric keys for encryption and decryption. One is called the public key, and one is called the private key. When data is encrypted using the public key, it can only be decrypted using the private key. Conversely, when data is encrypted using the private key, it can only be decrypted using the public key.
Account Protection Security
Account protection security utilizes multifactor authentication through a knowledge-based challenge (a password) and a possession-based challenge (one-time access code sent to a phone or e-mail address).
- At first login, users will be required to select a username which cannot be the same as the account number.
- The username is required to be at least six characters and cannot be all numbers.
- The username can contain letters, numbers, or the special characters: @$*_-+.!~
- Users will be required to select a password at least six characters long.
- The password must contain characters from at least two of the following categories: letters, numbers and special characters.
- The password cannot be part of the username.
- Passwords are case sensitive.
- When logging in for the first time from an unrecognized device, users will be required to enter a one-time access code sent via text or voice message to the phone number or e-mail address previously registered with the credit union.
- Users may elect to register a device or a trusted computer to bypass the one-time based access code in the future.
- By choosing this option, the system will tag the user's machine with a device identifier and will record a fingerprint of the user's system for security purposes.
Inactive user sessions will automatically terminate after ten minutes. A timeout warning message will appear approximately one minute before the session times out to allow the user to renew the session for another ten minutes.
SECURITY MEASURES AFTER RECEPTION OF INFORMATION
Any data or statistics that ProFed gathers from its web site or ProFed Online Banking site is kept in strict confidentiality. Only certain employees have access to this information, and employees may only view the data for legitimate business purposes. The same restrictions apply to all of ProFed's affiliated companies.
CHILDREN'S ONLINE PRIVACY
ProFed complies with the Children’s Online Privacy Protection Act (COPPA) to protect children's privacy online. COPPA requires us to inform parents or legal guardians how we collect, use and disclose personal information from children who are under 13 years of age. Children can view activities, links, games and stories while on ProFed's web site without any personal information being collected. We do not collect personal information from children unless they register as an online account user and provide an e-mail address. Cookies are used to facilitate access to our web site; but we do not use them for marketing purposes. We do not purposefully market to children. Parents, please be aware that by allowing your child to have an online account, you are consenting to your child viewing our normal marketing messages, which may display to all accounts. For more information about our privacy policies please contact 260-483-0514 ext. 1633.
If you have any problems or questions about our privacy practices or ProFed Online Banking, please contact us by e-mail at email@example.com.You will receive a reply within one business day. You may also reach us by U.S. mail at:
ProFed Federal Credit Union
1710 St. Joe River Drive
P.O. Box 5466
Fort Wayne, IN 46895-5466