Internet Banking Security
FIS has taken every precaution to ensure a secure environment for our Internet Banking customers. To accomplish our goal of secure Internet banking, we have employed the best in Internet firewall and network security technologies. To understand how FIS protects customer data, you must first understand how a hacker will try to steal it. To simplify, a hacker will try one or both of the following: "snooping" the data while it is in transit or, attacking the server where the data resides.
The data is in transit both when it is being acquired by FIS (from the institution) and when it is being queried by the end user. To provide a safe means of getting the data from the institution to the FIS Data Server (see the diagram below), the following method is used: The institution initiates an encrypted logon to the firewall. The firewall authenticates the request and sets up an encrypted file transmission session with the Data Server located on the private internal network (inside the firewall). Thus, when the institution begins transmitting the data, it is encrypted and thus, protected from snooping attacks. To prevent snooping the end user during account queries, we're using Secure Socket Layer (SSL), a powerful encryption and server authentication protocol, based on the RSA encryption technology. The Internet Information Server supports 128-bit encryption keys, which provides the highest level of encryption capability available for SSL.
The Data Server, SQL Server for Windows, is protected by several layers of security. As you can see from the diagram above, the Data Server is located inside the firewall, on a private internal network. All requests to this Data Server must come through the firewall which only allows legitimate requests from the Internet Server. In other words, the only machine that the Data Server will talk to is the Internet Server and the only way it will do it is safely behind the firewall. Combined with the filtering router on the perimeter, this security model means no one could access the data directly from the Internet. The data is in effect "hidden" from the Internet. The Data Server and Internet Server both contain "mirrored" drive arrangements which prevents any loss of data or denial or service even if one of the drives crashes. The Servers are also attached to an Uninterruptable Power Supply (UPS), which will keep the server on-line even during a power outage.
Furthermore, the Windows network which the Internet banking application runs on has been tightly secured physically, at the operating system level, and at the application level of Internet Information Server and SQL Server. In addition to these precautions, the network is monitored extensively. Every logon, successful and failed, is reviewed to pinpoint any intrusion attempts (accounts are locked out after three failed logon attempts ) and if necessary, these logon attempts may be traced back to the source by the user's IP address, request time, and additional information.