1. GENERAL. Many of the Services require the use of hardware, software and the Internet. Further, many of the Services allow you to access and transmit information without direct contact with a Bank employee. Accordingly, the Services involve a heightened risk of fraud, unauthorized activity, abuse, disruption, etc. In order to mitigate the risks to you and us, and to clearly establish each party’s expectations, liability, and responsibilities regarding the Services, we have developed this Security Schedule. By your continued use of the Services, you agree that these procedures are commercially reasonable and accept the terms and conditions set forth below. You understand that the security procedures are for verification of authenticity of any transaction or access request and are not intended to detect errors in the transmission or content of any entries. No security procedure for the detection of any such errors has been agreed upon between you and us.
2. COMMERCE STATE BANK’S OBLIGATIONS. We will do the following, as applicable:
(a) Offer customer education and awareness programs and/or materials dealing with identity theft, phishing, and malware.
(b) In accordance with the requirements of the Gramm-Leach-Bliley Act, continue to have an information security program in order to ensure the security and confidentiality of customer and consumer information.
(c) Maintain information security controls to protect the confidentiality, integrity and/or availability of information within the Bank.
3. YOUR OBLIGATIONS. You agree to do the following, as applicable:
(a) All Accounts: Adequate security controls should be in place to protect the online banking computers and confidential information. Among other things, you agree:
(i) To install, update, maintain and properly use industry standard security products that are appropriate for you, including without limitation:
(1) Personal Computer firewall to help prevent unauthorized access to your computer.
(2) Physical firewall between your network and internet connection to protect against security threats. (Inquire with your internet provider if your internet router has a firewall enabled.)
(3) Internet Security Suite software with up-to-date subscription. (Internet Security Suites protect against online threats from spam, spyware, identity theft, and malware.)
(4) Operating system and desktop applications updated with the latest patches when they are available, particularly when and if they apply to a known exploitable vulnerability.
(5) Software and third party applications must be patched and up-to-date such as, but not limited to: Adobe Reader and Java.
(6) If your location has enabled wireless, enable the wireless encryption for security.
(ii) To follow these best practice guidelines:
(1) Never leave your computer or other access device (e.g., mobile phone) unattended while logged on to this Service.
(2) Memorize your user ID and password.
(3) With regard to passwords:
a. Prohibit the use of “shared” usernames and passwords.
b. Always use strong passwords which are composed of at least THREE of FOUR following characteristics (using all four is encouraged):
i. At least one numeric character (0-9)
ii. At least one lower case character (a-z)
iii. At least one upper case character (A-Z)
iv. At least one non-alphanumeric character (e.g., !, @, #, $, *, =)
Cannot include the following characters: \, <, >, ’
c. Must be 10-12 Characters.
d. Cannot include spaces.
e. Cannot include a character that repeats more than two times in a row.
f. Passwords should be changed frequently Do not use personal information such as names (e.g.,relatives, pets), or dates (e.g.,birthdays or anniversaries).
g. Do not use common terms such as sports teams or types of cars (e.g., packers, money, rover)
h. Do not use word or number patterns (e.g., aaabbb, qwerty, 12345)
i. Do not increment previous passwords by prepending/appending additional characters (e.g., password1, password2, 10packers)
j. Do not use the same password for multiple accounts.
(4) Do not save passwords on your computer or any other access device (e.g., mobile phone), unless in an encrypted password vault.
(5) Use a locking screensaver that requires a password to be entered after a period of inactivity.
(iii) To ensure that passwords are protected from exposure. Never disclose your passwords to any other person even a bank employee. Your passwords are for your personal use and should be kept confidential by you. Under no circumstances will Commerce State Bank contact you and ask for your user ID or online passwords. We will only request the verification of your identity when you initiate a call.
(iv) Check your statements and review your banking transactions promptly, thoroughly and regularly. Please report any suspicious activity, errors or problems immediately to Commerce State Bank.
(v) If you receive a suspicious e-mail or telephone request for information that purports to be from Commerce State Bank, you must immediately notify your banker, call 262-247-2800, or contact us at: www.commercestatebank.com/resources/contact-us.
(vi) From time to time we may update this Security Schedule or provide other correspondence regarding security issues and ways to protect your account. You agree to watch for, read, and, where applicable, comply with the steps identified in such materials.
4. AGREEMENT. YOU AGREE TO TAKE ALL REASONABLE PRECAUTIONS TO PREVENT UNAUTHORIZED ACCESS TO ACCOUNTS AND SYSTEMS. IF YOU SUSPECT, KNOW, BELIEVE OR HAVE REASON TO BELIEVE THAT AN UNAUTHORIZED PERSON HAS GAINED OR ATTEMPTED TO GAIN ACCESS TO YOUR ACCOUNTS, YOU AGREE TO IMMEDIATELY NOTIFY US AT 262-247-2800 OR CONTACT US AT www.commercestatebank.com/resources/contact-us.
5. LIMITATIONS OF LIABILITY. You assume full responsibility for any transaction conducted through the Services that we accept in good faith, if we complied with the applicable security procedure or if you did not comply with it. Except for a breach of security in our internal systems, and except in a case where you comply with the applicable security procedure and either we do not so comply or we do not act in good faith, we shall have no responsibility for, and you assume full responsibility for, any transaction resulting from a breach regardless of the source thereof. Without limiting the generality of the foregoing, you are responsible for a breach of security occurring on or in connection with a computer or computer network owned, controlled or used by you or your employees, contractors, service providers or agents, by any means whatsoever, such as (by way of example and not limitation) phishing, pharming, keylogging or other fraudulent activity enabled by malware. If we do bear responsibility, it will extend only to losses caused solely and directly by us, and our liability will be limited in accordance with the other terms of the Consumer Online Banking Agreement.
If you use any method other than the procedures set forth above in connection with the Services or to communicate, deliver, or transmit any instruction to us, you reject the security procedure set forth herein and are deemed to have chosen an alternative security procedure. In such case, you agree that such alternative security procedure may not be found to be commercially reasonable, and agree to be bound by any instruction or any other transaction, whether or not authorized, that was issued in your name, or otherwise, and accepted by us using the alternative security procedure selected by you.
Please contact Commerce State Bank at 262.247.2800 or at www.commercestatebank.com/resources/contact-us with any questions.