Your privacy and security are of the utmost important to Community Bank & Trust. That's why we have implemented the following security standards. We have also included a list of security tips for our clients to keep in mind when banking using their mobile device. All Mobile Banking services use the same high level of security standards as Online Banking.
Authentication
- Industry standard authentication factors. Community Bank & Trust uses multi-factor authentication (MFA) questions and answer security technologies, and image/text-based mutual authentication systems which are leveraged the our existing online banking system.
- Username and Password authentication. Smartphone clients can support the mobile phone ("something I have" factor), plus the password ("something I know" factor) authentication mechanism. Mobile browser users must login to the system with a valid username and password.
Mobile Phone and System Lockouts
Community Bank & Trust locks the user out of the mobile phone after 3 failed login attempts (just like online banking). If this occurs, a user can conveniently "un-lock" and regain access to their mobile account themselves by accessing the Online Banking login page and selecting "Forgot Password." The user will then be prompted to reset their own password. Once complete, the user will gain immediate access to their mobile/online accounts again. If this occurs during business hours, you may also call us and we'll happily reset your password for you (once we verify it is you)!
It is also important to note that no information (such as username and password) is stored on the Mobile Device and no information is available on the Mobile Device once you have logged off.
Unique URLs
Mobile Banking uses unique URLs to identify the mobile phone that each consumer uses to access mobile financial services using a mobile browser. A user must authenticate to access the services. The user will then receive a text message to their mobile phone once they have successfully enrolled and activated the phone on the mobile browser channel. The text message includes a unique URL which contains an encrypted token that uniquely identifies the mobile phone on our platform. When the user clicks the link, the system can use this information to determine the specific phone and the user that the URL belongs to. Before gaining access to this service, the user must provide password credentials.
The encrypted token is not directly tied to a specific phone. A user can forward the URL link to another phone. When a link is forwarded, for security purposes, the system detects an unknown phone. The user may be required to verify their identity through additional MFA challenges before gaining access to the mobile banking services.
Transport Security
The transport layer is secured from the mobile phone to the web service using SSL (HTTPS). Connection between the mobile phone and the Mobile Banking service is secured through SSL. The link from the mobile phone to the Mobile Banking service is secured using 128bit SSL.
Security Tips
You are responsible for maintaining the security of your physical Mobile Device and all transfers made using your Mobile Device. Although your full account numbers will not be displayed, it will display other sensitive information about your Mobile Accounts, including balances and transfer accounts. Anyone with access to your Mobile Device may be able to view this information.
- Always store your Mobile Device in a secure location, and utilize the keypad lock or phone lock function when the device is not in use.
- Make sure to frequently delete text messages that contain financial information, especially before lending out, discarding, or selling your Mobile Device.
- Never disclose via text message any personal/sensitive information such as account numbers, passwords, social security number or birth date that could result in ID theft.
- Download mobile apps from reputable sources only.
- Sign off of mobile banking when you finish using the Mobile Banking app.
If you believe that someone has withdrawn or transferred money from your deposit account online or on Mobile Banking without your permission, or that your online username or password has been stolen, please contact Community Bank & Trust immediately at: 319.291.2000.
If you change your mobile phone number, remember to update and remove the old number from your mobile banking profile established within your Community Bank & Trust Online Banking account.