Security Information
TeleWeb
utilizes the latest computer and security technology to ensure that all customer
account information remains secure and accurate. There are two components of
TeleWeb, the TeleWeb Controller that resides at the bank and the TeleWeb Server
Network which resides in a secure location at AudioTel Corporation Headquarters,
and both implement strict security controls.
Account Access Controls
TeleWeb maintains controls for the way in which a customer may access
accounts. These controls are maintained through settings on the host software,
downloaded to TeleBank, and within the TeleBank interface. Restrictions may be
placed on account access and transfer rights. TeleWeb adheres to these
restrictions on the TeleWeb Server Network and then verifies them on TeleWeb
Controller.
Password Protection
A customer is only allowed to access account information on TeleWeb with a
valid login consisting of a customer ID and 6 to 15 alpha numeric password. Only
customers who have been enabled for TeleWeb will be allowed access and the only
data for these customers will be transferred to the TeleWeb Server Network.
After three simultaneous invalid password entries for a customer, access will be
disabled for the customer preventing unauthorized access by a third party. Once
disabled, only bank personnel may re-enable access through the TeleWeb
interface.
Secure Communication
All communication between the customer and TeleWeb Server Network are
conducted using the Secure Socket Lay (SSL) protocol. SSL provides data
encryption, server authentication, and message integrity for the entire banking
session. This assures that somebody will not be able to eavesdrop on the
session, that the customer is connected with the TeleWeb Server Network and not
an imposter, and that all information received will be accurate. Additional
information on SSL may be found at http://wp.netscape.com/security/techbriefs/ssl.html.
Account information is transferred from the TeleWeb Controller to the TeleWeb
Server Network via the AudioTel Virtual Private Network (AVPN). AVPN is a secure
private communication channel established over the public Internet. All data
transmitted on AVPN is encrypted using keys known only to TeleWeb Controller and
the TeleWeb Server Network. A large private key is used to establish this secure
connection. Once this private key has been exchanged, a 128-bit session key is
generated and used only for the remainder of the current session. After a secure
TeleWeb Controller connection has been established, the TeleWeb Server Network
authenticates the TeleWeb Controller with a unique Bank ID. These methods insure
that all conversions are private between known parties and may not be
intercepted or repeated.
Network Security
The TeleWeb Server Network is comprised of several components including a
Firewall, Screening Router, Proxy Server, Web Server and Database Server. The
Firewall and Screening Router work in tandem ensuring that only authorized
request are allowed to reach the Web Server. Any suspicious activity will result
in access being denied and is logged for later review. The Proxy Server acts as
an intermediary between the Web Server and the Internet. All requests are passed
to the Web Server on behalf of the client and back to the client on behalf of
the Web Server. This ensures that access directly to the Web Server is not
possible, significantly reducing the possibility of unauthorized access. The
Database Server, where all account information is stored, is only accessible
through request made by the Web Server. Access to account information is only
allowed through the Web Server Banking interface.
