Image of man with mobile phone and bank card

Security Policy

SECURITY STATEMENT
 
Union State Bank's Online Banking product utilizes the latest computer and security technology to ensure that all customer account information remains secure and accurate. All hardware components reside in secure locations with strict security controls implemented.
Union State Bank maintains control of the way in which each customer may access accounts. These controls are maintained through settings in the core system and within the Online Banking system. Restrictions may be placed on account access and transfer rights.

A customer is only allowed to access account information on our Online Banking with a valid login using multi-factor authentication. Multi-factor authentication requires a username and at least two of the following:

  • Something the user knows
  • Something the user has
  • Something the user is

Only customers who have been enabled for Online Banking will be allowed to access Online Banking, and only data for these customers will be transferred to our Online Banking system. After a few invalid login attempts for a customer, access will be disabled for the customer's account preventing unauthorized access. Once disabled, only bank personnel may re-enable access through the Online Banking interface.

All communication between the customer and the Online Banking system utilizes TLS (formerly SSL), which is an industry standard security protocol. TLS provides data encryption, server authentication, and message integrity for the entire banking session. This assures that a bad actor is not able to eavesdrop on the session, that the customer is connected with the legitimate Online Banking system and not an imposter system, and that all information sent or received will be unchanged while in transit.
The Online Banking system adheres to modern security standards including those found in FFIEC, NIST, and CIS frameworks.  All of the components involved in providing the Online Banking service are monitored and reviewed per industry standard practices and regulatory requirements.  Suspicious activity is blocked and flagged, security personnel are alerted, and response actions are taken as applicable to each situation.  Third-party auditing is utilized to monitor governance and cybersecurity maturity of all systems.