Your Online Safety
NewBridge Bank is committed to keeping your accounts and personal information secure. Our goal is to help you protect yourself against fraud and identity theft. We have a number of measures in place to help protect you, including industry-standard technologies and employees dedicated to fighting against fraud and identity theft.
When banking online, NewBridge Bank employs security technologies such as your Access ID, Password, Multifactor Authentication and RSA Adaptive Authentication, encryption, and firewalls.
When logging into your online banking account, the combination of your Access ID and Password enables you to be uniquely identified to NewBridge Bank.
Multifactor Authentication is a security system that uses more than one form of authentication to verify the legitimacy of a log-in attempt. The goal of Multifactor Authentication is to create a layered defense that makes it more difficult for an unauthorized person to access your online banking.
Using these mutiple channels of authentication helps protect your information. With every log-in attempt, we verify all of the following:
- Your valid Access ID and Password - which must be entered correctly
- Your computer, mobile phone or tablet - which must be recognized or you may be asked additional challenge questions or be required to verify your registered email address
- Your geographic location (based on the IP address being used to access the internet). If your location is different than normal, you may be asked either a challenge question or to verify your registered email address.
When you are asked to complete a Security Challenge by answering challenge questions or by verifying your registered email address, only a correct answer will allow you to proceed with your login.
Ultimately, Multifactor Authentication works in tandem with your Access ID and Password to protect your financial privacy. If someone does somehow get your Access ID and Password, they will still not be able to access your account because they will not be logging in from your registered computer and they will not be able to successfully complete your Security Challenge which verifies your identity.
We have also implemented Extended Validation Certificates for our online banking clients - this is commonly referred to as the "green address bar" and is an additional layer of security that turns the web browser's address bar green when you access a website that is secured with an EV SSL certificate. This green address bar provides visual confirmation that you are on a secure site. The EV certificate also displays the name of the website's legitimate owner. The green bar appears differently in the various browsers.
No matter how many layers of protection we provide, we need you to help us protect your information. It is your responsibility to keep your Access ID, Password, and the answers to your Security Questions secure. As a best practice, we recommend that you change your password(s) every six months.
Last but not least, NewBridge Bank requires the use of a secure browser before you connect to online banking. Your information also passes through a "firewall" designed to keep out unauthorized users.
Secure Transmissions and Encryption
When you use the Internet to conduct transactions or communicate with NewBridge Bank, it's critical that your information is handled securely. We use an encryption protocol called Secure Socket Layer (SSL) to protect your personal information. SSL converts sensitive data like passwords and Personal Identification Numbers (PINs) into secure code and then sends them over a secure connection. Only NewBridge Bank has the secret key that can decrypt your confidential information. You can tell your data is being protected when you see a URL that begins with "https" as opposed to "http.”
Our computer networks are protected by firewalls. Firewalls prevent any unauthorized access to our computers and are one of the key safeguards that protect your information. Every message that enters or leaves our network passes through the firewall. The firewall blocks any message that does not meet our strict online safety criteria.
We use the latest virus software programs on our systems to help us keep our computer networks virus-free. By using these programs, we ensure that you can communicate and transact with us in a safe and secure manner.
Security Notification for POODLE Vulnerability
This is an update on the Secure Socket Layer (SSL) version 3.0 vulnerability that Google reported on October 14, 2014. The vulnerability is known as “Padding Oracle on Downgraded Legacy Encryption,” or “Poodle.” A network attacker could exploit the vulnerability to calculate the plaintext of secure connections and perpetrate a “man-in- the-middle” (MITM) attack by decrypting the session cookie that identifies a user to a service such as Google, and then take over the user’s account without a password.
For additional information on the Poodle vulnerability, you may visit Google’s Online Security Blog post on the Poodle vulnerability:
What End-Users Need to Do:
For end-users accessing websites we recommend the following:
- Check to ensure SSL 3.0 is disabled on your browser (for example, in Internet Explorer it is under Internet Options, Advanced Settings).
- Avoid MITM attacks by making sure “HTTPS” is always on the websites you visit.
- Monitor any notices from the vendors you use regarding recommendations to update software or passwords.
- Avoid potential phishing emails from attackers asking you to update your password – to avoid going to an impersonated website, stick with the official site domain.