The Callaway Bank is proud to offer Digital Banking to both Consumers and Businesses.  With Digital Banking you can access your accounts, make transfers, and pay bills online. We have endeavored to provide a secure product by employing a firewall system using the latest TLS encryption, Username, Passwords, and multifactor authentication points of validation such as out of band authentication (OOBA) Security Access Codes and security questions.  Advanced banking functions such as wires, or ACH transactions require additional use of OOBA Secure Access Codes. Each of these components acts as a layer of protection to safeguard sensitive data from unauthorized access.

Firewall

Digital Banking is protected by a firewall that is set up to reject unauthorized traffic. Requests must filter through the firewall before they are permitted to reach the server, reemphasizing the importance of your Username and multifactor authentication which are the only legitimate entry to the program. In addition, we monitor activity on our system at all times to detect unauthorized activity or intrusion attempts and will take appropriate preventative steps should any unauthorized activity be detected.

Encryption

Once you click on the link to Digital Banking you enter a secure environment. Our system employs the Secure Socket Layer (SSL) protocol to provide 256-bit encryption of data traveling between the user and our system. You must have a browser that supports 256-bit encryption in order to use The Callaway Bank site.

Browser (Desktop & Mobile)

The Callaway Bank supports Microsoft Edge, Google Chrome, Mozilla Firefox and Safari. Our recommendation is that both consumer and business users of Digital Banking keep the latest version of browsers to ensure that the latest security patches are in place.

Mobile Device (App)

  • iOS devices should support version 11.0 and greater
  • Android Devices should support version 4.4 and greater
  • 4G/LTE and greater We recommend Microsoft Edge or Firefox both version 100 or higher, or the most current version of Chrome.

Username and Password

When you enroll in Digital Banking, you will choose a Username and Password.  Your Password will be required to change at least every 6 months.  However, you are encouraged to change your Password more frequently.

The Username must be between 4 and 20 alphanumeric characters long, and the Password must be between 8 and 25 characters long with at least 1 number, 1 uppercase letter, 1 lowercase letter, and 1 special character (!@#$%^&*), and cannot be a previous Password.  We employ the “3 strikes and you’re out” lock-out mechanism to deter unauthorized access. After three unsuccessful Password attempts, the system locks the Username, which requires a call to the bank (800-446-2265) to verify your identity before entry to the system is allowed again.

While a firewall system and encryption serve to minimize the possibility of unauthorized access, it remains imperative that you safeguard your Username and Password your own protection. You are responsible for the safekeeping each of them and you agree not to disclose the Username or Password to anyone. When you receive a Secure Access Code, you agree not to disclose it to anyone else.  Additionally, no one from the Bank will ask you for your Password or Secure Access Code.

A separate Username and Password are kept for each individual on an account, so there is no need to share your Username and Password with another signer. Please keep your Password secure, and change the Password if you ever suspect it has been compromised. You may change your Password at any time and as often as you like.

Multi-factor Authentication

Banking Online uses multi-factor authentication, which means there are several points of validating the user and not just relying on an Username and Password. When you first pull up the website, look at your browser’s address bar. (See image below.) This confirms that you are using our official site and not going to a spoofed website. Current web browsers (such as Chrome, Safari, Microsoft Edge and Firefox) have built-in security features that detect whether the website you’re trying to access has an active security certificate.

URL Screenshot

 

Secure Access Code

Our Digital Banking security uses an out-of-band authentication for certain features. When you first log in, you’ll be asked if you want to register your computer or device. This one-time Secure Access Code is delivered through a separate communication channel, like a text or the Duo Mobile authentication app to provide protection against fraud by using a secondary verification method.

Why is a Secure Access Code needed? The Secure Access Code is an extra layer of security for digital banking that helps ensure your funds are safe. Using a code delivered to a device you have registered with us reduces the chance of fraud even if an unauthorized user learns your digital banking ID and Password. The extra layer of security ensures you are notified if an unauthorized user attempts to access your digital credentials or sends money out of your accounts without your knowledge.

Do I need to save the code? No. Each code is meant to be used only once to increase the level of protection.

How Often Do I Need a Secure Access Code? You’ll be prompted to set up the Secure Access Code the when you log in, but you can choose the “Save Your Device” option to be prompted less frequently if you typically log in from the same device.

Does this code replace my Password? No. You’ll still use a Password with your Username. The Secure Access Code adds an additional layer of protection on top of your Password.

Out of Band Device Setup:  The OOBA Secure Access Code security feature will be prompted for setup. You will enter your phone number and create a nickname for the device you wish to associate with the phone number. The nickname will display in a dropdown list if you choose to register multiple phone numbers for verification.

You will also select the type of device associated with the phone number you will use for validation (Android, Apple, Windows, Blackberry), then choose “Mobile App Push,”  “Passcode via Text” or “Phone Call”.  (If you prefer to use the app option you’ll need to download and setup the Duo Mobile app.)  Enter your Secure Access Code received via your choice of text or call, or approve the authentication via the app and your device setup will be complete. You may choose to register another device or complete the setup.

Upon your next login, you may choose to “remember this device”, if you typically log in from the same device. Using this feature reduces the frequency of authentication because it’s marked as a known or trusted device authenticates your device (mobile or desktop).

Security Questions:

When you first enroll in Digital Banking you’ll be prompted to setup three security questions. This step helps prevent cybercriminals from accessing your account via a Password reset. Therefore, it is best to pick questions and answers that cannot easily be found online or on social media.