On-Line Security

Our security framework for online transactions over the Internet includes the security protocols specified by the W3C. These measures assist in providing authentication, privacy, and message integrity. The various parts of the W3C protocols are the following:

SSL
Secure Sockets Layer (SSL) is the de-facto standard for secure communications over the Internet. It offers security features to assist in safeguarding the channel between a customer's PC and your institution's server systems. SSL also provides server authentication, data encryption, and assurance of message integrity.

Digital certificates for server authentication
Authentication enables the recipient of a message to verify the identity of the sender. Digital certificates are issued by a trusted party, known as a certificate authority, which verifies the identity of the sender. VeriSign, the industry leading certificate authority, will operate as the certificate authority for these certificates.

Encryption
Encryption helps to safeguard a message so that it can only be read by the intended recipient. SSL provides for encrypted data transmission using a variety of strong symmetric encryption algorithms and key sizes. Only the intended recipient of your message has the key to decrypt it into clear text.

Message integrity
Message integrity assures the recipient of a message that the message was not altered after it left the sender. SSL provides message integrity by way of a message authentication code, which is computed using a cryptographically secure hash function. Security Document