The convenience of banking through the internet is sometimes overshadowed by concerns that our private account information could fall into the wrong hands. At Willamette Valley Bank, security is the top priority. To this end we have a firewall between the internet and our client information preventing unauthorized access as well as only communicating through web browsers that support Secure Socket Layer (SSL) 3.0 or higher. As a final security measure we encrypt all data communications using state of the art encryption technology and Message Authentication Code (MAC).

At Willamette Valley Bank we are so confident in our security measures that we guarantee you will be covered 100% for any funds improperly removed from your accounts while we are handling your transactions. We will reimburse you for any unauthorized online removal of funds from your accounts provided it is not the result of client irresponsibility.

As you would expect, there are some things outside of our control that constitute client responsibility. Our guarantee does not cover the following:

• Client input errors.

• Client’s negligent handling or sharing of user IDs and passwords leading to unauthorized access to accounts, and/or unreported theft of IDs and passwords.

• Client’s failure to complete the banking sessions by hitting the EXIT button before leaving a computer unattended.

• Failure to report known incidents of password or ID theft and/or unauthorized online account access within 2 business days of discovery.

• Remember, you can contact us by E-mail 24 hrs a day at bank@wvbk.com or by phone at 503-485-2222 (Mon-Fri 8am-5pm) to report any unauthorized event.

Secure Sockets Layer (SSL)

Secure Sockets Layer 3.0 provides a way for your browser to ensure that you are in fact logging on to the Willamette Valley Bank server and not a site that is attempting to impersonate our server. Before you log on to the Willamette Valley Bank server it sends our public key to your browser program. SSL lets your browser verify the identity of our server by viewing the site’s certificate. A certificate is a way of associating a public key to a name.

Data Encryption

Once SSL has authenticated the server, your browser and our server will create an individual symmetric key. This key will allow our server to communicate with your browser through encrypted transmissions of data. The symmetric key is valid for a single use only. If you log out and log in again at another time the server and your browser will create a new unique symmetric key.

Message Authentication Code

With all data between our server and your browser scrambled, no outside party can understand our communications, though it is still possible to intercept a message. To verify that a message has not been tampered with, SSL uses a message authentication code (MAC). A MAC is a piece of data that is derived using pieces of the symmetric key and the message itself. Your browser will always check the MAC before decoding a message from our server. If the message from our server is not authentic, the MAC will not compute correctly and your browser will alert you of a possible security breach. The chances of someone encrypting a message and providing a correct MAC are next to impossible, about 1 in 18,000,000,000,000,000,000 using 128-bit encryption.