Privacy Policy


 

 We recognize the importance you place on your privacy and the confidentiality of your financial information.  We think it is important for you to be informed of the policies we have in place to safeguard your privacy.  

 

We collect nonpublic personal information about you from the following sources:

·        Information we received from you on applications or other forms

·        Information about your transactions with us

·        Information about your transactions with nonaffiliated third parties, and

·        Information we receive from a consumer-reporting agency

 

We do not disclose any nonpublic personal information about our customers or former customers to anyone, except as permitted by law.  

We restrict access to nonpublic personal information about you to those employees who need to know that information to provide products or services to you.  We maintain physical, electronic, and procedural safeguards that comply with federal regulations to guard your nonpublic personal information.  

The Wellington State Bank also engages in the business of selling checks as an agent for Inter-payment Services Limited, which company is licensed under the laws of the State of Texas and is subject to regulatory oversight bye the Texas Department of Banking.  Any consumer wishing to file a complaint against Wellington State Bank or Inter-payment Services Limited concerning sale of checks activities should contact the Texas Department of Banking.

The Wellington State Bank is licensed under the law of the State of Texas and by state law is subject to regulatory oversight by the Texas Department of Banking.  Any consumer wishing to file a complaint against the Wellington State Bank should contact The Texas Department of Banking through one of the means indicated below.

 In Person or by U.S. Mail or Fax or Email:

2601 North Lamar Boulevard, Suite 300

Austin, Texas 78705-4294

 Telephone: (877) 276-5554

Fax No: (512) 475-1288

 E-mail: consumer.complaints@banking.state.tx.us

Website:  http://www.banking.state.tx.us

 

Email our webmaster for any problems, questions, or opinions.
                       

Customer Information Security Policy
 

Customer Information is a valuable asset. People trust banks to keep their personal and financial information confidential. Banks are required by law to have policies and procedures that protect against accidental or intentional misuse of the customer information.
Wellington State Bank (WSB) is committed to preserve and protect customer’s information. To that, the directorate has developed this Information Security Policy (ISP).


SECUIRTY Objectives

Our ISP at WSB is structured to ensure that the following security objectives are met:

  1. Customer information will be kept secure and confidential. Change Controls will be implemented by WSB to help safeguard information from unauthorized personnel. No customer information will be sold, exchanged, or given away to anyone without the customer’s prior written consent.

  2. WSB will proactively attend in-house and online trainings on an annual basis. The bank will have an annual review performed by the internal and external auditor.

  3. Anticipated and known threats to WSB Security Program will be documented, along with the measures taken to minimize the potential threats from reoccurring.

Working with Independent Service Providers

WSB will periodically work with Independent Service Providers. Most notably, the bank will hire third parties to perform financial audits, information technology (IT) examinations, and loan reviews. Also, the bank will purchase data processing services from qualified and secure banking supply companies; wire transfers, check orders, and ACH transactions to non-affiliated banks, and work with regional credit bureaus.

In all instances, unless the Independent Service Provider is a government entity (Such as the Federal Reserve), the bank will ask for a written statement from the Service Provider where they attest to having a Security Program that meets the security objectives Outlined in this policy. If the Service Provider refuses to provide such a statement, the Service contract will be abrogated. (Note: contracts currently enforce are excluded from
This requirement, unless the contract expires subsequent to July 1, 2003.) Contract expiring subsequent to this date will be amended to stipulate that suitable security procedures will be maintained.

Return to the Top

Threats to Security Controls

This portion of the policy identifies potential threats to WSB Security Controls, and what management has done to address them.

Threat #1: Confidential Customer Information Stolen

Potential damage to WSB Customer Information:

The theft of confidential information could result in WSB customers being victims of identity theft.

Measures Taken to Control Threats:

  1. All discarded reports and other confidential information is securely stored until it can be destroyed.

  2. Employees will secure all reports and documents in their possession, prior to leaving at end of day.

  3. The Ability to download data from the banks system is restricted to those few employees that have a need to do so.

  4. Access to the customer information is restricted through the use of system passwords and automatically reset of idle systems at end of business day.

  5. Access to personal computers is restricted to employees locking their computers through the application password. (Note: no screen savers nor BIOS passwords are enabled, instead Windows Lock and Windows Desktop Minimization is performed as explained in our procedures)

  6. Personal Computers and electronic media that are removed from service are reformatted prior to disposal.

  7. A criminal background check is ran on all potential new employees, prior to them being hired.

Likelihood that threat will be realized: Minimal, because of the controls set by WSB.
Additional measures needed at this time: None
 


Return to the Top


Threat #2 A Computer Hacker maliciously destroys customer data.

Potential damage to WSB Customers:

The malicious destruction of customer data could result in WSB being unable to charge customers for withdrawals, or credit customers for deposits.

Measures taken to control threats:

  1. To protect against external hackers, the bank has installed an Internet Firewall, virus detection software, and Etrusion Detection Server to monitor all attempts.

  2. The virus detection software is updated daily automatically through the software running on a local server, unless information gathered suggest to manually update during business hours.

  3. The banks IT Manger checks each month to see if there has been an update for the firewall and that all updates are installed correctly.

  4. The banks IT Manager checks weekly for hacker attempts from the Etrusion Detection Software, daily for virus updates, weekly on local servers event logs, and weekly for any additional updates that are needed.

  5. To protect against internal hackers, all servers are locked with password required, mainframe is set back to command line access and limited to the appropriate employees ability to access.

  6. All data files for the primary bank are backed-up daily and stored off-site.

Likelihood that threat will be realized: Minimal because of the controls set by WSB.
Additional measures needed at this time: None
 

Return to the Top


Threat #3: Unauthorized transactions posted to Customers Account

Potential Damage to WSB Customer Information:

The bank could suffer a material loss, in the event an employee embezzles funds by making withdrawals from other peoples account.

  1. The security system that is incorporated in the primary banking system is used to enforce a separation of duties.

  2. All access to information on the mainframe is logged, printed, and viewed on a weekly basis.

  3. Access to dormant accounts and maintenance is strictly limited to control sets by the appropriate personnel.

  4. Maintenance to change name and address information is strictly limited to control sets by the appropriate personnel.

  5. ATM and Debit Card issuance is controlled by the appropriate WSB personnel and signed customer agreements.

  6. Wire transfers are perform through the Federal Reserve and are dual controlled.

  7. In most instances, customers must come to the bank and fill out a wire transfer form, sign and date. The few transactions that are allowed to be accepted over the telephone are customers who send transfers continuously and a note is written on the appropriate form-stating acceptance over the telephone.

  8. ACH files must be delivered to the bank electronically or delivered directly to bank on the appropriate media by the customer with authority for the account.

Likelihood that threat will be realized: Minimal because of controls set by WSB
Additional measures needed at
this time:		 None
 

Return to the Top


Threat #4: Password Integrity compromised

Potential damage to WSB Customers

Someone could post unauthorized transactions by using a coworker’s username and password.

Measures taken to control Threat:

  1. All employees are assigned individual usernames.

  2. All employees select their own system passwords and must be in compliance with the procedures and restrictions

  3. The system is set with password restrictions to 3 control sets and the non-ability to use the employees first or last name.

  4. The system forces employees to change their password every 30 to 45days.

  5. The system prohibits the usage of repeating the same password.

  6. IT prohibits the usage of “keyboard captures programs” and checks all computers for such programs installed.

Likelihood that threat will be realized: Minimal because of the controls set by WSB
Additional Measures needed
at this time:		 NONE
 

Return to the Top


Threat # 5: Customer Data lost due to catastrophic event

Potential damage to WSB Customer Information:

The destruction of customer data as a result of fire, tornado, or other catastrophic event could result in a loss of customer records.

Measures taken to control threat:

  1. The master files and customer data is backed up nightly and carried offsite to a secure location.

  2. WSB has two (2) offsite methods for restoring the system.

  3. WSB uses a high quality brand of tape media and tapes are replaced on a monthly basis.

  4. The offsite storage location is secure within two-vault system, the offsite vault and a vault supplied by WSB.

Likelihood that threat will be realized: Minimal because of controls set by WSB
Additional measures needed at
this time:		 None
 

Return to the Top

Reporting of Attempted or Actual breaches of security

All attempts of breaches to the banks security control will be reviewed by the IT Manager and presented to the IS Committee.

All breaches of the banks security control will be reviewed by the IT Manager and presented to the WSB President, Security Officer and/or the board of directors. Federal Regulators will be notified immediately. When appropriate, local law enforcement and effected customers will be notified.

Review and Revisions of Security Program

The banks IT Manager is responsible for maintaining this policy and ensuring all compliance is met. The banks Security Officer in turn makes sure the Security Policy is up to date with all the current revisions.

Procedures and Modifications

All procedures are attached to the Security Policy and dated each time a modification is made and sent to the IS Committee and Board of Directors for approval of such modifications.

 

Wellington State Bank

Customer Information
Security Policy

June 1, 2005
 

Return to the Top

Email our webmaster for any problems, questions, or opinions.


[Home] [Accounts] [Services] [About Us] [Internet Banking] [Contents]
Equal Housing Lender
Member FDIC
Privacy Policy 
AudioTel Corporation
Copyright © 1998-2003