Security

Secure Pages and 128 Bit Encryption

We utilize a 128-bit secure certificate from Network Solutions to secure webpages and online transactions on the PCU website. All forms on the www.lfcu.org website utilize 168 bit encryption from Equifax. When viewing a secure webpage, you will see the secure protocol "https" at the beginning of the web address in the address box of your browser. This protocol cannot be faked.

Secure Server
Transferring information securely over the internet is the key to the e-commerce revolution on the web.

Secure Forms
The purpose of a secure server is to encrypt the information clients enter in forms on their browser before it is sent to the server. Our servers use 128 bit or 168 bit encryption, the most security available for civilian purposes. It will keep our member's information as private as technology will allow.

Why is Authenticated SSL Necessary?
Notions of identity and authentication are fundamental concepts in every marketplace. People and institutions need to get to know one another and establish trust before conducting business. In traditional commerce, people rely on physical credentials — such as a business license or letter of credit — to prove their identities and assure the other party of their ability to consummate a trade.
In the age of e-business, authenticated SSL certificates provide crucial online identity and security to help establish trust between parties involved in online transactions over digital networks.

Authenticated SSL certificates enable a Web site visitor to:

• Securely communicate with the Web site, such that information provided by the Web site visitor cannot be intercepted in transit (confidentiality) or altered without detection (integrity)
• Verify that the site the user is actually visiting is the company's Web site and not an imposter's site (authentication)
• The SSL certificate providers assure trust by coupling their authentication service with state-of-the-art encryption technology in digital certificate solutions. The certificate provider will only issue an authenticated SSL certificate after:

1. - Verifying our identity and confirming that our organization is a legal entity
2. - Confirming that that we have the right to use the domain name included in the certificate
3. - Verifying that the individual who requested the SSL certificate on behalf of the organization was authorized to do so
   

How Authenticated SSL Certificates Work
An authenticated SSL certificate allows the receiver of a digital message to be confident of both the identity of the sender and the integrity of the message. Fundamental to the process of issuing high-assurance SSL certificates to an organization for use on its Web site are three basic authentication and verification steps:

• Confirmation that the organization named in the certificate has the right to use the domain name included in the certificate
• Confirmation that the organization named in the certificate is a legal entity
• Confirmation that the individual who requested the SSL certificate on behalf of the organization was authorized to do so
  
  

When Web visitors connect to Web sites, they reach one of two kinds of servers. If they reach servers that are secure, they will get messages indicating that fact. Similarly, if they reach servers that are not secure, there will be warnings to that effect. A truly secure Web server is one that has an authenticated SSL certificate. The authenticated certificate tells users that an independent, trustworthy third party has verified that the server belongs to the company it claims to belong to. A valid authenticated certificate means that users can have confidence that they are sending confidential information to the place to which they think they are sending it.

Message Privacy - SSL encrypts all information exchanged between the secure Web server and our members, such as account numbers and other personal data, using a unique session key. To transmit the session key to the member securely, our server encrypts it with the public key. Each session key is used only once, during a single session (which may include one or more transactions) with a single member. These layers of privacy protection ensure that information cannot be viewed if unauthorized parties intercept it.

Message Integrity - When a message is sent, the sending and receiving computers each generate a code based on the message content. If even a single character in the message content is altered en route, the receiving computer will generate a different code, and then alert the recipient that the message is not legitimate. With message integrity, both parties involved in the transaction know that what they're seeing is exactly what the other party sent.