Protect Your Identity
Firewalls and Filtering Routers
Trusted Operating Systems
Internet Security Statement
The security of your online information is Huntington's priority.
At Huntington, our security is a high priority. So naturally we want to protect the personal and financial information you've entrusted with us. For this reason, we would like explain how we protect the security of your online information.
Huntington offers online banking, brokerage, mortgage and bill pay services to our customers. These services allow you to access your account information through an authentication process, which uses personal access codes and passwords. We employ a number of measures, as described in our Security Commitment, to provide these services in a secure manner. These measures allow us to properly authenticate your identity when you access our services and protect your information as it traverses the Internet between your PC and Huntington.
Our security measures must rely on these access codes remaining confidential. We strongly recommend that you do not share these access codes and passwords with others. Certain third party providers such as bill pay and bill presentment sites, financial aggregator sites, brokerage sites or other e-commerce sites may offer to provide services to you by accessing your accounts using your access codes and passwords. While it is your decision whether or not to use these services, please be advised that we cannot be responsible for the security and accuracy of the information displayed to you anywhere but at the huntington.com Web site.
For information about privacy, please read Huntington's Customer Information Privacy Notice.
Huntington Security Commitment
Our commitment to providing a secure online experience:
Since the debut of huntington.com in 1996, Huntington has been committed to providing our customers with cutting-edge online banking services and providing them with all the benefits that come with being an industry leader: convenience, robust service and a safe and secure environment for online banking.
We currently use some of the most sophisticated commercially-available technologies to provide you with a powerful and multi-functional online experience that leads the way through attractive design, relevant information, ease of use and a high standard of online security.
Huntington continually strives to remain on the cutting edge of Internet technology. But, Internet security is a cooperative effort, and we need your assistance.
What can I do to make myself more secure?
Huntington requires that you download the most recent version of a recommended Web browser, which supports 128-bit encryption technology. Currently, the most recent versions of Netscape Navigator and Microsoft Internet Explorer are available for free download via the Internet and support this technology
What is Encryption and what does it mean to me?
Encryption is the scrambling of information for transmission back and forth between two points. This technology allows for secure transmittal on the Internet by encoding the data using a mathematical formula that scrambles the data. A key is then required to decode the transmitted data.
The effectiveness, or level of security, of encryption is measured in bits or how long the "decoder" key is. Many older browsers use 40-bit encryption which means there are 240 possible keys that could fit into the lock that holds your account information. That means there are many billions (a 1 followed by 12 zeroes) of possible keys. 128-bit encryption means there are 288 (a three followed by 26 zeroes) times as many key combinations than there are for 40-bit encryption. According to Netscape 128-bit encryption is 309,485,009,821,345,068,724,781,056 times more powerful than 40-bit encryption. That means a computer would require exponentially more processing power than for 40-bit encryption to find the correct key.
Why should I upgrade my Internet browser?
Huntington wants you to have an enjoyable and secure online banking experience. Huntington Online Banking is designed with this in mind. With software technology changing every day and browser capabilities expanding at a similar pace, Huntington is always searching for new and better ways to make your online experience more convenient.
To keep pace with this ever-changing world of features, security enhancements, and other additions to the Huntington Online Banking, we require our customers to use current version of a recommended browser. Customers who do not upgrade to the most recent browser may not have access to all of the features offered online at huntington.com.
We currently support the following browsers: AOL 6.0 and higher, Internet Explorer 6.0 and higher, Netscape 7.0 and higher, Safari 1.0 and higher and Firefox 1.0 and higher.
OK, I've done all of that. Is there anything else?
Huntington recommends a second method for practicing good Internet safety. Get into the habit of visiting huntington.com and performing all financial transactions before venturing out onto the Web for general surfing.
In addition, you should be aware of certain risks and should act responsibly when dealing with programs or files from unknown sources -- this applies to both software available on the Internet and sent via email. Installing files from unknown sources raises the risk of unknowingly downloading infected or malicious software or computer viruses. Once installed on your computer, these programs could potentially tamper with your files without your knowledge. We urge you to never run any untrusted or unfamiliar software or programs received from email or the Internet. As you chat, browse the Web or accept email from unknown persons, always be careful and a bit suspicious.
We also recommend the use of virus detection software that can ensure your computer is free from known viruses. Norton, F-Secure, McAfee, and others offer anti-virus software that detects some of the most recently discovered viruses and malicious applications. We encourage you to check frequently for updates to these virus-detecting programs and install updates as necessary. Concerned consumers can keep abreast of security issues by visiting Microsoft's Security Advisor Web site or the Privacy Partnership Web site.
With enhanced interactive content and online security, we feel that your cooperation and use of these browsers, in conjunction with practicing good computer sense, will provide you with a safe and secure way of enjoying the great convenience and security of banking online at huntington.com.
With all of this talk about security, should I be worried? Not worried, but perhaps a little more cautious. We at Huntington feel that the suggestions contained in the Huntington Security Commitment, when followed, will allow our customers to perform their online banking activities in a safe and secure manner.
All cryptography involves encrypting the bits, or zeros and ones, that
make up messages, with very large numbers called "keys." Until recently,
the most common way to send secure messages was with a symmetric key.
The same key would be used to both encrypt and decrypt the message. Because
both the sender and receiver needed to know the same key, it had to be
sent too and could end up stolen. On the other hand, asymmetric, or public-key,
cryptography uses separate keys to encrypt and decrypt secure messages.
Nothing except the encrypted message has to be sent for the transaction
to be secure.
How does public-key cryptography work?
To use public-key cryptography, you need a "key pair," made up of a "public
key" and a "private key." The public key should be made publicly available,
but only you ever need to know your private key. The two keys in this
key pair are related so if one key encrypts a message, only the other
key from that unique key pair can decrypt it. This means that a message
encrypted with your public key can't be decrypted with that same public
key. It's also next to impossible to use your public key to figure out
your private key. It would take a supercomputer decades to compute a private
key from a public key. Private keys can be kept on a computer's hard drive,
encrypted with a password or stored on cards used with a special reader
connected to a computer.
What information should be encrypted?
Many messages crossing the Internet don't need to be encrypted. For example,
L.L Bean and one of its customers wouldn't need to conceal from "snoopers"
the number and size of socks you're ordering, but they would want to conceal
your credit card number and make sure that your order isn't altered while
it's being sent.
How can businesses use cryptography?
Businesses can use cryptography to protect you three different ways.
They can positively identify you, so that only you can make any transactions
affecting your accounts. Businesses can also protect the security of your
confidential information. Lastly, they can make sure information isn't
altered while being sent across the Internet.
To be sure who you are, a business can use digital signatures. A digital
signature is a message that you send to the business encrypted with your
private key. When the business decrypts the message with your public key,
it knows that only you could have sent the message.
Businesses can also use cryptography to protect the security of your
confidential information. When you send an order to L.L. Bean, the parts
of the order that are confidential are encrypted using L.L. Bean's public
key. After the order is received, L.L. Bean uses its private key to decrypt
the parts that are confidential. Because L.L. Bean's private key is the
only one that can decrypt your confidential information, you can be sure
that nobody else can see it. At the same time, L.L. Bean can send you
information encrypted with your public key and only you would be able
to decrypt it, using your private key. When speed is important, symmetric
cryptography can be used along with public-key cryptography. Long messages
encrypted with public and private keys can end up being very large and
slow down the data transmission process. To speed things up, you and the
business can exchange a symmetric "session key" using public and private
keys and then carry on the rest of your transaction using symmetric key
cryptography, which is much faster.
Finally, a business can make sure information isn't altered by anyone
else as it gets sent across the Internet. This is done by using cryptographic
hashes. Cryptographic hashes are numbers assigned to a message based on
its length and the way it looks to the computer. They are encrypted and
sent along with the message. When the message is received, the receiver
makes another cryptographic hash of the message that arrived and compares
it to the hash attached to it. If the two numbers are different, the message
was tampered with and needs to be sent again.
What's a firewall?
To build a barrier between an internal network and the Internet, a company
can install a firewall. The firewall becomes the only way anyone can access
the network from outside. Because everything entering the network has
to pass through the firewall, it controls all traffic between the network
and everything outside it. Unauthorized users outside the network can't
access information inside it, but authorized users can still travel outside
the network to take advantage of Internet services.
How do firewalls work?
Firewalls use proxy software to build a wall between computers inside
and outside the network. If you want to talk to a computer at another
company's network, you really talk to the firewall while the firewall
talks to the other computer. The firewall also talks to your computer
for anyone outside your company's network. So, the firewall acts as a
proxy for all traffic passing through it and can support a wide variety
of communications software programs used for Internet navigation, like
file transfer protocol (ftp) or telnet.
What's a filtering router?
Like a firewall, a filtering router is placed between the Internet and
an internal network. Filtering routers only check the source and destination
addresses on packets, the chunks of information sent across the Internet,
to figure out if they should be let through. This prevents users on computers
outside the network from fooling it into believing they're inside the
Isn't UNIX a trusted operating system? UNIX, the operating system used to build the Internet, was developed
with the idea of maximum "openness," the flexibility to allow different
types of computers to communicate with each other. Openness is one of
the most valuable principles of the Internet, but it also has some drawbacks.
Standard UNIX doesn't have the tools to make sure information is secure.
The government has funded the development of "trusted" versions of UNIX
for use in government and military agencies' computer networks. A number
of different vendors like Hewlett-Packard, IBM and SCO offer trusted operating
systems developed by SecureWare in addition to their standard UNIX variants.
What are the advantages of trusted operating systems?
A secure version of UNIX can control access to both information and tasks.
A company may want only the people in the finance department to have access
to salary information, and only the product managers to have access to
business plans and forecasts. With a trusted operating system, files can
be labeled according to who has the ability to see, copy, print or alter
the contents of the file. Trusted operating systems can also record all
suspicious activity, like access violations, logins and logouts, and unsuccessful