Highland Banks

• Community Giving
  • Community Giving in Action
  • Request a Donation or Apply for a Grant
• Contact Us
• Employment
• Locations
• Mission and Values
• News
• Our History
• Privacy Statement
• Do Not Call Policy
• Site Map

Highland Bank’s Enhanced Electronic Banking Security

Frequently Asked Questions

Highland Bank is constantly evaluating security measures to address evolving Internet and computer security threats.  Our new security feature is designed to further protect your Highland Bank account information while providing you with the certainty that you are on the authentic Highland Bank website.

Background on Required Change:
In October of 2005, in order to help combat new and changing risks such as phishing and other evolving compromise techniques, the banking regulatory agencies issued guidance requiring financial institutions to strengthen how electronic banking users authenticate who they are.  The guidance required financial institutions to have a plan in place by December 31, 2006 with implementation scheduled for 2007.

What is it?
In order to make your Highland Bank electronic banking experience as secure as possible, we are introducing a new security feature. The enhanced authentication of this new feature will help protect you against online fraud. If anything out of the ordinary regarding your login behavior is detected, we will verify your identity using an extra security step. We will only ask you for more information when we detect unusual or uncharacteristic behavior. 

How does it work?
If we detect any unusual or uncharacteristic behavior, we will ask you to answer your challenge questions to make sure that it is really you. This should be a rare occurrence. For example, if someone were to attempt to sign in with your Access ID from another country shortly after you have logged off of your computer, we would verify that the person attempting to access your account was really you.

What are the next steps?
On May 15, 2007, when we roll out our new security feature, PassMark™ Adaptive Authentication, you will be required to register online so that we can identify you each time you log in. It is a quick and easy process, and your Access ID and password will not change. You simply:

• Log in by entering your current Access ID.
• Click SUBMIT
• Enter your current password
• Click SUBMIT
• Complete the enrollment form:
• Provide a current email address (if needed)
• Enter a pass phrase for the randomly selected authentication image.
• Select and answer 3 challenge questions (e.g. "What is your high school mascot?")
• Select whether you are loggin in from your personal computer or a public computer.
• Only register personal computers that you frequiently use and are not available for public use.
• Click SUBMIT

That's it!  The next time you log in PassMark™ will recognize you and display your authenticiation image & pass phrase.

Once you have verified your enrollment selections, you will be logged into the application. The next time you log in, you will enter your Access ID and password on separate pages. Enter your password only after recognizing both your authentication image and pass phrase.  

What is PassMark™?
PassMark™ is a form of Adaptive Authentication which is an additional level of security added to verify that you are you and not someone fraudulently pretending to be you in order to access your account information. . Your PassMark™ authentication image and pass phrase combine to form a shared secret between you and the application. Once you see your PassMark™ authentication image and pass phrase, you know you are at the right application site. You can then safely enter your password and process your transactions. If you don’t see your PassMark™ authentication image and pass phrase, do not enter your password. 

In addition to these items, the application uses Adaptive Authentication to identify the computer(s) you normally use so that a potential hacker cannot log in from another computer even if they guess your Access IDand password. This computer identification completes “two-way” authentication since the application knows you and you recognize the valid site with your PassMark™ authentication image and pass phrase.

How do I enroll?
Enrollment is a one-time event and is very easy.  You will enroll the first time you log in after Adaptive Authentication is turned on. The steps are as follows:

1. Log in by entering your current Access ID.
2. Click SUBMIT  
3. Enter your current password
4. Click SUBMIT
5. Complete the enrollment form:
• Provide a current email address (if needed)
• Enter a pass phrase for the randomly selected authentication image.
• Select and answer 3 challenge questions (e.g. "What is your high school mascot?")
• Select whether you are loggin in from your personal computer, or a public computer.
• Only register personal computers that you frequently use and are not available for public use.
6. Click SUBMIT

What is changing about my login?
After enrolling, you will enter your Acces ID and password separately. You must enter your password only after recognizing both your PassMark™ authentication image and pass phrase.

How do my PassMark™ authentication image and pass phrase work with Adaptive Authentication?
When you visit an office of Highland Bank, typically we recognize your face and you recognize ours. The PassMark™ authentication image and pass phrase perform a similar function over the Internet. It is a new method used to identify both parties to each other. When you enroll, you select a secret picture or authentication image and text or pass phrase known only to you. Whenever you log in, the application shows you this picture or authentication image and pass phrase so that you are certain you are accessing the real application and not a fraudulent site.

Adaptive Authentication also checks the computer or device you are using to access the application. Typically you will access the site from one or two computers, such as your work and home systems. The application remembers your computers. If you need to log in from a different computer, such as one at an Internet cafe, the application takes additional steps to verify your identity, such as asking you to answer challenge questions -  the answers to which only you and the program know.

How does Adaptive Authentication recognize my computer?
When you log in for the first time from a new computer, we put a secure (encrypted) cookie on your computer. This cookie contains a unique randomly generated number. This cookie is only visible to the application and does not contain any of your personal information. When you log in, your browser sends us this cookie, which lets us know that it is your computer. 

What if I want to log in from other computers?
If you use multiple computers to access the system, you can “register” any computer that you know is safe. You will just need to go through one extra step of answering a challenge question. Once you have successfully answered your challenge question, you will be shown your PassMark™ authentication image and pass phrase, and will be asked for your password. You will also be asked whether we should remember this computer for future log ins.  For your protection, do not register public computers such as those at the library or at colleges and universities.  If you are using a personal computer, you can answer Yes.  If you are using a public terminal(such as at an Internet cafe or an airport lounge), you should answer NO.  A new profile in the form of a secure cookie is added to this new computer if you choose to register it. There is no limit on how many different computers you can use to log into your account.

What should I do if I have difficulty enrolling or logging in, or if I am locked out because I can’t remember my challenge questions?
If you experience any difficulties enrolling or logging in, you should contact Highland Bank's Customer Service Department at 952.858.4888.  After verifying your identity, we will be able to assist you.

Does my PassMark™ pass phrase have to match my image?
No, you can enter any text. It does not have to be a caption for the picture or authentication image, just something you will remember.

Can someone steal my PassMark™ authentication image or pass phrase?
No. These items are only shown to you if you log in from your registered “safe” computer or if you have answered challenge questions. It is not possible for an unauthorized person to get access to your PassMark™ authentication image or pass phrase.

What are challenge questions? Why do I need to set them up?
Challenge questions allow you to log into the application from a new computer or a different location for your existing computer. When we detect that you are logging in from a new computer or a different location, the application asks one or more challenge questions before allowing you access. Because you are the only one who knows the answer, we know it is really you.

If someone has stolen your Access ID and password, they cannot log in because they do not know the answers to these questions. Today, you are often asked similar types of security questions, such as “What is your mother’s maiden name?” or “Where were you born?”

Why am I being asked a challenge question when I try to log in?
There are several reasons why you might be asked a challenge question, such as the following:

• You are logging in from a different computer.
• You are logging in from a different geographic location.
• Your profile is missing from your computer because you cleared all the cookies on your computer without having a Flash® player installed.

If you are asked a challenge question, by answering the question or questions correctly you will be shown your PassMark™ image and phrase. Since you are the only one who knows the answers to these questions, we know it’s really you.

After you answer the questions, you will be asked whether we should remember this computer for future logins. If you are using a personal computer, you can answer Yes. If you are using a public terminal (such as at an Internet cafe or an airport lounge), you should answer No.

If I manually clean my cookies or sometimes use a cookie cleaner program, what happens the next time I log in?
Most personal computers already have Adobe® Flash® Player or Macromedia® Flash® installed. If yours does not, just download the free Flash player from Adobe (www.adobe.com/products/flashplayer/). Having a Flash player permits reconstructing your secure cookie at the next login, and you will not be challenged to verify your identify. Otherwise, you may be asked to answer a challenge question each time you log in after cleaning your cookies.    

How easy is Adaptive Authentication to use?
The system is extremely simple for anyone to use. You don’t need to memorize anything new; just use the application as usual and look for your PassMark™ authentication image and pass phrase at login. Adaptive Authentication works behind the scenes to recognize your computer as you are logging in.

What if I share my computer with someone else at our business that has his or her own login for the application? Can we both log in from the same machine?
Yes, you can use the same computer to log into the application. There is no limit on how many people can log into the application from the same computer.  Your PassMark™ authentication image and pass phrase are unique to you, not to the computer.

What happens if someone steals my password? How does Adaptive Authentication keep them from accessing my account?
Adaptive Authentication remembers your computers. When someone tries to log in using your stolen Access ID and password, we recognize that they are logging in from a different computer and/or geographic location and ask them challenge questions. Since you are the only one who knows the answers to the questions, they cannot give a correct answer. They will never see your PassMark™ authentication image and pass phrase and therefore will not be able to access your account.

Can I change my PassMark™ image and phrase?
Yes, you can change your PassMark™ image and phrase at any time. To make the change, from within the application, choose Security | Change PassMark™.

What is Phishing?
Recently, there have been attempts by fraudsters to trick people into revealing personal information (like passwords) by creating fake websites that look like legitimate websites. These fraudsters send out emails randomly with links to these fake websites. This phenomenon is called “phishing” (pronounced “fishing”). After you enter your Access ID, if you do not see your PassMark™ authentication image and pass phrase, do not enter your password. Contact your Highland Bank's Customer Service Department at 952.858.4888 immediately.  Remember, you should never click on links from unknown sources.  Always type the website address or URL that you would like to access into your web browser.

I am at the application website and don’t see my PassMark™ image and phrase. I am being asked a security question. Am I at the real application site? What is happening?
First, make sure you are at the legitimate application website by typing the Web address (URL) of the application (http://www.highlandbanks.com) directly into the Web browser. Do not cut and paste the address from an email, and do not click on any links from an email. If you still see a question, answer the question, and you should see your PassMark™ items next to the Password field. If your PassMark™ items are there, you can be confident you’re at the real application. Whenever you use a new computer or public terminal, you are asked a question or questions to make sure someone hasn’t stolen your user name and password. This might also happen in some cases if you delete cookies from your computer.

Can I use or upload my own picture as my PassMark™ authentication image?
You cannot upload your own picture to serve as your authentication image, but we have thousands of pictures from which you can choose. They are separated into categories so that you can easily locate a suitable one.