Electronically your private account information is NOT directly connected to the Internet. It sits behind a firewall. The firewall ensures that the sensitive information stored on the customer server is not available to unauthorized computers. It only allows certain messages from authorized computers through. The firewall we are using is a recognized industry standard. You communicate with Defender Industries, Inc. through your computer's Web browser. Your browser is a critical piece of our security infrastructure. We only support browsers that use Secure Sockets Layer (SSL) 3.0 or higher. Your browser will handle these interactions automatically, so you do not have to take any extra steps to be protected. In fact, before you login or fill out an application, our server checks to make sure you're using one of the approved browsers.
Server Authentication: Secure Sockets Layer 3.0 provides a way for you to verify that you are in fact logging on to the Defender Industries, Inc. server and not a site that is impersonating our server. Before you logon to Defender Industries, Inc., our server sends Defender Industries, Inc's public key to your browser program. SSL 3.0, lets you verify the identity of a server by viewing the site's Certificate. A Certificate is a way of associating a public key to a name. You can be sure that you are logged on to the Defender Industries, Inc server by viewing our Certificate through your browser program when you're on the first page of the online application or login screen.
Data Encryption: Once SSL has authenticated the server, your browser and our server will establish a secret symmetric key. The symmetric key allows your browser and our server to exchange encrypted data. The symmetric key is valid for a single session only. If you log out and later come back to Defender Industries, Inc., your browser and our server will negotiate a different symmetric key automatically. The symmetric key protects all of your communications with Defender Industries, Inc.
Message Authentication Code: With data encryption in place, no outside party can understand our communications, but they could still intercept a message and scramble it. To detect message tampering, SSL uses a message authentication code (MAC). A MAC is a piece of data that is computed, using pieces of the symmetric key and the message itself. Your browser always checks the MAC before interpreting a message from our server. If the message was scrambled by a hacker, the MAC would not correctly compute and your browser would alert you of possible security hazards. The chances of someone scrambling a message and then guessing the correct MAC are pretty slim: about 1 in 18,446,744,073,709,551,616 under 128-bit encryption
Defender recognizes the importance of preserving the privacy our customers' financial data. Defender uses industry standard security software and business practices, and we regularly review and improve security features on our website and the methods by which we communicate with our customers.
No security system in the world can prevent leakage or misuse by those who neither respect nor abide by the rules of security and privacy. There was fraud before the internet and it is no surprise that fraud arises with this new means of communication. Preserving the privacy of our customers' financial data requires your diligence and common sense.
We urge our customers to use care in communicating private financial information. Defender associates who contact customers to verify credit card information, either by e-mail or by telephone, have been instructed to ask that the customer hang up and call or fax back using our 800 numbers. This practice was adopted to protect our customers. A person calling to request credit card information over the phone may be engaged in fraud and should be reported to Defender immediately. The modest inconvenience of this practice is overshadowed by the protection it provides. Furthermore, Defender associates have been instructed not to disseminate information about a customer's credit card, bank account or other private banking data via e-mail, either internal or external.
We welcome your suggestions to improve our practices and to preserve the security and reliability of your outfitting experience with Defender.