Sovereign Bank

Security Information
Security Information
Sovereign employs a number of security methods to protect you against fraud and to ensure that your online banking transactions and personal information remain safe.
Sovereign Secure Access (SSA)
SSA is a state-of-the-art security feature designed to protect you and your personal information against identity theft and account fraud.

SSA does this by attempting to “recognize” you and your computer. If it does, you will see the Personal Security Image and Phrase you chose during SSA registration, and be prompted to enter your Password.

Sovereign Bank has selected an award-winning security system in order to ensure that you are visiting an authentic Sovereign Bank site.

Select one of the following links to view a demo or learn more about SSA.

Encryption
Sovereign uses several layers of technology to ensure the confidentiality of your transactions across the Internet. SSL protocol (Secure Sockets Layer) is used to provide privacy for the data flowing between your Internet browser and the Bank's server.

SSL is an open protocol for securing data communication across computer networks, and it provides a secure channel for data transmission through its encryption capabilities. It allows for the transfer of digitally-signed certificates for authentication procedures, and provides message integrity, ensuring that the data can't be altered en route.

When a customer account is created, Sovereign assigns a password, which is sent to the customer along with an account verification letter. In addition to password protection, the Bank also provides server authentication using the latest in public key encryption.

Public/private key pairs are used specifically for authentication. The public key can be distributed using a certificate that verifies the identity of the owner. The private key is kept secret. A message encrypted with a public key can only be read after decryption with the private key.

To start a transaction, the customer uses his or her browser to send a secure message via SSL to the Bank. The Bank responds by sending a certificate, which contains the Bank's public key. The browser authenticates the certificate, then generates a session key that is used to encrypt data traveling between the customer's browser and the Bank server.

The session key is encrypted using the Bank's public key, and sent back to the Bank. The Bank decrypts this message using its private key, and then uses the session key for the remainder of the communication.

By exchanging messages using the public/private key pair, the customer can be assured they are actually communicating with Sovereign, and not a third party trying to intercept the transaction. When a session is encrypted, the key icon at the lower left corner of the browser's screen becomes solid, and a blue line appears at the top of the screen. If the key icon appears broken, encryption is not in use and the current session is not secure.

Firewalls and Routers
All customer data is stored behind protective firewalls and routers that constantly monitor inbound traffic to your accounts. Unwanted or suspicious traffic is immediately denied based on all known intruder patterns or attempts.

The firewalls and routers are audited on a periodic basis by a third party security company to ensure that they are functioning properly and are indeed protecting your accounts.

Internal Controls
Strict internal procedures are in place within Sovereign Bank controlling every aspect of bank administration, from training employees to confirming customer transactions to preventing service interruptions.

We continually evaluate our security architecture to ensure that it provides the highest level of privacy and safety for our customers.