How We Protect You
Keeping your online financial and personal information secure and confidential remains one of Access Capital's top priorities.
The privacy of communications between you (your browser) and our servers is ensured via encryption. Encryption scrambles messages exchanged between your browser and our online web servers.
How Encryption Works
- When visiting Access Capital's website, your browser establishes a secure session with our web and application servers.
- The secure session is established using a protocol called Transport Layer Security(TLS) Encryption. This protocol requires the exchange of what are called public and private keys.
- Keys are random numbers chosen for that session and are only known between your browser and our server. Once keys are exchanged, your browser will use the numbers to scramble (encrypt) the messages sent between your browser and our web server.
- Both sides require the keys because they need to descramble (decrypt) messages received. The TLS protocol assures privacy, but also ensures no other website can "impersonate" our website, nor alter information sent.
- To learn whether your browser is in secure mode, look for the secured lock symbol in your browser window.
The numbers used as encryption keys are similar to combination locks. The strength of encryption is based on the number of possible combinations a lock can have. The more possible combinations, the less likely someone could guess the combination to decrypt the message.
For your protection, our servers require the browser to connect at 2048-bit encryption. Users will be unable to access our website and online mortgage application at lesser encryption levels.
The computers storing your actual account information are not linked directly to the Internet.
- Transactions initiated through the internet are received by online web servers.
- These servers route your transaction through firewall servers.
- Firewall servers act as a traffic cop between segments of our online application network, used to store information, and the public Internet.
- This configuration isolates the publicly accessible web servers from data stored on our application servers and ensures only authorized requests are processed.
Various access control mechanisms, including intrusion detection systems, corporate anti-virus software and more, monitor for and protect our systems from potential malicious activity. Additionally, our online application servers are fault-tolerant, and provide for uninterruptible access, even in the event of various types of failures.