Some financial institutions and their customers are concerned about cookies. Most of this is due to the technical nature of the topic and some confusing press. Much has been written about "security" and "privacy" concerns. Some of the press regarding these concerns has implicated cookies. The concerns about cookies manifest themselves as concerns about the security of the Premier Community Bank Online Banking products. This is a brief whitepaper regarding cookies, security and privacy as they relate to Premier Community Bank Online Banking.
Cookies There are two types of cookies.
Persistent cookies are stored on the user's machine (disk) for a length of time that is set by the Web server when it passes the cookie to the browser. Some applications use these cookies to store information between visits to a Website. These cookies are the ones implicated in privacy concerns. Some Websites store sensitive customer information in cookies, which puts that information at risk when the customer is connected to the Internet. Examples of sensitive customer information include Account Numbers, Social Security Number, User Code, Password, etc.
Premier Community Bank Online Banking Products do not use persistent cookies.
Per-session cookies are used to store information only within a session. These cookies are cached (in memory) only while a user is visiting the Web server issuing the per-session cookie and they are deleted from the cache when the user closes the browser. Session cookies usually contain information that identifies a session (typically a unique identifier generated by the web server). Some applications store information in addition to the session identifier in the session cookie (perhaps even sensitive customer information). Per-session cookies are frequently used by Active Server Pages (ASP) running on Microsoft Internet Information Server (IIS). These cookies store session information as the user navigates to multiple ASP pages in a Website. In fact, virtually any Website using ASPs requires session cookies.
If sites didn't use session cookies, a "session" could not exist. The net result would be that a user would have to "log in" on every page (i.e. enter access id and password on every page). Premier Community Bank Online Banking Products use Per-session cookies. These cookies only contain information that identifies a session that has been established by the Web server.
The session cookie does not contain any customer information. Again, these cookies are deleted when the user closes the browser. In addition, cookies are invalidated by the server when the session is inactive for a period of time (usually 20 minutes).