Security Statement

Welcome to Tolleson Wealth Management. Tolleson Wealth Management and Tolleson Private Bank are committed to ensuring that your online banking transactions are secure. When providing technology solutions to clients, we constantly review processes and procedures to ensure that the highest standards of control and security are in place. Your account information is managed in a physically secure, technologically advanced data center and remains secure in transit between your computer and our data center. Below is a summary of the security framework in place and of your responsibilities as a user of Tolleson Online Banking.

INDIVIDUAL ID & PASSWORD INFORMATION
In order to access Tolleson Online Banking, you must enter a unique User ID and password. If your information is entered incorrectly for three consecutive times, you will automatically be locked out of our system. We strongly recommend that you choose a password that you can remember (without writing it down) but that does not use information that can be easily guessed by someone, such as birthdays, children’s names, etc. A mix of upper and lower case letters, numbers, and symbols provide the greatest degree of protection. Do not reveal your User ID and password to anyone. Additionally, we recommend that you change your password frequently. If you forget your password, you will be given an option to reset your password on the log-in screen. If you have been locked out, please contact us so that we may assist you with re-setting your password.

MULTI-FACTOR AUTHENTICATION/LAYERED SECURITY
In addition to your User ID and password, Tolleson Online Banking employs additional layers of personal authentication measures for access to your account. When you sign on to Tolleson Online Banking for the first time you will be required to obtain and enter a Secure Access Code (SAC), which will register and identify your browser to our secure network. A SAC code can be delivered via SMS text message, e-mail, or voice call. You must select the delivery method that you prefer when we establish your online banking account. Delivery of the SAC code in this manner is referred to as “Out-of-Band” authentication. The SAC code will expire if not used within a short period of time and you will be unable to access your account without requesting delivery of a new code.

BILL PAY SERVICE SECURITY FEATURES
Our bill pay service, which is integrated into Tolleson Online Banking, has additional layers of security to help protect your account from fraudulent activity. When you access Bill Pay for the first time, you must select and answer four (4) challenge phrases based on your personal knowledge. When performing certain actions in the bill pay service, such as adding or changing payee names, updating your contact information, or adding accounts, you will be asked to provide responses to your previously selected phrases. After six (6) unsuccessful challenge phrase responses, you will be locked out and must contact the bank to proceed. We must approve any new accounts you wish to add for paying bills online after your initial account setup, and we will do so as soon as possible. This is another measure to combat fraud, and you may wish to contact us to let us know when you want to add or change an account for bill pay services.

SECURITY/ENCRYPTION
Tolleson Online Banking requires that you use an SSL (Secure Sockets Layer) compliant browser. SSL is a protocol that allows your personal computer to establish a secure, encrypted connection to our Internet server. When you access password-protected portions of our site using a web browser, Secure Sockets Layer (SSL) technology is used to protect your communications through server authentication and data encryption. We upgrade and maintain our technology on an ongoing basis and use 128-bit encryption. Encryption is the process of scrambling private information to prevent unauthorized access. We use the latest encoding technology to ensure that your private information cannot be intercepted. Any commercially available browser should be able to connect with our servers. Please contact us for our current list of supported browsers.

When you use the secure messaging feature from within online banking to request information about your accounts, the encrypted request is sent to Tolleson Private Bank. We decode the message and verify your user and account information. We then send the requested information back to you in a similar manner that can only be read from within your online banking user account. You can recognize if your session is encrypted by looking for the KEY symbol in the lower left corner of your screen in Netscape Navigator, or when the PADLOCK symbol appears in Internet Explorer, or Firefox. SSL also utilizes the additional protection of a digitally signed certificate that assures you that you are communicating with Tolleson Private Bank.

SERVER AND FIREWALL
Before granting access to your account information, we will authenticate your sign-on information and pass your request to the server that manages Tolleson Online Banking. This server is protected by “firewall” technology. The firewall protects the server against unwarranted intrusion and ensures the safety of the communication. Both the firewall and the server are in physically protected locations. All activity on both platforms is logged and monitored to ensure that no attempts have been made to breach security. After your request is processed, the information is encrypted and returned via the Internet to your personal computer.

REMEMBER – E-MAIL IS NOT SECURE
We do not recommend that you send confidential information, such as account numbers, Social Security numbers, or other personal information through e-mail. We have no control over information sent via e-mail.

COOKIES
Tolleson Online Banking minimally uses cookies to assign an “ID”. Cookies are small text files placed on your hard drive that permit web sites to store information about your visit. Cookies are files of information, which save specific information about your visit and enable you to move from screen to screen with ease. The cookies we use identify you merely as a number and are used only to assist in producing overall site visitor statistics. Cookies, by themselves, cannot be used to find out the identity of any visitor.

In some instances, this information is used to personalize subsequent visits to the web site or to remember any personal settings or customization available to you on the site. Most cookies are harmless, particularly when received from web sites such as ours. This particular cookie is placed when going through the Multi-Factor Authentication process. However, we must acknowledge that there is no foolproof way to eliminate all risk associated with online banking. That is why Tolleson Online banking uses layered security, as discussed above, to help protect your information.

Although your browser may permit you to reject cookies, cookies are required to login and navigate within this website. If you should choose to disallow cookies you will be required to authenticate your online session each time you log on, which will include obtaining and entering a secure access code.

ALERTS
We highly recommend you establish alerts for both your online banking account and your bill pay service. Alerts from Tolleson Online Banking can be delivered via SMS text message, e-mail or voice call at times that are convenient for you, or when certain events of your choosing occur. There is a wide variety of alerts available that can be used to monitor your accounts for suspicious activity. Our bill pay service also provides alerts, called e-Notifications, which can be delivered via text message, e-mail, or both text message and e-mail.

AUTOMATIC LOG-OFF
We recommend that you log off Tolleson Online Banking when you are finished, before visiting other Internet sites, and that you do not leave your computer unattended while you are logged on to Tolleson Online Banking. If you are logged on to Tolleson Online Banking but do not perform any activity for 10 minutes, you will be logged off automatically.

CONTACT US
If you suspect unauthorized access or notice suspicious transactions in any of your accounts, contact us immediately.