Benefit
Alternatives
Security Policy
How
secure is my information?
What is encryption?
How is encryption used by this site?
How can I tell that SSL is in effect?
How secure is SSL?
Why do I need to use a particular browser?
What responsibility do I need to take as
a client?
The Benefit Alternatives Security Promise
The trust of our clients is Benefit Alternatives' most precious asset. Therefore, the security of your personal and financial information is one of our highest priorities. The following questions and answers describe the systems that Benefit Alternatives has developed to provide our clients one of the highest levels of security in our industry.
How
secure is my information?
Benefit Alternatives has made a significant investment in leading-edge security
software, systems, and procedures to offer you a safe and secure online
environment and protect your information. While no security system is
absolutely impenetrable, we are constantly reviewing, refining, and upgrading
our security infrastructure as new tools or techniques become available.
We go to great lengths to protect your security from your very first transaction with Benefit Alternatives. For example, the Benefit Alternatives Secure Enrollment System requires you to enter a valid Username and Password before permitting you to see any personal or financial information. This site also encrypts all the information that the server and your browser exchange. If you are inactive for an extended period of time, the site will log you off and you will need to re-enter your Username and Password.
Benefit Alternatives also utilizes state of the art firewall and intrusion detection technology to prevent unauthorized access to your account and personal information. The public web servers are physically segregated from the servers that contain your account and personal information and cannot be accessed directly from the Web. Access is allowed only through well-defined scripts and is firewall-controlled. Internally, client information is specially protected through industry standard security mechanisms and policies like the strict 'Principle of Least Possible Privilege' that governs employee access to company systems and information.
What
is encryption?
Encryption is used to protect messages from eavesdropping, tampering, or
message forgery over the Internet. It is a mathematical process that transforms
a message in order to conceal its meaning.
How
does the Benefit Alternatives Web site use encryption?
It is the policy of the Benefit Alternatives Secure Trading System to encrypt
the transmission of all personal or financial Web-based information that is
transmitted between our site and your browser. The security standard SSL
(Secure Sockets Layer) is used to implement this. SSL is the leading standard
for securing World Wide Web transmissions. It is also supported by the leading
browsers, Netscape Navigator* 1.1 and above and Microsoft Internet Explorer**
2.0 and above.
How
can I tell that SSL is in effect?
The URL of a secure document begins with HTTPS://. The additional "S" on the
end of the familiar HTTP indicates a secure channel to the server. Every secure
page on Benefit Alternatives's Web site has been secured with a digital
certificate by InstantSSLT, a subsidiary of Comodo, inc. This is shown via the
"site certificate" that sits on all secure pages. To view this certificate,
click on the image of the closed lock or the solid key on the bottom bar of
your browser window. A small frame displaying site security information will
appear. If you use Internet Explorer, click on the word 'Subject' to verify the
Web site. Click on 'Issuer' to verify the site certification authority. If you
use Netscape, click on the "View Certificate" button to see information on the
subject and issuer.
How
secure is SSL?
SSL can use keys of various sizes. The larger the key length, the greater the
number of possible combinations, the more difficult the decryption challenge,
and the more secure the message. While this site will provide the maximum level
of encryption supported by your browser, those wishing to maximize the security
of their Web activities are encouraged to obtain a browser with 128-bit SSL
encryption. These browsers are available for downloading at home from either
Netscape* or Microsoft** at no cost except connect time. However, by United
States law, these browsers are available to U.S. and Canadian citizens or
permanent residents only.
Database
Protection
Enrollment is protected on serveral levels of verification
throughout the signup process. All requests to the database are directed
through the secure port on the server and require the application to supply
proper username and password. Each request also requires session verification
that determines whether the requests are performed by the same remote address
and on the same date. Information on the client is recorded to ensure all of
the data is provided by the same source. During the Enrollment process,
each page verifies that the current session is still in use and as well as the
SSL port.
Why
do I need to use a particular browser?
To maximize the privacy of your information and provide a consistent visual
presentation, a relatively current and capable browser is required. The browser
requirement for this site is Microsoft® Internet Explorer 4.0** and newer or
Netscape Navigator® 4.08* and Netscape Communicator 4.73* and newer. These
browsers have been used to extensively test this site to ensure that the pages
display and behave in a predictable manner. Other browsers may work if they
have the required browser features; however, this site has not been tested or
certified for other browsers. For example, the browser must support JavaScript,
and Secure Sockets Layer (SSL), an encryption standard for browsers. For
enhanced security, we recommend using a browser version that uses 128-bit SSL
encryption.
What
responsibility do I need to take as a client?
Although Benefit Alternatives does everything possible to ensure security,
clients have their own set of responsibilities in providing security for their
Benefit Alternatives benefit accounts. Passwords must be kept secret. Make sure
that no one is watching when you enter your passwords. It is also important to
remember to log out of the Benefit Alternatives Secure Online System and even
exit the browser when leaving the computer. Certain companies may offer to
provide services to you by accessing your accounts through our site. If Benefit
Alternatives does not have a relationship with the company that provides the
proper protocol for access, the security of your account can be at risk.
Moreover, that company's use of your password will be governed by their
policies. Anytime you disclose your identifying information to third parties,
you are creating greater risk of unauthorized use or access for which Benefit
Alternatives cannot take responsibility.
If you are using broadband Internet access (cable or DSL), we recommend that you use a personal firewall since broadband Internet access is "always on" and puts your PC and any information it may contain at risk from hackers. You should also use a virus-screening program with up to date virus definitions to minimize the risk of malicious code or Trojan horses on your computer.
*Netscape Navigator is a
registered trademark of Netscape Communications Corporation in the United
States and in other countries. All rights reserved.
**Microsoft is a registered trademark of Microsoft Corporation in the United
States and in other countries. All rights reserved.
