The Service

In consideration of the use of the Internet banking service, NVB Online, and the bill payment service, NVB Bill Pay,(the “Service”) to be provided to Customer by Nodaway Valley Bank, (the “BANK”), as described herein and as amended from time to time in information distributed by BANK to its customers, you (the “Customer”) agree to the terms of this Agreement. In this Agreement, “Customer” or “you” refers to the person(s) subscribing to or using the Services. You may use a Personal Computer (“PC”) or mobile tablet, phone or other device through an Internet connection to obtain account balances and transaction information. You may also use your device to obtain statements on your accounts and to transfer money between your accounts.

Your Username and Password

Each individual who desires access to Online Banking, including each individual named on joint accounts, must designate a Username and Password. Your Username must be a minimum of 6 characters. It may be any unique combination of letters or numbers. Your Password must be a minimum of 8 characters, up to a maximum of 17 characters. Your Password must contain 2 alphabetic and 2 numeric characters and may contain special symbols. You will be required to answer a security question if you are logging on from a device that you have not registered with the Service. You will be required to change your Password periodically for enhanced security.

Transferring Funds

You may use your PC to electronically transfer funds between your accounts. Transfers are posted against your balance available for withdrawal, as defined in the BANK’s Funds Availability Policy, plus the available credit on your overdraft protection, if any, or other line of credit. Transfers between your accounts must be scheduled by the normal cut-off time of 6:00 p.m. (CST) on any business day in order for the transaction to be completed on that business day.

Our Liability for Failure to Complete Transactions

If the BANK does not complete a transfer to or from your Account on time or in the correct amount according to our agreement with you, the BANK may be liable for some of your losses or damages. However, the BANK will not be liable:

if, through no fault of ours, you do not have enough money in your Account to make the transfer;

if the money in your Account is subject to a dispute, legal process or other encumbrance restricting transfer;

if the transfer would go over the credit limit on your overdraft line (if any);

if the automated teller machine or the merchant where you are making the transfer does not have enough cash;

if the system was not working properly when you started the transfer; or

if circumstances beyond our control (such as fire, flood, systems failure or an Act of God) prevent the transfer, despite reasonable precautions that we have taken.

Canceling Transfers

You may cancel a scheduled transfer between your accounts up to 5:00 p.m. (CST) on the Transaction Date by using NVB Online or by calling our Customer Support Center at (877 )217-4682.

Statements

All payments, transfers, and/or fees made with the Service will appear on your monthly Account statement. The Payee name, payment amount, and date of the payment will be shown for each payment made through the Service during that statement cycle.

Fees

Fees for the Service, if any, shall be payable in accordance with a schedule of charges as established and amended by BANK from time to time. Charges shall be automatically deducted from Customer’s Account, and BANK shall provide to Customer monthly notice of such debit(s) on your statement.

Equipment/Device

You are solely responsible for the equipment/device you use to access the Service (including, your personal computer or mobile device and any software you may need to access the Internet). The BANK is not responsible for errors or delays or your inability to access the Service caused by your equipment or device. The BANK is not responsible for the cost of upgrading your equipment or device to stay current with the Service, nor is the BANK responsible, under any circumstances, for any damage to your equipment or device or the data resident thereon.

Business Days/Hours of Operation

Normal business hours are 9:00 a.m. to 5:00 p.m. (CST), Monday through Friday, except bank holidays. Although payments and transfers can be completed only on business days, the Service is available 24 hours a day, seven days a week, except during maintenance periods, for the scheduling of payment orders and transfers.

The Security Framework

The BANK is pleased to offer Internet banking and bill payment services. Delivering these services requires a solid security framework that protects you and the BANK’s data from outside intrusion and preserves your personal information in a confidential manner. The BANK is committed to working with our Internet service and communications providers to produce the safest operating environment possible for our customers. The information below summarizes our security framework, which incorporates the latest proven technology.

There are several levels of security within our security framework. USER LEVEL deals with cryptography and Transport Layer Security (TLS) protocol, and is the first line of defense used by all customers accessing our Banking Server from the public Internet. SERVER LEVEL focuses on firewalls, filtering routers, and our trusted operating system. HOST LEVEL deals specifically with our Internet banking and bill payment services, and the processing of secure financial transactions. USER RESPONSIBILITIES summarizes your responsibilities as a user of the Internet banking system with regard to security.

In the final paragraph, you, as a user of the NVB Online and related services, agree that a payment order received by the BANK is effective as your order, whether or not authorized, if the BANK accepted the order in good faith, in compliance with its security procedures and this Agreement, and any other written order, instruction, or agreement provided to the BANK by you.

USER LEVEL

There are several components of User Level security that ensure the confidentiality of information sent across the public Internet. The first requires your use of a fully TLS-compliant 256-bit encrypted browser, such as: Google Chrome, Mozilla Firefox, Safari or Microsoft Edge. TLS is an open protocol that allows a user’s browser to establish a secure channel for communicating with our Internet server. TLS utilizes highly effective cryptography techniques between your browser and our server to ensure that the information being passed is authentic, cannot be deciphered, and has not been altered in route. TLS also utilizes a digitally signed certificate, which ensures that you are truly communicating with the Online Banking Server and not a third party trying to intercept the transaction.

After entering your Username, a secure connection is established between your browser and our server. Our servers will authenticate your computer and present you with a security challenge question so you can be sure you are on the legitimate Bank’s website. You may elect to not be challenged again on a device that you often utilize but on a public device it is best practice to always keep the security challenge option. This information is encrypted, logged by the server forming another complete physical security layer to protect the server’s information, and a request to log on to the system is processed. Although TLS utilizes proven cryptography techniques, it is important to protect your User ID and Password from others. You must follow the password parameters the BANK specifies at the time you sign up for an Internet banking account. The BANK also recommends changing your password often. Session time-outs and a limit on the number of login attempts are examples of other security measures in place to ensure that inappropriate activity is prohibited at the User Level.

SERVER LEVEL

All transactions sent to our Banking Server must first pass through a filtering router system. These filtering routers automatically direct the request to the appropriate server after ensuring the access type is through a secured browser and nothing else. The routers verify the source and destination of each network packet, and manage the authorization process of letting packets through. The filtering routers also prohibit all other types of Internet access at this point. This process blocks all non-secured activity and defends against inappropriate access to the server.

The Banking Server is protected using the latest firewall platform. This platform defends against system intrusions and effectively isolates all but approved customer financial requests. The platform secures the hardware running the online applications and prevents associated attacks against all systems connected to the Banking Server. The system is monitored 24 hours a day, seven days a week for a wide range of anomalies to determine if attempts are being made to breach our security framework.

HOST LEVEL

Once authenticated, the customer is allowed to process authorized Internet banking and bill payment transactions using host data. In addition, communicating time-outs ensure that the request is received, processed and delivered within a given time frame. Any outside attempt to delay or alter the process will fail. Further password encryption techniques are implemented at the Host Level, as well as additional security logging and another complete physical security layer to protect the host information itself.

USER RESPONSIBILITIES

While our service provider continues to evaluate and implement the latest improvements in Internet security technology, users of the online banking system also have responsibility for the security of their information and should always follow the recommendations listed below:

Utilize the latest 256-bit encryption version of Google Chrome, Mozilla Firefox, Safari or Microsoft Edge. The online banking system is best viewed and is most secure when you use one of these modern browsers, as they are certified for use at our site.

Your password must be kept confidential. You must follow our specific parameters for a password and change it frequently to ensure that the password cannot be used or otherwise identified by others.

Be sure others are not watching you enter information on the keyboard when using the system.
Never leave your device unattended while logged onto the online banking system. Others may approach your device and gain access to your account information if you leave your device unattended.

Click Log Off or Exit when you are finished using the system to properly end your session. Once a session has been ended, no further transactions can be processed until you log on to the system again.

Close your browser when you are finished, so that others cannot view any account information displayed on your device.

Keep your computer and devices free of viruses. Use virus protection software to routinely check for a virus on your computer or mobile device. Never allow a virus to remain on your computer or mobile device while accessing the online banking system.

Report all crimes to law enforcement officials immediately.

When you follow these simple security measures, your interaction with the online banking system will be completely confidential. We look forward to serving your online banking and bill payment needs both today and into the future – securely.

Alerts

Your enrollment in Nodaway Valley Bank’s Online Banking and/or Mobile Banking (the “Service”) includes enrollment to receive transaction alerts and notifications (“Alerts”). Alerts are electronic notices from us that contain transactional information about your Nodaway Valley Bank account(s). Account Alerts and Additional Alerts must be managed and/or added online through the Service. We may add new alerts from time to time, or cancel old alerts. We usually notify you when we cancel alerts, but are not obligated to do so. Nodaway Valley Bank reserves the right to terminate its alerts service at any time without prior notice to you.

Methods of Delivery.

We may provide alerts through one or more channels (“endpoints”): (a) a mobile device, by text message, (b) a mobile device, by push notification; (c) an email account, by an e-mail message; or (d) your Nodaway Valley Bank Online Banking message inbox. You agree to receive alerts through these endpoints, and it is your responsibility to determine that each of the service providers for the endpoints described in (a) through (c) above supports the email, push notification, and text message alerts provided through the alerts service. Please be advised that text or data charges or rates may be imposed by your endpoint service provider. Alert frequency varies by account and preferences. You agree to provide us a valid mobile phone number or email address so that we may send you alerts. If your email address or your mobile device’s number changes, you are responsible for informing us of that change. Your alerts will be updated to reflect the changes that you communicate to us with regard to your primary and secondary email addresses or mobile device number.

Alerts via Text Message.

To stop alerts via text message, text “STOP” to 96924 at any time. Alerts sent to your primary email address will be unaffected by this action. To restore alerts on your mobile phone, just visit the alerts tab in Nodaway Valley Bank Online Banking. For help with SMS text alerts, text “HELP” to 96924. In case of questions please contact customer service at 877-217-4682. Our participating carriers include (but are not limited to) AT&T, SprintPCS, T-Mobile®, U.S. Cellular®, Verizon Wireless, MetroPCS.

Limitations.

Nodaway Valley Bank provides alerts as a convenience to you for information purposes only. An alert does not constitute a bank record for the deposit or credit account to which it pertains. We strive to provide alerts in a timely manner with accurate information. However, you acknowledge and agree that your receipt of any alerts may be delayed or prevented by factor(s) affecting your mobile phone service provider, internet service provider(s) and other factors outside Nodaway Valley Bank’s control. We neither guarantee the delivery nor the accuracy of the contents of each Alert. You agree to not hold Nodaway Valley Bank, its directors, officers, employees, agents, and service providers liable for losses or damages, including attorneys’ fees, that may arise, directly or indirectly, in whole or in part, from (a) a non-delivery, delayed delivery, or the misdirected delivery of an Alert; (b) inaccurate or incomplete content in an Alert; or (c) your reliance on or use of the information provided in an Alert for any purpose.

Alert Information.

As alerts delivered via SMS, email and push notifications are not encrypted, we will never include your passcode or full account number. You acknowledge and agree that alerts may not be encrypted and may include your name and some information about your accounts, and anyone with access to your alerts will be able to view the contents of these messages.

Acceptance

I, the user of NVB Online, have read the description of the Bank’s security procedures and accept the terms and conditions of this Agreement. I understand that any payment orders issued to the bank using my Username and Password will be verified as described above and will be accepted by the BANK whether or not I authorized them. Accordingly, I understand the importance of the User Responsibilities described above, and accept the risk of loss held by me under the terms and conditions of this Agreement.