SSL is an open protocol for securing data communication across computer networks, and it provides a secure channel for data transmission through its encryption capabilities. It allows for the transfer of digitally signed certificates for authentication procedures, and provides message integrity, ensuring that the data can't be altered en route.

When a customer account is created, the bank assigns a password, which is sent to the customer along with an account verification letter. In addition to password protection, Sovereign Bank also provides server authentication using the latest in public key encryption.

Public/private key pairs are used specifically for authentication. The public key can be distributed, using a certificate that verifies the identity of the owner. The private key is kept secret. A message encrypted with a public key can only be read after decryption with the private key.

To start a transaction, the customer uses his or her browser to send a secure message via SSL to the bank. The bank responds by sending a certificate, which contains the bank's public key. The browser authenticates the certificate, then generates a session key which is used to encrypt data traveling between the customer's browser and the bank server.

The session key is encrypted using the bank's public key, and sent back to the bank. The bank decrypts this message using its private key, and then uses the session key for the remainder of the communication.

By exchanging messages using the public/private key pair, the customer can be assured they are actually communicating with the bank, and not a third party trying to intercept the transaction. When a session is encrypted, the key icon at the lower left corner of the browser's screen becomes solid, and a blue line appears at the top of the screen. If the key icon appears broken, encryption is not in use and the current session is not secure.

All customer data is stored behind protective Firewalls and Routers that constantly monitor inbound traffic to your accounts. Unwanted or suspicious traffic is immediately denied based on all known intruder patterns or attempts.

The Firewalls and Routers are audited on a periodic basis by a third party security company to ensure that they are functioning properly and are indeed protecting your accounts.

New advances in security technology are happening daily, and Sovereign Bank is constantly evaluating its security architecture to ensure that it provides the highest level of privacy and safety for bank customers.

Customers have their own set of responsibilities in providing security for their Internet bank account. Passwords must be kept secret. Users should make sure that no one is physically watching as passwords are entered. It is important to remember to exit the browser when leaving the computer.

If the PC is left unattended with the browser running and a valid user name and password cached, anyone can gain access to the account. Users should also take precautions to keep computers clean and free from viruses that could be used to capture password keystrokes.