Summary of recent online security enhancements

We take our responsibility for protecting the privacy and confidentiality of customer data very seriously. We continuously upgrade and make enhancements to how we safeguard sensitive customer information in an always-changing online environment.

Here’s a summary of the recent online security enhancements implemented in May and October.

1.  Employer Access Code (May 15, 2010)

Given the level of sensitive data available on all employees participating in employer-sponsored plan(s), employers play a critical role in helping protect their employees from identity theft.

The Employer Access Code is an additional security mechanism for employer administrators – beyond password – to verify employer level access. It is a secret code known only by each employer administrator. We generate it in a secure way and encrypt it so even we do not have access to it. It is meant to be difficult for hackers to crack.

Tips for protecting your Employer Access Code

• Keep your Employer Access Code in a secure place.
• Do not store your Employer Access Code with your username and password.
• Do not share your Employer Access Code with anyone else.

2.  Customers with multiple roles converted to single username and password (May 28, 2010)

Fraudulent activity is more challenging to detect with multiple sets of credentials. While identities have been consolidated, roles have not. Your personal role and your administrator role have different information at risk and we protect each with a different level of security:

• Security for employer data is greatly enhanced with the addition of the Employer Access Code – a secret complex token known only by the employer administrator.
• Personal level security is neither enhanced nor reduced by identity consolidation. Over time, we will require more complex username and password to help individuals keep their personal information safe.

3.  Security questions and answers (May 28, 2010)

Security questions and answers, as well as e-mail address, help us verify your identity when using some of our online features, such as “forgot username” or “forgot password”. Your matching answers help confirm it’s you.

4.  Login image and phrase (October 9, 2010)

A login image and phrase is a secret between you and our website. Each time you log in to your account and see your login image and phrase, it helps ensure you are our website and not a fake/phishing site.

Beginning October 9, 2010, customers will select a login image and phrase. This will only take a few minutes, but will provide an important layer of added protection for our customers and their data.

5.  Interactive Voice Response (IVR) phone system access changes (October 9, 2010)

Beginning October 9, 2010, new passwords established on the IVR phone system will no longer work for web access and passwords established on the web will no longer work on the IVR phone system. Customers will need to establish a separate username and password for online access using the steps outlined on our website.