Laserfiche WebLink
6. Access Devices; Security Procedures. <br />6.1 Upon successful enrollment, Customer <br />can access the Services from Bank's designated website by <br />using Customer's Computer or, as may be permitted by <br />Bank from time to time in its sole discretion and in <br />accordance with Bank's terms and conditions for such <br />access, using mobile or other Internet -enabled system(s) or <br />device(s), along with the Services' security procedures as <br />described from time to time. A company ID assigned to <br />Customer by Bank, a unique Login ID and an individual <br />password will be used for log -in by Customer's <br />Administrator(s) and Authorized User(s). The <br />Administrator(s) and Authorized User(s) must change his <br />or her individual password from time to time for security <br />purposes, as prompted by the Bank Internet System or more <br />frequently (subject to the additional secunty procedures <br />described below). <br />6.2 Customer acknowledges that the <br />Administrator(s) will, and Customer authorizes the <br />Administrator(s) to, select other Administrators and <br />Authorized Users by issuing to any person a unique Login <br />ID and password (subject to the additional secunty <br />procedures described below). Customer further <br />acknowledges that the Administrator(s) may, and Customer <br />authorizes the Administrator(s) to, change or de -activate <br />the unique Login ID and/or password from time to time and <br />in his or her sole discretion (subject to the additional <br />security procedures described below). <br />6.3 Customer acknowledges that, in <br />addition to the above individual passwords, access to the <br />Services includes, as part of the Access Devices, additional <br />security procedures, including as described below: <br />6.3.1 Additional secunty <br />procedures include a risk-based authentication security <br />procedure for Customer, including Customer's <br />Administrator and Authorized Users. This additional <br />security procedure involves an additional credential for <br />each user that is in addition to Login IDs and individual <br />password security (hereinafter "Enhanced Authentication <br />Security," and/or "Enhanced Log -in Security"). With <br />Enhanced Authentication Security, additional information <br />regarding each Authorized User's Computer and method of <br />website access will be collected and validated <br />automatically with the set-up process. An electronic access <br />identity will be created for each Authorized User by <br />combimng a number of key identification points, such as IP <br />address, Internet service provider, PC and browser settings, <br />time of day and geographic location. These access <br />identities are used by Bank to authenticate Authorized <br />Users. Further authentication may occur automatically due <br />to the detection of unusual source occurrences in relation to <br />that access identity <br />6.3.2 An additional security <br />procedure incorporates use of a physical security device or <br />token ("Token") for, by way of example only, initial log -in <br />and/or certain transactional or administrative functionality. <br />A Token may be issued to any Authonzed User(s), for <br />example, for use in initiating and/or approving ACH <br />transactions and wire transfers, to log in to the Services, as <br />well as with certain administrative functionality, and/or for <br />the creation of ACH and wire templates. Physical security <br />of each Token is Customer's sole responsibility With the <br />Token, each Authorized User will receive a PIN number <br />that the Authorized User must keep in a secure place. When <br />an Authorized User (or Administrator) leaves Customer's <br />employ, his or her Login ID must be deleted by Customer <br />(or by Bank upon Customer's request) and, if a Token had <br />been issued to such Authorized User (or Administrator), <br />Bank must be promptly notified so that Bank may <br />deactivate such Authorized User's (or Administrator's) <br />Token. Any additional Authonzed User requiring a Token <br />must be authorized, in writing by Customer to Bank, for <br />Token creation or re-creation and deployment. If <br />applicable, fees may be assessed for additional Tokens. <br />6.4 Customer further acknowledges and <br />agrees that all wire transfers and ACH transactions initiated <br />through the Services require "dual control" or separation of <br />duties. With this additional security feature, one Authorized <br />User will create, edit, cancel, delete and restore ACH <br />batches or wire transfer orders under his/her unique Login <br />ID, password and Token; a second different Authorized <br />User with his/her own unique Login ID, password and <br />Token will be required to approve, release or delete ACH <br />batches or wire transfer orders. <br />6.5 Customer accepts as its sole <br />responsibility the selection, use, protection and <br />maintenance of confidentiality of, and access to, the Access <br />Devices. Customer agrees to take reasonable precautions <br />to safeguard the Access Devices and keep them <br />confidential. Customer agrees not to reveal the Access <br />Devices to any unauthorized person. Customer further <br />agrees to notify Treasury Management Services Support <br />immediately at 1-866-475-7262 if Customer believes that <br />the confidentiality of the Access Devices has been <br />compromised in any manner. <br />6.6 The Access Devices identify and <br />authenticate Customer (including the Administrator and <br />Authonzed Users) to Bank when Customer accesses or uses <br />the Services. Customer authorizes Bank to rely on the <br />Access Devices to identify Customer when Customer <br />accesses or uses any of the Services, and as signature <br />authorization for any Payment, transfer or other use of the <br />Services. Customer acknowledges and agrees that Bank is <br />authonzed to act on any and all communications or <br />instructions received using the Access Devices, where such <br />communications were provided to Bank m accordance with <br />the security procedures and other terms as set forth in the <br />Cash Management Master Agreement, regardless of <br />whether the communications or instructions are authorized. <br />Bank owns the Access Devices, and Customer may not <br />transfer them to any other person or entity. <br />6.7 Customer acknowledges and agrees <br />that the Access Devices and other security procedures <br />applicable to Customer's use of the Services and set forth <br />in this Appendix, as well as such security best practices as <br />described by Bank from time to time and made available on <br />the Bank Internet System, are a commercially reasonable <br />method for the purpose of verifying whether any Payment, <br />HC# 4816-8874-0154 v.J 18 of 58 1016 <br />P32 <br />