deactivated the subject Authorized User's Access Devices.
<br />Bank will not be liable for and will not reimburse Customer
<br />for any losses that may occur as a result of this authorized
<br />use of an Authorized User's Access Devices.
<br />5.5 Whenever any Authorized User leaves
<br />Customer's employ or Customer otherwise revokes the
<br />authority of any Authorized User to access or use the
<br />Services, the Administrator(s) are solely responsible for de-
<br />activating such Authorized User's Access Devices.
<br />Customer shall notify Bank in writing whenever a sole
<br />Customer Administrator leaves Customer's employ or
<br />Customer otherwise revokes a sole Administrator's
<br />authority to access or use the Services.
<br />6. Access Devices; Security Procedures.
<br />6.1 Upon successful enrollment, Customer
<br />can access the Services from Bank's designated website by
<br />using Customer's Computer or, as may be permitted by Bank
<br />from time to time in its sole discretion and in accordance
<br />with Bank's terms and conditions for such access, using
<br />mobile or other Intemet-enabled system(s) or device(s),
<br />along with the Services' security procedures as described
<br />from time to time. A company ID assigned to Customer by
<br />Bank, a unique Login ID and an individual password will be
<br />used for log -in by Customer's Administrator(s) and
<br />Authorized User(s). The Administrator(s) and Authorized
<br />User(s) must change his or her individual password from
<br />time to time for security purposes, as prompted by the Bank
<br />Internet System or more frequently (subject to the additional
<br />security procedures described below).
<br />6.2 Customer acknowledges that the
<br />Administrator(s) will, and Customer authorizes the
<br />Administrator(s) to, select other Administrators and
<br />Authorized Users by issuing to any person a unique Login
<br />ID and password (subject to the additional security
<br />procedures described below). Customer further
<br />acknowledges that the Administrator(s) may, and Customer
<br />authorizes the Administrator(s) to, change or de -activate the
<br />unique Login ID and/or password from time to time and in
<br />his or her sole discretion (subject to the additional security
<br />procedures described below).
<br />6.3 Customer acknowledges that, in
<br />addition to the above individual passwords, access to the
<br />Services includes, as part of the Access Devices, additional
<br />security procedures, including as described below:
<br />6.3.1 Additional security
<br />procedures include a risk-based authentication security
<br />procedure for Customer, including Customer's
<br />Administrator and Authorized Users. This additional
<br />security procedure involves an additional credential for each
<br />user that is in addition to Login IDs and individual password
<br />security (hereinafter "Enhanced Authentication Security,"
<br />and/or "Enhanced Log -in Security"). With Enhanced
<br />Authentication Security, additional information regarding
<br />each Authorized User's Computer and method of website
<br />access will be collected and validated automatically with the
<br />set-up process. An electronic access identity will be created
<br />for each Authorized User by combining a number of key
<br />identification points, such as IP address, Intemet service
<br />provider, PC and browser settings, time of day and
<br />geographic location. These access identities are used by
<br />Bank to authenticate Authorized Users. Further
<br />authentication may occur automatically due to the detection
<br />of unusual source occurrences in relation to that access
<br />identity.
<br />6.3.2 An additional security
<br />procedure incorporates use of a physical security device or
<br />token ("Token") for, by way of example only, initial log -in
<br />and/or certain transactional or administrative functionality.
<br />A Token may be issued to any Authorized User(s), for
<br />example, for use in initiating and/or approving ACH
<br />transactions and wire transfers, to log in to the Services, as
<br />well as with certain administrative functionality, and/or for
<br />the creation of ACH and wire templates. Physical security of
<br />each Token is Customer's sole responsibility. With the
<br />Token, each Authorized User will receive a PIN number that
<br />the Authorized User must keep in a secure place. When an
<br />Authorized User (or Administrator) leaves Customer's
<br />employ, his or her Login ID must be deleted by Customer
<br />(or by Bank upon Customer's request) and, if a Token had
<br />been issued to such Authorized User (or Administrator),
<br />Bank must be promptly notified so that Bank may deactivate
<br />such Authorized User's (or Administrator's) Token. Any
<br />additional Authorized User requiring a Token must be
<br />authorized, in writing by Customer to Bank, for Token
<br />creation or re-creation and deployment. If applicable, fees
<br />may be assessed for additional Tokens.
<br />6.4 Customer further acknowledges and
<br />agrees that all wire transfers and ACH transactions initiated
<br />through the Services require "dual control" or separation of
<br />duties. With this additional security feature, one Authorized
<br />User will create, edit, cancel, delete and restore ACH batches
<br />or wire transfer orders under his/her unique Login ID,
<br />password and Token; a second different Authorized User
<br />with his/her own unique Login ID, password and Token will
<br />be required to approve, release or delete ACH batches or
<br />wire transfer orders.
<br />6.5 Customer accepts as its sole
<br />responsibility the selection, use, protection and maintenance
<br />of confidentiality of, and access to, the Access Devices.
<br />Customer agrees to take reasonable precautions to safeguard
<br />the Access Devices and keep them confidential. Customer
<br />agrees not to reveal the Access Devices to any unauthorized
<br />person. Customer further agrees to notify Treasury
<br />Management Services Support immediately at 1-866-475-
<br />7262 if Customer believes that the confidentiality of the
<br />Access Devices has been compromised in any manner.
<br />6.6 The Access Devices identify and
<br />authenticate Customer (including the Administrator and
<br />Authorized Users) to Bank when Customer accesses or uses
<br />the Services. Customer authorizes Bank to rely on the
<br />Access Devices to identify Customer when Customer
<br />accesses or uses any of the Services, and as signature
<br />authorization for any Payment, transfer or other use of the
<br />Services. Customer acknowledges and agrees that Bank is
<br />authorized to act on any and all communications or
<br />instructions received using the Access Devices, where such
<br />communications were provided to Bank in accordance with
<br />18 of 54 0522
<br />
|