Security Center

The Premiere Mission Critical Datacenter in the Midwest

The facility is served by an industrial strength infrastructure that includes four fiber vaults and three electric power feeds, providing more than 100 megawatts of power. The building is currently the second‐largest power customer for Commonwealth Edison, trailing only Chicago’s O’Hare Airport. More than 50 generators throughout the building and multiple 30,000-gallon tanks of diesel fuel support grid power.

Miami, FL - Datacenter

Located in downtown Miami, MIA1 (36 NE. 2nd St.) is structurally designed for Category 5 hurricane survivability.

MIA1's strength makes it the premier international gateway for reaching South America and Latin America with international voice, video and data traffic. The building is outside the FEMA 100-year designated flood zone and the Miami-Dade hurricane evacuation zone.

Because of its proximity to Latin America, Miami serves as the headquarters for more than 1,400 multinational corporations.

  • Network neutral data center with access to hundreds of global networks
  • Structurally designed to withstand natural disasters making it ideal for disaster recovery and business continuity services
  • First stop from the overseas landing station before the NAP of the Americas
  • Low-latency metro connectivity to the NAP if required

 

System Overview

  • SSAE16 Type I & II Certified
    • View Type II report
    • SSAE16 Bridge Letter
  • BankVOD Security Best Practices 2016-SANS Institute Framework:
    • Understanding Security Regulations in the Financial Services Industry
  • Information Security and Business Continuity Management Program
    • View report
  • External Penetration Test Report
    • View report
    • Remediation report
  • LexisNexis® Risk Solutions Privacy and Security Review for Resellers eLearning Modules Certificate
    • View Certficate
  • BSI Insurance Policies Summary
    • View Certificates
  • W9 Form
    • View Form
  • Mortgage Industry News Alerts: 3rd Party Aggregators
    BankVOD is built with the same Security Guidelines as our Banking Clients and is routinely audited onsite, to ensure we comply. We do not require your customer to disclose their sensitive password information, in order to perform Asset Verifications. By utilizing BankVOD you remove the liability of advocating a process whereby sensitive information may be at risk and/or financial loss in the event of a breach. Wall Street Journal featured an article on the use of Data Aggregators who require your customer, to disclose their sensitive password information to a 3rd Party. Several large banks have made statements warning their account holders of the risk of "trading account security for convenience".
  • Screened Subnet Topology - The most secure (and most expensive) option .In this case, the DMZ is placed between two firewalls.
  • DMZ
    • VPN Firewall
    • Web Server
  • Internal Network
    • VPN Firewall
    • Database Server
    • Data Storage
    • The internal network has no external IPs, so it cannot be accessed from outside the network
  • PCI Compliance
    • SecurityMetrics certification
    • View certificate
    • View ASV Scan Report Executive Summary
  • Extended Validation SSL
  • Uploaded documents are deleted from server - We delete all documents that were uploaded once the order has been successfully delivered to our client's processing center. All processed verification requests are delivered directly to the requestor.
  • StegAlyzerRTS Steganography Detection
    • Detect fingerprints of over 1000 steganography applications
    • Detect signatures of over 55 steganography applications
    • Send real-time alerts to network security administrators
    • Retain copies of suspect files for further analysis
    • Totally transparent to insiders
  • Force encryption to the database Server
    • Connection is encrypted between the Web Server and database Server
  • Host based Anti-Virus
    • Host Intrusion Prevention Software (HIPS)
    • Host Intrusion Detection Software (HIDS)
    • Disable USB port on all hosts
  • Logs management: Tripwire Log Center
    • Log and Event management for security and compliance
    • Monitor drive space from a centralize location
  • Password policies and security features
    • Password length must be at least 7 characters long, contain at least one number and at least one letter, and cannot be the same as the login id
    • Account lockout after 5 failed attempts
    • Block concurrent user connections. Users cannot login with the same login id from different locations simultaneously
    • After 3 months of account inactivity, user needs to verify his/her account
    • Locks end users out after 15 minutes of inactivity
    • New Accounts require an End User to activate by validating the email address and entering temporary login and password, at which time they are prompted to choose a new password
    • BankVOD Administrator can limit access by specifying an IP Address Range
    • Ability to create a BankVOD account can be restricted by Company Name, Valid Company EMail Address and IP Address
  • Logon/warning message displayed during initial logon process
  • Source code is analyzed using WebInspect before uploading to the production environment
  • Summary of the Failover/HA Configuration for Each System (Chicago & Miami)
    • Web server redundancy (DMZ LAN)
      • 2 High Availability (HA) / Failover Cluster Servers (Nodes)
      • 2 High Availability (HA) / Failover Cluster Web servers (Virtual Machines)
      • The web server cluster is configured as an active/passive system. If the active server fails all traffic fails over to the second server automatically. In case of a hardware failure, all VMs are automatically failed over to the working node. With this setup we can minimize the down time in case of a hardware or software failure.
    • SQL Server redundancy (Private LAN)
      • 2 High Availability (HA) / Failover Cluster Servers (Nodes)
      • 2 High Availability (HA) / Failover Cluster SQL Servers (Virtual Machines)
      • The SQL server cluster is configured as an active/passive system. If the active server fails all traffic fails over to the second server automatically. In case of a hardware failure, all VMs are automatically failed over to the working node. With this setup we can minimize the down time in case of a hardware or software failure.
    • File Server redundancy (Private LAN)
      • 2 High Availability (HA) / Failover Cluster Servers (Nodes)
      • High Availability (HA) File Server Role (Virtual Role)
      • The file server role is configured as a Highly Available File Shares. There is a virtual network/IP address created by the cluster between both nodes so resources can be hosted on either node providing fault tolerance. So in the event of a hardware failure the File server role can fail over to the other node automatically.
    • Fax Server redundancy
      • 1 Fax server in Chicago
      • 1 Fax server in Miami
      • Each fax server handles half of the BankVOD faxing load, inbound and outbound. If one goes down all fax numbers failover to the other server automatically and all outbound faxes keep faxing from the server that is up and running.
  • FCRA Permissible Use Application