What is my routing number at Legence Bank?
Your routing number is 081204867.
How do I reorder checks?
You may bring a reorder slip or request a reorder at any of our branches. You may also use the Reorder Checks link on the left-hand side of this page.
I recently moved and need to update my contact information with the bank. What do I need to do?
We need to have your current address, phone number and email address. If you visit one of our branches, we will ask that you sign a form so that we may update your information. If you call one of our branches, we will mail a form to you. When we receive the signed form, we will be able to update your information accordingly.
I recently changed my name. How do I update this?
We will need to make a copy of your driver's license reflecting your new name. We will also ask that you and anyone on your accounts sign a new signature card for each affected account.
How do I sign up for direct deposit?
This is something you may set up with the company that is sending the deposit. You will need to provide the company with your routing number, account number, bank name, and possibly a blank voided check. They will inform you of when you will receive your first direct deposit. If you would like assistance in setting up a direct deposit, simply call one of our Customer Service Representatives.
What is the "qualification cycle" for my Kasasa account?
Your qualification cycle runs from the 1st business day of the month through the next-to-last business day of each month. Please note that debit card purchases should post to and clear your account within the qualification cycle time frame to be counted during that cycle. You will then receive the interest you have earned on the last business day of each month.
I do not have internet access at home, but I would like to stay up on my balances. What options to do I have?
You have two great options. Telephone Banking is completely free and allows you to call a toll-free number to retrieve your balance as well as recent activity. To use Telephone Banking, first call a Customer Service Representative at your local branch and set up a four-digit PIN to be used for Telephone Banking. Once that is set up, you may call 1-800-811-8204 to retrieve your current balance as well as recent activity on your account. Text Banking allows you to text or to receive text alerts which offer your balance as well as recent activity on your cell phone. Legence Bank does not charge for Text Banking with personal accounts. However, you may wish to check with your mobile carrier to make sure that you will not incur fees for texting on your cell phone plan. Please contact a Legence Bank Customer Service Representative if you are interested in either service.
I would like to get a new account, but my schedule does not allow me to come into a branch during business hours. What should I do?
If you wish to apply for a personal checking or savings account, applying for an account online is a great option. This user-friendly application takes about 10 minutes and will initiate the process of opening your account with our eBranch. To apply online, simply click the Open Now button when viewing the type of account you wish to open.
I want to safeguard myself from identity theft. What are some best practices to protect my identity?
Your security is of the utmost importance at Legence Bank. We believe that the best defense against online criminals is for us to keep you as informed as possible. We offer a practical set of tips that can help you protect yourself against identity theft. For more information, simply visit our Fraud Prevention and Security page.
I need further assistance with one of my bank accounts or bank services. Whom do I contact?
Should you need further assistance, please don't hesitate to contact any of our Customer Service Representatives at your local branch or at 1-800-360-8044.
I just received my debit card. What should I do now?
You can activate your card within your Legence Bank online banking or in our APP. You can also activate your debit card by calling the toll-free number included with the card.
I would like to change the PIN on my debit card. How can I do that?
You can choose a PIN within your online banking or in our APP. You can also update your PIN us by calling us at 1-800-360-8044.
I either lost my debit card or it was stolen. What do I do?
You should notify Legence Bank as soon as possible in order to close your debit card by calling your local branch or calling 1-800-360-8044. If you have online banking or our APP, you also have the ability to Turn your card “Off” From the Manage Cards menu. If you choose this option, you must still call us to complete the closure. To contact someone after hours, please call 1-844-202-5333.
Should I choose credit or debit when I use my debit card?
Legence Bank recommends that you choose credit for all point-of-sale purchases. It is a more secure transaction.
Why do I have a $1.00 transaction on my account?
Some merchants will pre-authorize your debit card to ensure that it is a valid account. It is simply a hold on your account. This hold will remain until the merchant submits the actual amount of the transaction and it posts to your account. Once the actual payment posts, typically within 2 or 3 business days, the pre-authorization in the amount of $1.00 will come off of your account.
My debit card was denied for a large purchase, but the funds are available in my account for this amount. What happened?
There are limits placed on all debit cards and ATM cards for your security. These limits are set per business day. If you wish to adjust these limits temporarily or permanently, please contact a Customer Service Representative at Legence Bank.
Why am I asked for a security code when using my debit card over the phone or online?
The three-digit code shown on the back of your debit card lets merchants know that you're physically holding the card when you make a purchase online or over the phone. It is an extra level of security that helps prevent fraudulent transactions on your card. This code is sometimes called a Card Security Code (CSC), Card Verification Data (CVD) or a Card Verification Value (CVV), among other terms.
I am traveling out of the country. Should I notify Legence Bank?
If you will be using your debit card while you travel far from home, especially if you are traveling internationally, you will need to notify our Operations department of where and which dates you will be traveling. If you have Legence Bank Digital Banking services, you may also add Travel Information from the Manage Cards menu.
How may I sign up for Online Banking?
You have two ways in which to sign up for Online Banking. You may enroll online by going to our homepage and finding the Online Banking button. You will then choose “New User” and then “I am an existing user” if you have any type of Deposit or Loan Account. Once you have completed the application, you will receive a call from one of our eBranch representatives for further verification. Once complete and verified, you will receive an email with a link to be used for your first login. Additionally, you may contact a Legence Bank team member at any of our branches to sign up for Online Banking access. Both scenarios will cause you to receive an invitation email to log in to Online Banking for the first time. You will only need to know your security code, a code that was either chosen by you or provided to you, for your first login.
I'm also interested in the App. What do I need to do?
First, you should sign up for Online Banking if you do not already have that service, as the credentials you use for Online Banking will also be the credentials you use to login to the App. Next, you may go to the App Store on an iPhone device or Google Play on an Android device to download the free Legence Bank App. You will then be able to log in to the App using your Online Banking username and password.
I am locked out of my Online Banking. What do I need to do?
Once you are locked out, you will need to contact the eBranch or a Legence Bank team member to be unlocked and/or reset. After proper verification, we will assist you in gaining access back into your Online Banking.
What are my options to receive the one-time passcode for extra login security in Online Banking?
You have three options: you may receive a text, receive a phone call, or use a mobile App called Duo Mobile for extra login security in Online Banking.
I don't want to receive a one-time passcode every time I log in to Online Banking on the same computer. What should I do?
Once you enter your one-time passcode in the field provided, you will have an option to register your computer or device. We only recommend registering a computer or device if it is yours and it is private. If you register your computer or device, you should not be prompted with a request for a one-time passcode on future logins. If you have registered your computer or device, and you are still prompted to verify your identity, please contact the eBranch for further assistance.
I'm having trouble logging in. What should I do?
Should you have any questions, or you would prefer to have assistance with your Online Banking login, please don't hesitate to contact the eBranch or a Legence Bank team member by calling your local branch or calling our toll-free number at 1-800-360-8044.
When I log in, I am being asked Security Questions that I have never chosen before. Why?
Virtually every time you experience this issue, it is due to the fact that your username was entered incorrectly. Please go back to our homepage and carefully re-enter your username. If you are unsure of your username, please contact the eBranch or a Legence Bank team member for assistance.
Is Online Banking secure?
It is Legence Bank's commitment to keep your accounts safe while adopting the latest security requirements provided by the government. The authentication procedures used for each login comply with the best industry practices on how to best protect you and your finances, including several levels of extra login security.
I would like to be able to transfer funds between two of my accounts online. What do I need to do?
If eligible, Once logged into your Legence Bank digital banking profile, navigate to the “Move Money” menu, and choose to start a “New Transaction”. If you do not see the options you wish, please call the eBranch or a Legence Bank team member at 1-800-360-8044.
I still get a paper statement but would like to receive it online now. What do I need to do?
There are several options available to enroll your account(s) to eStatements from Paper. You can request to sign up for eStatements at any of our Legence Bank branches with one of our team members. You can also sign up when logged into your online banking, you will click on “Access eStatements for this account”. Additionally, you can complete a form on the Legence Bank website at Resources>Personal Services>Online Banking>eStatements>Enroll Now.
What export options do I have for my transaction history?
You have the following options in which to export your transactions: Quickbooks, Quicken, Excel, comma separated, PDF document, and Word document. To export your transactions, click on the account you wish to view, then click on the downwards arrow (Download Icon) at the top. You will see an option to Download under your preferences. If you wish to print your transactions in a printer-friendly format, choosing a Word document, PDF document, or Excel document is an excellent way to do so.
How do I find my eStatements?
Once you are logged in to your Online Banking, click on the account of which you wish to inquire. There will be an option for Account Services and you will click on “Access Statements for this account”. You can use the dropdown box to switch between accounts.
I would like to change some settings within my Online Banking, such as my password or my email address. What do I need to do?
Once logged in to your Online Banking, click on Manage Profile. You will find many options there including changing your password, Username, Security Questions and setting up various alerts on your account.
What is a sub-user and where do I go to add one?
A sub-user is an individual that you choose to setup with login credentials to gain access to some or all the accounts that you view online. You may choose whether you would like them to be able to view specific accounts, could transfer between Legence Bank accounts, view eStatements with or without images, view account details or a combination of these. A common example of a user and sub-user is a parent and child. To add a sub-user, as well as edit or delete existing sub-users, simply go to Manage Profile> Sub-Users.
How do I sign up for Bill Pay?
If you have never used Bill Pay before, you may see many benefits in trying this great service. To sign up, simply log in to your Online Banking and click on the Move Money tab. The system will lead you through setting up your profile. Once you have set up your profile, then set up a payee, you may proceed with paying that payee when you wish.
How do I add a new payee?
Simply go to the Move Money tab and choose + Add a Payee. When presented with the options available to you as a user, choose to add the payee as a Person, Bill Pay or External Account, enter the details of that payee, and then you will be ready to make a payment to that payee. External Accounts will require additional verification.
How do I pay a bill?
To make a payment to a payee you already have saved in the system, simply go to the Move Money menu, and choose New Transaction. You will choose the account which should pay for that bill, the amount you wish to pay, and the date you wish it to be processed. Click Next and review your payment(s), then confirm the payment by clicking "Submit". To double-check your bill payment submission, you may go Move Money: Scheduled tab to view what you just submitted. You will have until 3 PM CST on that business day to alter the payment if needed. Once a payment is processed, it may be viewed in Move Money: History menu instead.
How do I add a memo or comment to a payment in Bill Pay?
Once you initiate a bill payment by choosing the payee, entering the pertinent information, and clicking Next, you will have the ability to add a check memo on the screen when entering the amount and date. Please note if a check memo is added to an Electronic Payment, the payment will revert to mailing a paper check to reflect your memo notes.
When will my account be debited for a bill payment I sent?
Bill Payments can be sent in two ways: electronically and by check. Whether your bill is going electronically or by check, your account will be debited within the same amount of time. It is debited when the bill payment is processed and sent to the payee, so you may expect that your account will be debited within 1- 3 business days in the amount of the bill paid.
How do I edit the details of an existing payee?
Go to the Move Money menu, choose Payees, then you may find your payee in the list provided and either edit or delete that payee.
How do I add a new funding account through Bill Payment?
Simply go to Manage Profile, then choose Pay From Account. You may then view your existing funding accounts and also add an existing Legence Bank Checking account you own by choosing Add Account. You will then enter the information requested and click Next. Your new funding account will only be ready to use once a Legence Bank employee approves it. You will be notified when the new funding account is approved and ready for use.
I made a mistake on a Bill Payment I made. What can I do?
If you make a payment prior to 3:00 PM CST on a business day, you will have the chance to edit or delete it up until 3:00 PM CST on that day. If you realize that a mistake was made after 3:00 PM CST on that day, the payment will already be in processing and will not be able to be edited. In this case, please contact the eBranch to discuss if anything can be done at that point.
I'd like to make a stop payment on a Bill Payment that has processed and was sent as a check. What should I do?
Call the eBranch or a Legence Bank team member for assistance at 1-800-360-8044.
How do I edit my contact information in Bill Payment?
Simply go to Manage Profile> Bill Pay Settings> Personal Information. You can update your information as you wish on this screen.
How do I get an image or proof of a bill payment I made in the past?
To get a proof of payment for a bill payment, simply inquire on the payment in Move Money history, then inquire on the payment. From there you will be able to retrieve payment information such as arrival dates, tracking information and an image of the cleared check if available. You may also contact the eBranch at 1-800-360-8044.
Can I pay more than one Payment at one time?
If you wish to pay multiple Bills at one time, once you choose your funding account you will hit the multi person/company icon beside the search bar. When clicked, you will then be displayed with check boxes beside each payee available to submit with this feature. You will then have the opportunity to go through each payee and payment one by one before submitting.
How does Text Banking work?
Text Banking has three different options that you may choose. First, you may choose to have your current balance texted to your cell phone each day at a specific time. Second, you may choose to have your current balance texted to your cell phone each day at a specific time only if your balance has fallen below a certain balance threshold. Third, you may choose to not receive a text alert, and instead, text the service directly to receive a text back with the information you requested. Text Banking offers balances as well as recent transactions on your account.
Is Text Banking a free service?
Legence Bank does not charge for Text Banking. However, we recommend that you check with your mobile carrier to assure that you will not incur any charges on your bill for text.
I wish to sign up for Text Banking. What should I do?
Simply contact the eBranch or any Legence Bank Team Member at your local branch to sign up for this great service.
I recently changed my cell phone number and I use Text Banking. What should I do?
Simply contact the eBranch or any Legence Bank Team Member at your local branch to update your information.
I am not receiving my daily text alerts. What could be happening?
The reason for this could vary. Please contact the eBranch for assistance in resolving this issue.
My phone service does not offer premium SMS texting or I do not have unlimited texting on my cell phone plan. What options do I have?
Text Banking can send alerts via email as well. Ask the eBranch or any Legence Bank Team Member for more information if this option interests you.
Mobile Banking App
How do I find the Legence Bank App?
Go to the App Store on an Apple device or the Google Play Store on an Android device and search for Legence Bank. It is a free App that can be downloaded when you wish.
Do I need to sign up at Legence Bank to use the Legence Bank App?
If you are currently a Legence Bank Online Banking user, you will be able to simply log in to the App using your Online Banking credentials. If you do not have Online Banking, go to www.legencebank.com to sign up or contact your local branch. Once you are set up for Online Banking, log in to Online Banking to set up your credentials. After your first Online Banking login, you will be able to log in to your new Legence Bank App using your Online Banking credentials.
What information is required for me to login to the Legence Bank App?
You will be asked to provide your current Online Banking username and password.
Will I be locked out of the App by entering an invalid username or password?
After three invalid login attempts, your login will be locked. To unlock your login credentials, contact the eBranch or a Legence Bank Team member at your local branch for assistance.
What accounts will I see through the Legence Bank App?
You should be able to view the same accounts as you currently see in Online Banking.
What capabilities do I have with my accounts once I have logged into the Legence Bank App?
You will have the ability to view your current balances, view your recent transactions on your accounts, view images of checks that have cleared, manage your Legence Bank cards, access our personalized Money Manager and utilize our great Move Money platform, should you choose to do so. You may also contact us directly from the App, locate a local branch, view Legence Bank's Facebook page, and more.
I would like more information about Legence Bank's Apps. How do I learn more?
Simply contact the eBranch at 1-800-360-8044 or a Legence Bank Team Member at your local branch with any questions or interests in the Legence Bank app. You may also view or follow Legence Bank's Facebook page for App updates, and more.
Is this product safe?
All card information through our P2P service is fully encrypted to ensure complete security and compliance. You as the sender never see the recipient’s card details, but it is saved for the convenience of future payments. In order to send money users need to be logged in to their digital banking login, which requires you to authenticate with security features in addition to your username and password, and you can also choose to enable Touch or Face ID for peace of mind.
Does it matter what type of card my recipient has?
Only individual Visa and MasterCard debit cards are accepted. Users will get an error when attempting to receive funds onto a prepaid card, credit card, or business debit card.
Will my payee receive the funds immediately?
Funds will be sent from your Legence Bank account to the receiving bank immediately, (once the recipient has entered their valid card number) but availability is dependent on the recipient’s bank’s policy. Encourage your recipient to ask their bank when funds will be available on a deposit through their debit card.
Can I make a change to or cancel a P2P I scheduled?
No, P2P transactions are immediate and cannot be edited, cancelled, or returned. Please make sure to send money only to other people you trust. Ask yourself: If I made an error, can I get that money back from them? For example, do not send money using P2P to an unknown recipient for a purchase you are making online until you’ve actually received your item.
Can I set up a recurring P2P transfer?
No, recurring transfers with P2P are not available. You will need to issue each payment separately.
What do I do if I made an error when scheduling my P2P payment?
Contact the recipient and request that they do not accept the funds by entering their debit card number. (Invite set-up link expires after 3 days and the money will credit back to your account at that time.) You can then send them a corrected P2P transaction.
Is there any charge for use of Legence Bank’s P2P?
No, this is a fee-free service.
Is there a limit to how much money I can send?
Yes, the limit is $1500 per transfer and/or per day.
Why won’t the link work for my recipient?
The link expires after 3 days and only works once, so the recipient needs to fully complete the form and submit the first time. If they let the link expire, you will need to resend.
The person I am sending money has a new debit card since the last time I sent them funds. What do I do?
You will receive a message stating their card is expired and it will allow you the opportunity to send a new link and/or you can delete your recipient and recreate them, which will send them another link to enter their new card number.
How may I get Mobile Deposit?
First, if you are a current Online Banking user, you should download the Legence Bank App if you have not already done so. Next, reach out to Legence Bank's eBranch or a Legence Bank team member to learn if you are eligible for Mobile Deposit. Eligible accounts include personal checking or savings accounts on which you are an owner. To use this feature, simply log in to your Legence Bank App, tap on the Deposit Checks option within your App Menu, and submit your first Mobile Deposit.
Is there a dollar limit for checks submitted through Mobile Deposit?
There is a $1,500.00 limit per check and/or per day for personal accounts. Should you have a check for more than $1,500.00, please do not submit it through Mobile Deposit. It should be presented in a branch, deposited in an ATM or night drop box, or mailed to the bank. Should you have several checks that accrue to more than $1,500.00, please submit those that you are able without exceeding your limit. You will then be able to deposit the remaining checks on the following business day.
Is there a limit to the number of checks I may submit through Mobile Deposit in one day?
There is no limit to the number of checks you may submit through Mobile Deposit in a day as long as the accrued total of the checks is less than $1,500.00.
Can I submit multiple checks using Mobile Deposit at one time?
Yes, if you are depositing multiple items into the same account you may use Multi-Check Mobile Deposit. Once you have chosen your depositing account, you will have the option to + Add Additional Check after making each deposit. History for each of these items will display separately even when using this feature.
How should I endorse the back of my check?
Effective July 1, 2018, all checks submitted through Mobile Deposit must have a proper restrictive endorsement along with your signature. Prior to making your mobile deposit, please sign the back of your check, then print "For Mobile Deposit Only" underneath your signature.
What is the cutoff time with Mobile Deposit and when will my funds be available?
The cutoff time for Mobile Deposit is 4:00 PM CST on each business day, which is when our bank branches move to the next business day. Any deposit that is submitted prior to the cutoff time and is approved will be available the following business day. Any deposit that is submitted after the cutoff time and is approved will be available on the 2nd business day. For example, any deposit submitted and approved on a Monday morning will be available first thing Tuesday morning. Any deposit submitted on Monday evening will, if approved on Tuesday, be available first thing Wednesday morning.
Is there a fee for Mobile Deposit?
No. Mobile Deposit is a product we are pleased to provide to you free of charge.
After I make a Mobile Deposit, what should I do with the check?
Please store your check in a secure location for 45 days. Review your Online Banking, App or statement to assure that the deposit posted and cleared. 45 days after your deposit you should then properly destroy your check by shredding it.
How may I learn the status of a submitted Mobile Deposit?
Within Online Banking or the App from the Deposits Checks tab, you will see your Mobile Deposit history. For a deposit that has been just submitted, it will be shown in the “Submitted” status awaiting review. Once your deposit has been reviewed, it will either change to an "Approved" status or a "Rejected" status. If your deposit is rejected for any reason, you will receive an email with that status and reason for the rejection.
What types of checks may I not deposit through Mobile Deposit?
The system will not accept a third-party check, checks from a foreign country, previously deposited items, or checks made payable to a business, trust, or estate. Also, a two-party check must have endorsements of both individuals and must be deposited into an account on which both parties are owners.
How does a Mobile Deposit display to me in Online Banking?
Once your Mobile Deposit posts to your account, it will simply have a description of "Mobile Deposit". Should you double-click on the transaction to view the image, it will show you an auto-generated deposit ticket that was created for your Mobile Deposit, rather than the image of your check.
What happens if my check is returned?
Should the check you wrote be returned for insufficient funds or another issue, it will be handled in the same manner as a check you would deposit in a branch.
A deposit I made through Mobile Deposit was rejected. May I try to submit the same check again?
The system does not allow a check to be submitted into the system twice. Should you need to submit a check to our bank that has previously been submitted through Mobile Deposit, please do so in a branch, through an ATM deposit or night drop, or via mail.
I'm trying to take an image of a check through Mobile Deposit, but my phone won't allow me to change to landscape view, so it won't let me take the image. What's wrong?
Some phones have a Portrait Orientation Lock. It may be possible that you have previously turned that lock on which will not allow your screen to turn to landscape. Simply find that setting and turn it off to proceed.
What is Heartbleed?
Heartbleed is a small flaw in the code of the Open SSL library, which is a widely used online security tool that is used by millions of websites to secure and encrypt communications. It is in essence a programming mistake which makes sites that use Open SSL vulnerable to unauthorized access to sensitive data. Approximately two-thirds of the Internet relies on Open SSL. However, Legence Bank does not use Open SSL for our online products.
Are Legence Bank's online products, including Online Banking, vulnerable?
Legence Bank's online products and services do not use Open SSL. We have no known applications affected by this vulnerability. However, for your peace of mind, you may change your password for Online Banking if you wish. To do so, once logged in to Online Banking go to the Settings tab, then the Security sub-tab. You will see a small tab below called Password. You will be prompted to enter your current password, then to choose a new password. In addition, our eBranch Representatives as well as Customer Service Representatives are happy to assist you in changing your password as well.
What should I do in response to Heartbleed?
We highly recommend that you update all credentials for the sites you visit online, especially those which use Open SSL. Many social network sites and shopping sites use Open SSL. Many of the most popular sites that use Open SSL have made fixes, called patches, to their site to protect it. However, for your peace of mind, we do recommend that you update your credentials for the sites you frequent online.
Retirement of Microsoft XP
What is the issue we're hearing about involving Microsoft XP?
Microsoft XP, a computer operating system many users use, had a support deadline of April 8, 2014. This means that technical assistance for Windows XP is no longer available, including automatic updates that help to protect your PC. If you continue to use Windows XP now that support has ended, your computer will still work, but it might become more vulnerable to security risks and viruses. Microsoft's website states that "an unsupported version of Windows (like XP after April 8) will no longer receive software updates from Windows Update. These include security updates that can help you protect your PC from harmful viruses, spyware and other malicious software, which can steal your personal information. Windows Update also installs the latest software updates to improve the reliability of Windows – new drivers for your hardware and more." Even if you have an unsupported version of Windows XP at this time, Windows will continue to start and run for you. It just won't run on the most updated version, and you will not receive support, should you need it, from Microsoft.
How do I know if I use Microsoft XP?
Click the "Start" button on the home screen of your personal computer, then click "Run" (or type run in the search bar to find it and then click on it, then type winver and hit OK. You will be presented with a pop-up box that states which Microsoft version you use.
What do I do if my computer uses Microsoft XP?
You have various options. Which option you choose is completely up to you. You may continue to use the same computer as long as you would like as long as you implement every safety and security measure that you can while you use it. This includes updating your anti-virus protection, and keeping your software and drivers updated. Windows XP should still have a long life in front of it. You may use it as long as you feel comfortable and feel like you are doing your best to protect your computer. Another option is to buy a new computer with a newer operating system, or you could use a tablet rather than a PC while you contemplate your options.
How does this affect me as a Legence Bank customer?
This will not cause any interruption to any of the Go!Legence services we provide to you. However, continued use of a computer utilizing Windows XP could place your computer and the information on it at risk. We encourage you to learn more about this cessation of service to be best informed on how to secure your information.
POODLE (Padding Oracle On Downgraded Legacy Encryption) Web Browser Vulnerability
At Legence Bank we take your security very seriously. We are taking action to protect you against this latest security threat, and providing these answers to frequently asked questions to help you understand how POODLE could affect you — not just on our website, but throughout the internet.
If you use Internet Explorer 6 or older, please be sure to refer to the special instruction at the bottom of this page to ensure you can access our site after November 5th.
What is POODLE?
POODLE is a recently recognized bug within web browsers (i.e., Firefox, Chrome, Internet Explorer, etc.) that could make someone vulnerable to an attack by a cyber-criminal.
Why the name POODLE?
It is a technical acronym that stands for Padding Oracle On Downgraded Legacy Encryption, which describes the vulnerability danger.
How does someone fall victim to a POODLE attack?
The two most likely scenarios are: 1) they are tricked into visiting a malicious website, such as clicking a link within a spam email; 2) they utilize a shared internet gateway, such as a WiFi system at a coffee shop, where a cyber-criminal inserts themselves between the user and the websites they visit. Though, any "man in the middle" attack scenario, such as compromising their home network, could be a gateway to a POODLE attack.
How likely is someone to fall victim to an attack via POODLE?
No one knows for sure. The general consensus among the security industry is this threat is not particularly high. Presently there are no reports of a POODLE attack. It is, at this point, merely a known vulnerability that an attacker could exploit. Keep in mind, there are a lot of methods an attacker could utilize to initiate an attack. Safe web browsing is always recommended to help protect yourself.
How does it actually work?
There are a lot of highly technical explanations available online; here is a high-level summary. Web browsers, websites, and servers use encryption to make online forms and logins safe. These technologies are often updated for improvements and added security. But web browser updates sometimes allow for "backward compatibility," meaning the browser could revert to an earlier version in the event a particular website can't support the update yet. An attacker could force a user's web browser to revert back to a much earlier version of encryption technology that the attacker now knows how to penetrate.
Is my web browser going to create a new update to protect against POODLE?
Yes. All browsers are working on updates. Many industry experts cite late November as a target date, though an exact timeframe may not be available depending on which browser you use. Unless you have selected to not accept automatic updates from your web browser, the update should happen automatically.
What is Legence Bank doing to protect me against POODLE?
We are deploying a security measure on November 5th that will prevent our website from working when the earlier version of encryption technology is being used. This means that if an attacker uses this POODLE vulnerability while you are visiting our site and forces your browser to use the old encryption technology, our website won't respond.
Does this mean I wouldn't be able to see or visit your website?
Correct. If you were attacked, you wouldn't be able to see our website. This is to prevent the attack from being successful. It would be much better for you to be unable to visit our site temporarily than to allow a cyber-criminal access to your online banking account. In the rare likelihood that this scenario occurs, please contact us and we can help you regain access to our website.
If this is a threat, why are you waiting until November 5th?
The threat isn't especially severe, and there are no reports of POODLE being utilized. Thus we have weighed mitigating factors into our deployment date. First, we need to ensure there are no unwanted bugs that occur when deploying this solution. We are always diligent to ensure your security and convenience in using our online channels. We are also giving our account holders that use the browser Internet Explorer 6 the opportunity to see this message and update their browser. Once we deploy this fix, these users will no longer be able to see our website if they do not update.
Special Instructions If You Use Internet Explorer 6 or Older on a Windows XP Operating System
To continue to access our website after November 5th you must update your browser. Internet Explorer 6 (IE6) is a very old web browser that is well known to be among the least secure browsers available. Even Microsoft, the company that creates Internet Explorer, has been urging its customers for many years to no longer use IE6, and has discontinued support of it.
Why won't IE6 continue to work after November 5th while other web browsers will?
Because IE6 was created in 2001 and is not able to utilize security technologies that have been developed since then.
Will it just be your website that I won't be able to use?
No. A large number of companies are deploying this same measure. It is important for you to update to a more modern browser. Otherwise it is likely that you will not be able to utilize much of the internet. If you are still using the Windows XP operating system (also no longer supported by Microsoft), the most modern version of Internet Explorer you can update to is IE8, originally created in 2009. Alternatively, you could choose to use a more modern version of another browser, such as Firefox or Chrome.