Q. How much does Merrimack 24 Online Banking cost?
A. The service is free of charge.

Q. Can I pay my MCSB loans online?
A.Yes.

Q. What accounts can I access online?
A. You can view all the deposit and loan accounts that you designate upon registration.

Q. Can online banking inform me when I reach certain balances?
A. Yes. Using the notifications feature you can have the system send you e-mail messages when your balances reach levels which you designate.

Q. How secure is Merrimack 24 Online Banking?
A. Ensuring you have a secure online banking experience is our number one priority. This level of security is achieved by:

• Protecting the privacy and the confidentiality of the communications between your browser and our servers.
• Verifying that only authorized persons are allowed to access online banking.
• Maintaining isolation of our computers from the Internet.

Q. How do you ensure the privacy of my online banking?
A. The privacy of the communications between you (your browser) and our servers is ensured using cryptography. Cryptography scrambles messages exchanged between your browser and our online banking server. Encryption happens as follows: When you go to the sign-on page for online banking, your browser establishes a secure session with our server. The secure session is established using a protocol called Secure Sockets Layer (SSL) Encryption. This protocol requires the exchange of what are called public and private keys. Keys are random numbers chosen for that session and are only known between your browser and our server. After the keys are exchanged, your browser will use the numbers to scramble (encrypt) the messages sent between your browser and our server. Both sides require the keys because they need to de-scramble (decrypt) the messages when they are received. The SSL protocol, not only ensures privacy, but also ensures that no other browser can "impersonate" your browser, nor alter any of the information sent. You can tell whether your browser is in secure mode by looking for the secured lock symbol at the bottom of your browser window. The numbers used as encryption keys are analogous to combination locks. The strength of encryption is based on the number of possible combinations that a lock can have.

As the number of possible combinations grows, it becomes less likely that anyone would be able to guess the combination in order to decrypt the message. Today's browsers offer 40-bit encryption or 128-bit encryption. Both result in a large number of possible combinations, 240 and 2128, respectively. Our servers are compatible with both, however we recommend the use of 128-bit capable browsers.

Q. How do I know if my browser supports SSL 3.0?
A. For Internet Explorer, begin by opening your browser, select Tools, Internet Options, Advanced tab. Scroll to the Security Section. There should be a check mark next to SSL 3.0 if it is enabled. If there is not a check mark next to SSL 3.0, simply select the option. For Netscape Navigator, begin by opening your browser, select Communicator, Tools, Security Information, Navigator. There should be a check mark next to SSL 3.0 if it is enabled. If there is not a check mark next to SSL 3.0, simply select the option. If you do not see SSL 3.0 as a listed option, you will want to upgrade your browser to a version that has SSL 3.0. When selecting a browser, keep in mind that certain browser versions are certified to work with our online banking product. This means that the versions have been tested to ensure each feature works properly.

Q. How are others prevented from going to my account?
A. It is important to verify that only authorized persons log into online banking. This is achieved by verifying your password. When you submit your password, it is compared with the password we have stored in our secure data center. We allow you to enter your password incorrectly five (5) times. If you enter your password incorrectly five times, your online banking account will be locked until you call us to reinitialize the account. We monitor and record "bad-login" attempts to detect any suspicious activity (i.e., someone trying to guess your password). You play a crucial role in preventing others from logging on to your account. Never use passwords that are easy to guess. Examples of bad passwords are: Birth dates, first names, pet names, addresses, phone numbers, social security numbers, etc. Never reveal your password to another person. You should periodically change your password in the User Option screen of online banking.

We provide a number of additional security features in online banking. Online banking will "timeout" after a specified period of inactivity. This prevents curious persons from continuing your home banking session in case you have left your PC unattended without logging out. You may set the timeout period in the User Options screen of online banking. However, we recommend that you always sign-off (log out) when you are done with your online banking. The network architecture used to provide the online banking service was designed by the brightest minds in network technology. While the architecture is too complex to explain here, it is important to point out that the computers that store your actual account information are not hooked up to the Internet. The requests you make through the Internet are handled by our home banking servers, which retrieve the information you requested from our mainframe via proxy-based firewall servers, these servers act as the go-between you and our mainframe computers.

Q. Why does the online banking require the use of "cookies"?
A. Online banking uses a different kind of cookie known as a session cookie, a non-persistent cookie, or a pre-expired cookie. These cookies are placed temporarily and are never stored to the user's computer memory. Instead, these pre-expired cookies are used as part of the stringent security measures in the Internet Banking product. As the end user navigates through Internet Banking a pre-expired cookie is set each time a page is viewed. Because the HTML page they are viewing is not "cached", it must always be re-retrieved from the server.

The pre-expired cookies keep the session alive until the end user logs out properly or times out of Internet Banking. Once this occurs, the end user must login with their user ID and password to gain access again. This ensures that another user using the same computer can not access the previous session.

Q. What do I do if I forget my password or my customer number, or have been locked out?
A. If you have forgotten your password, customer number, or have been locked out of Merrimack 24 Online, please contact us at (603)-225-2793 or (800)-541-0006 to have your password reset. We will delete your previous password and instruct you to complete the Password Reset Form. Upon receipt of this form, we will email the Financial Institution Access code to you within 2 business days. You will use this code only once to regain access.