Security

Our goal is to make your online interaction with Pacific Blue Cross (PBC) as valuable as possible, delivering information that is relevant to your needs. We understand many people have concerns about the security of their information, especially when providing their information via the Internet. We are committed to protect the information you provide us online in the same way we protect all our customer information. We take the privacy of customer data very seriously at Pacific Blue Cross as you can see in our privacy commitment.

Your information is not automatically accessible via the Internet. Once you request online access to your information, we request specific information about you to confirm your identity. We then use several security measures to confirm this information, and only then do we allow online access to your information.

When making purchases via our website, your credit card information is safe and secured. Reliable and trusted service providers who specialize in processing online payments handle all credit card transactions on our behalf.

How we protect your information online

On our website, we use a combination of Secure Socket Layer (SSL) encryption, firewalls and timed logouts to ensure confidentiality. The following explains the technologies used to secure your information.

• The Secure Socket Layer (SSL): protects the information transmitted and prevents interception by unauthorized parties; and
  
  
• A firewall: restricts unauthorized access to our networks where your information is stored; and
  
  
• Timed Sign outs: which terminate your connection to us after a certain period of inactivity

As well, all our systems are constantly monitored and we are alerted to any suspicious activity.

The Secure Socket Layer (SSL)

SSL is an industry standard protocol used for communication between your Web browser and our Web servers. It provides authentication, data integrity and encryption.

Your browser may give you a message indicating you are entering a secure website. You may also see a blue box outlining the secure page. And if you usually see a broken key or open lock in the lower left corner of your screen, you'll notice it change to a full key or closed lock.

Secured transactions are also indicated in location or address bar of your browser by the prefix https:// rather than http:// (https stands for hyper-text transfer protocol, secured).

• Authentication
  Authentication confirms that you are who you say you are, and verifies that you are communicating with a Pacific Blue Cross Web server. There are two parts to the authentication process, digital certificates as well as your identification and password.
  
  The Secure Socket Layer uses digital certificates to confirm with your Web browser that you are accessing our Web server. Our Web site uses Verisign digital certificates, the strongest security available for websites. Digital certificates let you verify whom you are dealing with. Our certificate allows you to confirm that you are dealing with Pacific Blue Cross (aka PBC Health Benefits Society) and that we own the website to which you are connected.
  You can check the digital certificate for our website to establish that you have a secure connection by simply clicking on the Verisign seal whenever you see it appear on our site.
  
  Some of our services require you to have a personal digital ID certificate installed on your computer. We provide specific instructions for installing this personal digital ID only when it is required by our systems. For most of the services we provide on our website, this personal digital ID is not required.
  
  Your user ID, or group and ID numbers as well as your password are confirmed to ensure your information is provided only to the correct identification and corresponding password. Incorrect identification and/or password will result in failure to access your information.

• Data integrity
  The Secure Socket Layer ensures that any alteration to the contents of your message, either intentional or by accident, will be identified and handled in an appropriate manner.

• Encryption
  The Secure Socket Layer encrypts or "scrambles" the content we transmit into an unreadable format using complex mathematical equations, called algorithms before it travels across the Internet to your Web browser. This makes it difficult for unauthorized interceptors to understand. Encryption codes the information ensuring that only your Web browser and our Web server can decode it effectively.
  
  Your Web browser will display a closed padlock icon when data is encrypted. An open lock or no image is displayed during an unencrypted session.

Firewall

Our systems are protected by firewalls that are a combination of the latest in computer hardware and software to separate the Internet from Pacific Blue Cross Web servers and computer systems. The purpose of a firewall is to prevent unauthorized access and malicious attacks to customer information and business systems. By using a firewall, Pacific Blue Cross is ensuring your information is always protected.

Timed Sign outs

Our Web services are time sensitive in that an online session will be terminated after a certain period of inactivity. This is a security measure to help prevent unauthorized access to our systems if an individual leaves their computer unattended for an extended period of time while connected to our website.

Mobile Applications

Pacific Blue Cross’ mobile applications do store personal information on your device, such as your travel insurance coverage, etc. This is to ensure its availability, even when you are unable to connect to a cellular network or internet. We limit the personal information stored to only that which is required for your applications.

To protect your privacy, please ensure that you know where your device is at all times. Enable mobile device wipe utilities, if available. Please ensure that your device is encrypted, and has a strong password. Do not use a simple passcode, such as a repeating number, sequence of numbers, or a code that spells a common word (such as 5683 – LOVE).

On your iPhone or iPad, you can:

• Enable mobile wipe by going to Settings, iCloud, and ensuring that the Find My iPhone setting is on. Once this is enabled, you can log in to your iCloud account on a PC to locate, lock or remotely wipe your device.
• Enable a passcode by going to Settings, General, and selecting Passcode Lock. You can enable a stronger passcode by turning off the Simple Passcode slider at the same time.

On your Android* phone you can:

• Enable a passcode by selecting Settings, Location & Security (or Security), and select Screen Lock to create a password
• Enable device encryption by selecting Settings, Location & Security (or Security), and select Encrypt Phone (or tablet)
• Enable mobile wipe by installing and configuring the Google Apps Device Policy application.

*accessing Android settings will vary by device and operating system

What you can do to keep your information secure

These are some easy steps you can take to keep your information secure:

• Memorize your user ID or group and ID numbers and your password rather than keeping the e-mail we send or a printed hard copy. If you must keep a hard or soft copy, separate the information and keep it secure locations.
• Do not share your user ID, group and ID numbers or password with anyone else.
• Do not leave your computer unattended while your Web browser is still running.
• Empty your disk cache at the end of your Web session. To do this, select the menu item that allows you to empty disk cache.
• Set your disk cache to 0.

All Web browsers have a default setting that caches their Web activity. This means your browser copies the information you see on-screen, like graphics and text files, to the memory and hard disk of your computer. Once loaded into your cache, the browser no longer has to download the information through the Internet, which makes revisiting a website or exploring a new website faster.

Other people who access your computer can access the disk cache and may be able to view the contents of your previous Web activity. You can set your disk cache to 0 to ensure nothing is stored on your hard disk. You won't be able to access previously viewed pages as quickly, but your security will be enhanced.