Cookie policy

What are Cookies

As is common practice with almost all modern websites this site uses cookies, which are tiny files that are downloaded to your computer to improve your experience. This page describes what information they gather, how we use that information and why we sometimes need to store these cookies.

For more general information on cookies see the Wikipedia article on HTTP Cookies...

Disabling Cookies

Unfortunately in most cases there are no industry standard options for disabling cookies without completely disabling the functionality and features they add to this site.

You can prevent the setting of cookies by adjusting the settings on your browser (see your browser Help for how to do this). As disabling cookies will usually result in also disabling certain functionality and features of this site, it is recommended that you leave on all cookies. If you are not sure whether you need them it is safer to leave them on, in case they are used to provide a service that you use.

The Cookies we use

These cookies are used by the website:

__RequestVerificationToken: this is an anti-forgery token (preventing CSRF attacks). It guarantees that the poster is the one who gets the form.

ASP.NET_SessionId: a session state user is identified by a session ID. We can use this data to process requests from the user for which the session state was instantiated.

UMB_UPDCHK: Umbraco cookie that just stores on-identifiable config info.

 XSRF-TOKEN/XSRF-V: cross-site request forgery.

Authentication: cookie authenticates user for directors area.

 

The following are cookies used by the online banking platform located at https://secure.nhscreditunion.com/login.asp.

 

Cookie

Used for

 

TIMEZONE_DIFF and TIMEZONE_POST_DIFF

The TIMEZONE_DIFF and TIMEZONE_POST_DIFF ensures that when a member is in a different time zone to the server, date related transactions are synchronised. These cookies are session related, and are deleted whenever the browser is closed

 

XSRF-TOKEN

The XSRF-TOKEN provides protection from Cross-site request forgery (CSRF) attacks. This cookie is session related, and is deleted whenever the browser is closed

 

arcotid

The arcotid is used as part of the authentication process for Digital Banking to ensure a secure and smooth end user experience. The use of the arcotid ensures that the member’s password is never transmitted over the internet, enhancing the security of the authentication process. Instead the member’s password is used to gain access to a ‘key’ contained within the arcotid. When a member chooses to ‘trust the device’ that they are on, the arcotid is persisted in the member’s browser. Otherwise this cookie is only persisted for the session and is deleted whenever the browser is close

 

deviceid

The deviceid is an authentication cookie that is used to uniquely tag the device and ultimately associate devices with the member. This allows an additional level of risk based security to the authentication process. The cookie value is an encrypted string stored on the end user’s machine.

     


Third Party Cookies

In some special cases we also use cookies provided by trusted third parties. The following section details which third party cookies you might encounter through this site.

Google Analytics which is one of the most widespread and trusted analytics solutions on the web for helping us to understand how you use the site and discover ways that we can improve your experience.

These cookies may track things such as how long you spend on the site and the pages that you visit so we can continue to produce engaging content.

For more information on Google Analytics cookies, see the official Google Analytics page.

More Information

If there is something that you aren't sure whether you need or not it's usually safer to leave cookies enabled in case it does interact with one of the features you use on our site. However if you are still looking for more information then you can contact us by email: admin@nhscreditunion.com