Privacy and Security Statement

COMMERCEFIRST BANK
1804 WEST STREET, P.O. BOX 2249
ANNAPOLIS, MD 21404-2249
PHONE: (410) 280-6695
FAX: (410) 280-8565

Confidentiality and Security of Nonpublic Personal Information

We restrict access to nonpublic personal information about you to those employees who need to know that information to provide products or services to you. We maintain physical, electronic, and procedural safeguards that comply with federal standards to guard your nonpublic personal information.

Nonpublic Personal Information We Collect

We collect nonpublic personal information about you from the following sources:

• Information we receive from you on applications or other forms
• Information about your transactions with us, our affiliates, or others
• Information we receive from a consumer reporting agency

Nonpublic Personal Information We Disclose

We do not disclose nor do we reserve the right to disclose, any nonpublic information about our customers or former customers to anyone, except to other nonaffiliated third parties as permitted by law.

Notify Us of Inaccurate Information We Report to Consumer Reporting Agencies

Please notify us if we report any inaccurate information about your account(s) to a consumer-reporting agency. Your written notice describing the specific inaccuracy (ies) should be sent to us at the following address:

CommerceFirst Bank
P.O. Box 2249,
1804 West Street
Annapolis, MD 21404-2249

Protection of Information via Established Security Procedures

We are committed to the security of our customers' financial and personal information. All of our operational and data processing systems are in secure environments that protect our customer's account information from being accessed by unauthorized third parties. We safeguard information according to established security standards and procedures, and we continually assess new technology for protecting information.

We maintain and grant access to customer information only in accordance with our internal security standards. Our employees are trained to understand and comply with these information principles.

The latest in Internet Security and User Authentication is employed so that data being transmitted through the Internet Banking System is secure from unauthorized access. By providing the latest technology with authenticated access to the web server, your Internet Banking transactions are secure. The following outlines the methods in place to secure your privacy.

Digital IDs from Verisign: The IBS system uses digital IDs certified by Verisign, an industry leader in digital identification certificates, to authenticate user information and provide access to the data through the system. Digital IDs work off of a matched key setup where the server has a "private" key issued only to the server and a "public" key widely distributed to the bank's customers. A digital ID requires a matched pair of keys that are unique to each other to encrypt and decrypt data. With this setup, transactions created, encrypted, and transmitted by bank customers using the public key can only be decrypted by the other key in the pair running on the server.

The Internet Banking System combines with digital ID authentication through Verisign allow the server to implement Secure Sockets Layer (SSL) protocol, the standard technology for secure web-based communications. With SSL, data traveling between the Bank and customer is encrypted and can only be decrypted through the pairing of the public and private key pair. SSL capability is built into the server hardware and browsers, but requires a digital ID to be functional.

Server Access: Server access is protected using a firewall computer and the leading firewall software. Firewall computers provide secure access to the Web Server and its software by only allowing authorized traffic to hit the Server.