OpenSSL "Heartbleed" Bug Update

You may have seen recent media reports about the OpenSSL “Heartbleed” bug. Commerce Bank can confirm that our online banking applications are not susceptible to this vulnerability. Commerce Bank takes the security of our customers’ accounts very seriously and as a matter of practice, we protect our customers’ data with a layered security approach which allows us to detect and respond quickly to potential threats to our system.

While Commerce Bank’s online banking applications were not vulnerable to “Heartbleed”, as a best practice, if you reuse your Commerce online banking password to log into non-Commerce sites, then we recommend you change your password within the Commerce online banking system. As a best practice we recommend our customers use unique passwords for each site they visit.

Here are some tips in constructing a strong password:

  • Minimum length of 8 characters
  • Contains both upper- and lower-case letters
  • Includes one or more numbers
  • Includes special characters such as @ : ? ! ( ) $ \ /
  • Does not contain the same letter or number repeated 3 or more times consecutively, for example, AAA or 111
  • Is not the same as your Customer ID
  • Change your password every 60-90 days.

For additional best practices please visit our Security Center.


  • To send an email that contains confidential information, please visit the Secure Message Center where there are additional instructions about whether to use Secure Email or Online Banking messaging.