What is Direct+?
Direct+ is the Federal Home Loan Bank of Boston's secure
online account-information and transaction service.
What information and services are available
Direct+ is a rapidly evolving service. Currently, you
can use it to:
- View details on all prior-day transactions and balances.
- Search credit and debit transactions.
- Choose from a variety of printable special reports.
- Calculate your available borrowing capacity based on the previous business day's actual data for capital stock, pledged collateral, outstanding advances, and Mortgage Partnership Finance deliveries.
- Perform online book transfers during regular transaction
- Initiate advances during regular transaction hours.
- Perform safekeeping transactions and transfers up to 90 days before the settlement date.
How do I access Direct+?
Members that have signed up for Direct+ can log
in through the Member Center area of this site or by
"Log In" at the top right of each
page. Members that are not already using Direct+ can sign
up in the Member Center.
How do I create a username and password?
Once you sign
up for Direct+, you will be issued a username and
password. You will then have the opportunity to change your
What documentation is required to use
Services Agreement , Corporate
Resolution , and all applicable "delegations"
are required to sign up for Direct+. The services
available (such as account information and safekeeping)
are included in each delegation that
needs to be completed and signed by authorized staff at your
institution. You must return the delegation, which identifies
who is authorized to perform transactions, to the Bank before
you can use a particular service.
I am having problems logging on.
Is there online help?
No: Call 1-800-357-3452 (option 3) for customer service.
How do I set up a new user on
The only way to add an additional authorized user is to complete
a new delegation (see below) for that service.
Which delegation must I submit to
gain access to each of the services available through
Delegation (Exhibit B) for information reporting and book
Delegation (Exhibit D) for safekeeping transactions
The delegations can be found in the Member Resource Center under Forms and Applications or on our Products & Services page, under Related Links, Forms and Applications.
I feel uncomfortable transacting business online. How do I know that banking online through Direct+ is safe?
The Bank recognizes the importance of the integrity and confidentiality of member information. Accordingly, the Bank has implemented numerous security measures to protect the privacy of its members, including the use of firewalls, data encryption, and information-security policies and procedures that restrict employee access to members' transaction data. No representation is made, however, regarding the unconditional security of such submissions.
How do I know my transaction cannot be viewed or changed by someone else?
The Bank's data systems are protected by internal and external firewalls that both shield its network from the public Internet as well as limit Bank employees' access to sensitive systems and data. All network traffic must first pass though these firewalls. Only certain types of data transmissions are allowed through the Bank's firewalls, and only legitimate online-banking transmissions will be recognized.
In addition, Direct+ employs data encryption, which is the process of translating data into undecipherable code and then back into meaningful information. All communication between your computer and the Bank via Direct+ is scrambled with the highest level of encryption available for today's popular browsers. To that end, the Bank requires the use of 128-bit SSL (secure sockets layer) protocol. SSL does three things:
- It verifies that the server you connect to is the one it purports to be, proving that you are actually communicating with the Bank and not a third party trying to intercept the transaction.
- It creates a secure communication channel by encrypting all communication between the user and the server.
- Finally, SSL conducts a cryptographic word count to ensure data integrity between the server and the user. This word count, or checksum, provides a count of the number of bytes in a document and ensures the exact number of bytes is transmitted and received.
With SSL, even this checksum is encrypted and cannot be modified, ensuring that the communication between the Bank and its members cannot be translated by anyone without the correct encryption key and certificate. Technically, this means that each time you log into Direct+, your computer is assigned a key composed of 128 ones and zeroes. All messages from your computer to our network are then encrypted using this key, and can only be decoded using the Bank's equivalent 128-digit key. It is important to note that each time you log into Direct+, your computer is assigned a different key. Therefore, anyone attempting to intercept and decode your transmission would have to start over from scratch every time you log into Direct+.
For more complex transactions the Bank will require the use of a two-factor authentication approach using both a password ("something you know") and a physical token ("something you have"). The token is a physical device that provides a password that changes every 60 seconds. Possession of this card and the short life span of the password required to authenticate to Direct+ for complex transactions combined with a valid user account and password create several layers of security to reduce the risk of unauthorized account activity.
How can I tell if my connection is secure?
The padlock (or key icon) on your browser, which is used to indicate a secure connection, should appear locked (or connected) after you have successfully logged into Direct+. This icon may not appear locked on screens that you did not use to log on or on other areas of the Bank's Web site. However, any screen that displays or requests information about your account, username, password, application, or other sensitive information is encrypted.
To be safe, always check that you have typed the correct Web address, or URL, before entering your logon credentials. One common technique used by thieves is to create a Web site that has a layout and URL similar to that of a legitimate business — but with a slightly different Web address. Their intent is to fool you into submitting your logon ID and password. Always confirm that you have reached your intended Web destination before submitting your logon ID and password.
What happens if I lose my password?
Please contact customer support, at 1-800-358-9709, to reset your password. An email will be sent to you with your new password.
Can I share my password with another employee at my organization?
No: It is important that you never share your password with anyone. The Bank is not responsible for fraudulent activity conducted on Direct+ with a compromised user account. Given this, here are some important points to remember:
- Never give your password to anyone. The Bank's staffwill never ask for your password.
- Try to use a password that is easy for you to remember but difficult for others to guess. Avoid using names (including the name of your child, spouse, or pet), initials, or dates (such as your birthday).
- Do not keep your password on a Post-It note stuck to your computer or elsewhere in plain sight.
- Log out of Direct+ when you are not using it. If you leave your computer unattended or forget to log out, the system will automatically end your online banking session after several minutes of inactivity.
If you feel your account or password has been compromised, call customer support immediately, at 1-800-357-3452 (option 3). Do not report a compromised account or password via email.