|
Merck-Medco Managed Care has gone to great lengths to protect the privacy and security of our Internet offerings. Our Internet infrastructure has been secured using the latest advances in commercially available security products. The design and physical implementation has been reviewed and approved by third party security experts. In addition, our infrastructure is continually monitored 24 hours a day, seven days a week for operational integrity.
MMMC addresses security across the entire transaction process - within our internal technology infrastructure, traveling across the Internet, and on your personal computer.
1. Firewall
The Merck-Medco Managed Care OnlineTM (MMMC Online) infrastructure system is secured using the most advanced products commercially available. Our internal technology infrastructure is safeguarded from intruders by multiple firewall systems. Firewalls protect our technology infrastructure by only allowing authorized traffic to be accepted from the Internet.
2. Monitoring
Merck-Medco's Internet security team monitors our systems twenty-four hours a day seven days a week.
Confidential information such as member numbers and prescription numbers is scrambled using the strongest forms of encryption commercially available for use over the World Wide Web. In fact, Merck-Medco is one of the first companies to require the use of Domestic-Grade encryption for sensitive transactions such as Refills over the Internet.
1. Browsers
MMMC requires the use of browsers with Domestic-Grade Encryption for sensitive transactions such as Refills.
2. Privacy
To help protect your privacy, full member names and drug names are not transmitted over MMMC Online. In addition MMMC Online does not display the member's complete mailing address. Instead, when a member orders a mail service prescription refill, MMMC Online allows the member to confirm that the prescription will be sent to the correct mailing address by showing only the street address and not the full address to which the prescription will be sent. You will not be permitted to change your mailing address on-line. When it comes to credit cards, only the last four digits are transmitted. In addition, our software instructs your browser not to store or record any information locally on your hard drive. This reduces the risk of any unauthorized viewing of private information on your personal computer.
MMMC makes every attempt to support the widest variety of industry standard browsers. We constantly review which browsers are used to access our site, and develop our site accordingly. The primary driver for browser support is security.
The following browsers are currently supported by MMMC:
| Browser Type |
Version |
Envelopes
Order Status |
Refills |
Netscape Communicator/
Navigator 2.02, 3.04 |
International (40bit) |
YES |
NO |
Netscape Communicator/
Navigator 4.04 or later |
International (40bit) |
YES |
YES |
Netscape Communicator/
Navigator 2.02, 3.04, 4.04 or later |
Domestic (128bit) |
YES |
YES |
|
| Microsoft Internet Explorer 3.01, 3.02 |
International (40bit) |
YES |
NO |
| Microsoft Internet Explorer 4.0 |
International (40bit) |
YES |
YES |
| Microsoft Internet Explorer 3.01, 3.02, 4.0 or later |
Domestic (128bit) |
YES |
YES |
|
| America Online 3.0 or later |
International (40bit) |
YES |
NO |
| America Online 3.0 or later and Microsoft Internet Explorer 4.0 or later (128-bit encryption) |
Domestic (128bit) |
YES |
YES |
|
| WebTV ** |
Domestic (128bit) |
YES |
YES |
** Web TV's reduced resolution capability will require more scrolling than other browsers.
MMMC has developed an Internet application that will allow you to test your browser online. It will provide information about the version, capabilities, and security features of your browser. We will also provide you with a list of functions which can, and sometimes, can't be performed based on the browser you have. If your browser does not meet our standards, we will direct you to the appropriate vendor site to upgrade your browser.
1. What is encryption?
Encryption is the process of converting meaningful information into a numeric code that is only understood by the intended recipient of the information.
2. How does encryption work?
Everything that travels over the Internet during your online session, from your member number to the prescription number you enter for a Refill, becomes a string of unrecognizable numbers before entering the Internet. MMMC computers and your browser understand the mathematical formulas that turn the information into numeric code and back again to meaningful information.
3. What's the difference between Domestic-Grade encryption and International-Grade encryption?
The difference between these two types of encryption is one of strength. International-Grade, also called 40-bit encryption, uses billions of possible keys to secure your account information. Domestic-Grade, also called 128-bit encryption, uses thousands of times more key combinations than International-Grade encryption.
4. What Type of encryption does MMMC require?
International-Grade encryption is sufficient for all applications except Internet Refills. Refills requires Domestic-Grade encryption (128bit).
5. How do I know if my Internet session is encrypted?
Your data being sent across the Internet is encrypted when the key or lock (see below) appears in the lower left corner of your screen in Netscape's Navigator, and when the lock (see below) appears in Microsoft's Explorer. If you're using a version of Netscape Navigator with Domestic-Grade encryption running, a two-prong key (see below) will appear in the lower left corner of your screen. When not in a secure session, Netscape's key appears broken or the lock appears open, and Microsoft's is not shown. On WebTV, you need to press the "INFO" button on the keyboard (select the "Options" button and then select "INFO" on the small remote). If a "Security Details" button is displayed, the page is secure. Select this button for more information.
| Browser Type |
Version |
Icon |
| Netscape Navigator 2.02, 3.04 |
No encryption |
 |
| International (40bit) |
 |
| Domestic (128bit) |
 |
| Netscape Communicator 4.04 or later |
No encryption |
 |
International (40bit)
Domestic (128bit) |
 |
| Microsoft Internet Explorer 3.01,3.02, 4.0 or later |
No encryption |
None |
International (40bit)
Domestic (128bit) |
 |
| WebTV |
Domestic (128bit) |
Info Button |
6. When I am refilling online through www.fepblue.org, I see that the lock in the lower lefthand corner appears in the unlocked position. I know that the refill transaction is a secure transaction, but how can I check to be certain?
The reason that you see the lock in the open position is because the FEP site places the actual refill transaction screen within a frame. Rest assured, the refill application is still encrypted and is secure. The frame which holds this application is not considered secure, however, the frame plays no part in the completion of your transaction.
Frames are commonly used by web site designers to segment the content of different HTML pages and present them in a single cohesive manner. Often times, when you launch your browser you are opening a window that can contain contents of a single HTML file or a set of frames.
To check the encryption level of a window that is made up of multiple frames, you will need to follow the steps outlined below:
- For Netscape Navigator for Windows: Move the mouse cursor over the frame that you are testing. Right click on your mouse and select "View Frame Info." This will bring up a window containing security information about the page.
- For Netscape Navigator for Macintosh: Move the mouse cursor over the frame that you are testing. Click and hold the mouse button and select, "View Frame Info." This will bring up a window that will contain security information about the page.
The above steps can be executed over each unique frame in the window.
In both Windows and Macintosh version of Netscape, if the browser and server have negotiated a secure channel at 128-bit encryption you will see the following message in the information window:
Security: This is a secure document that uses a high-grade encryption key for U.S. domestic use only (RC4, 128 bit).
- For Microsoft Internet Explorer for Windows: Right click over the frame you are testing. Select the Property Option. Then select the certificates button. Review the encryption type field and the details should specify "RC4 with 128-bit encryption (High)."
NOTE: If the page does not contain any frames., then when you right click in Windows or click and hold in Macintosh on the page you will only see "View info"and not "View Frame Info."
What makes one browser more secure than another?
Security is based on the level of encryption supported by the browser. Browsers that include support for Domestic-Grade encryption provide a greater level of security than those that offer only International-Grade encryption.
What type of encryption does MMMC require?
To access the online Refill application Merck-Medco requires Domestic-Grade encryption (128 bit). This is necessary due to the fact that prescription numbers are being transmitted over the Internet and the transaction results in drugs being shipped to your home. International-Grade encryption is sufficient for all other Member Service transactions. Merck-Medco has provided the tools for you to determine if your browser is secure enough.
How can I maximize the security of my browser?
Your account information may remain in your browser's memory long after leaving the MMMC web site. In order to eliminate the risk of someone viewing this information, we recommend you close your Web browser or clear your browser memory cache when you are finished using our Member Services Applications. See your browser's online help for more information.
When I am refilling online through www.fepblue.org, I see that the lock in the lower lefthand corner appears in the unlocked position. I know that the refill transaction is a secure transaction, but how can I check to be certain?
The reason that you see the lock in the open position is because the FEP site places the actual refill transaction screen within a frame. Rest assured, the refill application is still encrypted and is secure. The frame which holds this application is not considered secure, however, the frame plays no part in the completion of your transaction.
Frames are commonly used by web site designers to segment the content of different HTML pages and present them in a single cohesive manner. Often times, when you launch your browser you are opening a window that can contain contents of a single HTML file or a set of frames.
To check the encryption level of a window that is made up of multiple frames, you will need to follow the steps outlined below:
- For Netscape Navigator for Windows: Move the mouse cursor over the frame that you are testing. Right click on your mouse and select "View Frame Info." This will bring up a window containing security information about the page.
- For Netscape Navigator for Macintosh: Move the mouse cursor over the frame that you are testing. Click and hold the mouse button and select, "View Frame Info." This will bring up a window that will contain security information about the page.
The above steps can be executed over each unique frame in the window.
In both Windows and Macintosh version of Netscape, if the browser and server have negotiated a secure channel at 128-bit encryption you will see the following message in the information window:
Security: This is a secure document that uses a high-grade encryption key for U.S. domestic use only (RC4, 128 bit).
- For Microsoft Internet Explorer for Windows: Right click over the frame you are testing. Select the Property Option. Then select the certificates button. Review the encryption type field and the details should specify "RC4 with 128-bit encryption (High)."
NOTE: If the page does not contain any frames., then when you right click in Windows or click and hold in Macintosh on the page you will only see "View info"and not "View Frame Info."
[Prescription Refill]
[Order Status]
[Envelopes]
© Copyright 1999 Merck-Medco Managed Care, L.L.C. All
Rights Reserved. | 
