CBK's Commitment to Your Security: Your safety and security is very important to us.
Our network and data centers are protected by multiple layers of physical, procedural and technical controls. Our systems continuously monitor activity from unauthorized entry attempts.
When you sign up for online access, we ask you to create your own password, along with a logon ID, to access your accounts. This information is encrypted during transmission and will remain a secret as long as you do not disclose it.
Our system will automatically log you off from Online Banking and BillPay after a specified period of inactivity. This reduces the risk of others accessing information from your unattended computer. You may set the timeout period in online banking's User Options screen. We recommend that you always sign off (log out) when done banking online.
Secure communications with Strong Encryption
The privacy of communications between you (your browser) and our servers is ensured via encryption. Encryption scrambles messages exchanged between your computer / device and our online banking server.
How Encryption Works
- When visiting online banking's sign-on page, your browser establishes a secure session with our server.
- The secure session is established using a protocol called Secure Sockets Layer (SSL) Encryption. This protocol requires the exchange of what are called public and private keys.
- Keys are random numbers chosen for that session and are only known between your computer / device and our server. Once keys are exchanged, your browser will use the numbers to scramble (encrypt) the messages sent between your browser and our server.
- Both sides require the keys because they need to descramble (decrypt) messages received. The SSL protocol assures privacy, but also ensures no other website can "impersonate" your financial institution's website, nor alter information sent.
- To learn whether your browser is in secure mode, look for the secured lock symbol at the bottom of your browser window
All about Phishing and Spoofing
Fake emails (phishing) will often...
- Ask for personal information. They claim that your information has been compromised and ask you to confirm the authenticity of your transactions.
- Appear to be from a legitimate source. While some emails are easy to identity as fraudulent, others may appear to be from a legitimate address and trusted source. The name or address in the "From" field, can easily be altered.
- Contain fraudulent job offer, such as work-at-home positions.
- Contain prizes or gift certificate offers. In exchange for completing a survey or answering questions, some fake emails promise a prize or gift certificate. They require you to give personal information in order to obtain the prize.
- Links to counterfeit websites. Fake emails may direct you to counterfeit websites that closely resemble a legitimate site while they collect personal information for illegal use.
- Links to real websites. Some fake emails link to legitimate websites. This is done in an attempt to make a fake email appear real.
- Contain fraudulent phone numbers. Never call a number featured on an email you suspect is fraudulent; it can be tied to the fraudsters.
- Contain real phone numbers. Similar to linking to real websites, real phone numbers may be featured in a fake email in an effort to make the email appear legitimate.
What you need to do if you receive a phishing email.
If you receive an e-mail that looks like it is from Citizens Bank of Kentucky or another well-known company requesting financial information or any other personal or sensitive data, please take the following actions:
- Treat the e-mail with suspicion.
- Do not reply to the e-mail or respond by clicking on a link within the e-mail message.
- Do not download anything or open attachments.
- Report the suspicious e-mail to the FTC and forward the e-mail to email@example.com.
If you have already provided personal financial information via e-mail and feel your Citizens Bank of Kentucky accounts are in jeopardy, contact our bank as soon as possible to report the suspicious activity. You can reach an Account Information Center representative by calling 1-866-462-2265 (Bank) or via email: firstname.lastname@example.org.
Counterfeit websites (spoofing)
Online thieves often direct you to fraudulent websites via email and pop-up windows in an attempt to collect your personal information. In many cases there is no easy way to determine that you are on a phony website because the URL will contain the name of the institution-this is spoofing. If you type or copy/paste the URL into a new browser window and it does not take you to a legitimate website, or you get an error message, it was probably just a cover for the fake site.
What to do...
When logging into your account, look closely at your browser. The address in the location bar should start with "https"-for example, https://www.wercitizens.bank. You should also see a lock icon at the bottom of the browser. If you double-click the icon, it should display security information about Citizens Bank of Kentucky.
Protect Yourself Online
Be proactive when it comes to Online Security!
As your financial institution, we work hard to protect you from fraud. But you and your computer are the front line of defense. In just a few simple steps, you can help keep your computer-and your finances-safe.
1. Secure your passwords
A good password should:
- Not be based on personal information that can be easily guessed (your pet's name, birth date, etc.)
- Not be a word that can be found in any dictionary of any language.
- Contain 8 characters, at least 1 number, at least 1 uppercase letter, at least 1 lowercase letter, and password cannot contain leading or trailing blanks.
- Not be the same as any password you use for anything else.
- Always memorize your password and do not write it down. Citizens Bank of Kentucky will prompt changing your passwords every 90 days.
Citizens Bank of Kentucky will not ask for your online ID or password by telephone OR by email!
2. Secure your computer
There are certain precautions you should take to keep your computer safe from viruses and hackers.
- Keep your operating system and browser up to date.
- Use up-to-date anti-virus and anti-spyware software - and set them to update automatically.
- Use a personal firewall.
- Activate a pop-up blocker.
Keep in mind:
Security software that comes pre-installed on your computer typically works for just a few months unless you pay to extend its usage. Avoid buying software in response to unexpected pop-up messages or ads that claim to have scanned your computer and detected malware. That's a scare tactic scammers use to spread malware.
3. Be wary of spyware and malware
Spyware is software loaded on your computer without your knowledge. It collects personal information about you and your Internet browsing habits in order to launch pop-up ads or change the configuration of your computer. It can also access your usernames and passwords, slow down the functions of your computer and send information from your computer to a third party without your knowledge or permission.
Generally, spyware is downloaded to your computer from websites you visit, or comes along unannounced when you download a new program or feature. In some cases, the spyware is mentioned in the fine print of a user agreement you're asked to accept for downloading a program.
Clues that you may have spyware on your computer:
- You experience a number of pop-up ads when browsing the Internet
- Your Internet browser takes you to sites you're not attempting to visit
- You experience a sudden and/or repeated change to your Internet homepage
- New toolbars or icons appear
- You experience error messages that seem random, and/or your computer's performance drastically slows down
Check your system regularly for spyware. Several third party vendors provide anti-spyware applications you can download, some free of charge.
Malware is malicious, unwanted software or code that generally is transmitted online. It is often used to enter a computer system without conforming to standard authentication procedures.
Common forms of malware include:
- Adware - software that displays ads in an unexpected and often unwanted fashion
- Backdoor - software that is often installed through a vulnerability in the operating system or through an existing piece of malware
- Bot - A software application that performs automated, unwanted tasks online
- Computer worm - a program that self-replicates and spreads by exploiting vulnerabilities and bugs in operating systems and old applications
- Rootkit - One or more programs designed to hide the presence of other malware from users and anti-virus programs
- Trojan horse - A form of malware that seems to provide a positive function but actually gives criminals access to your computer
- Virus - A program that self-replicates without the user's knowledge or permission.
Clues that you may have malware on your computer:
- Advertising pop ups begin to appear every few seconds
- Extra toolbars appear in your browser and can't be removed
- Your Internet browser takes you to sites you're not attempting to visit
- Unexplained system slow down and/or sudden system crashes
Check your system regularly for malware. Several third party vendors provide anti-malware applications you can download, some free of charge.
4. Be smart online
Aside from securing you passwords and computer, the most important thing you can do is simply be careful - and use common sense - online.
Here are some good general rules to follow:
- Maintain current software and take advantage of updates
- Never share passwords or passphrases
- Do not click unknown links
- Beware of unknown email and attachments - if you don't know what it is or who it's from, don't open it
- Don't download unknown software off of the Internet
- Don't play along with hoaxes or chain mail
- Log out/lock your computer when you're not using it
- Remove unnecessary programs
- Restrict remote access to your system
- Frequently back up important files
- Treat sensitive data carefully
- Remove data securely
- Use encryption whenever possible
Identity Theft Tips
Identity theft is a crime. Victims can spend countless hours, days and months unraveling legal and financial problems. Everyone is at risk to be a victim. Your chances decrease by being proactive.
Secure and guard your personal information.
- Do not keep your Personal Identification Numbers (PINs) with your checkbook or check card.
- Shred all personal or financial information before throwing them away..
- Do not give out personal information over the phone, Internet or by mail unless you contacted the company.
- Be vigilante of when your bills arrive each month and review them promptly for unexplained activity.
- Take advantage of free e-Statements and e-Notices offered by our bank. Going paperless reduces the risk of ID theft.
- If possible, don't mail outgoing bill payments and checks from home. Use the post office or another secure location, or use Citizens Bank of Kentucky Online Bill Pay.
Guard and secure your financial information.
- Report lost or stolen checks, check (debit) and credit cards immediately. For debit cards call 1-866-462-2265. (After banking hours call 800-876-9119 for Mastercard or Visa cards. Call 1-800-264-4274, ext#233 for Visa debit card.) Store new and cancelled checks safely. Cut up unused credit cards.
- Review account statements carefully. If you sign up for Citizens Bank of Kentucky Online Banking, you can monitor your account frequently and at any time.
- Ask about any suspicious charges or transactions. Don't hesitate to contact Citizens Bank of Kentucky or the appropriate credit card issuer if you see something questionable.
- Do not have driver's license number or Social Security number printed on your checks.
Monitor your credit report.
- Review your credit report on a regular basis for suspicious inquiries, unexplained accounts, incorrect balances and typos. You are entitled to one free credit report per year from each major consumer reporting agency - Experian, Trans Union, and Equifax - under the federal Fair Credit Reporting Act. To order your free reports, go to www.annualcreditreport.com or call (877) 322-8228.
- You can ask the credit reporting agencies for fraud alert protection so you can monitor all requests for new accounts opened in your name.
- If you are not using a credit card, don't carry it with you.
- Limit the credit offers you receive by contacting the National Consumer Credit Reporting Agencies at 1-888-5-OPTOUT (1-888-567-8688.)
Talk with companies and government agencies.
- Ask banks, credit card companies, motor vehicle departments, utilities and insurance and phone providers to print as little information as possible on cards, invoices, etc.
- Ask companies and organizations about their privacy policies.
- Understand that by asking, you often have many avenues of information sharing blocked.
Be smart with your password.
- Choose passwords and PINs that are hard to guess by using alphanumeric and symbols.
- Avoid using your Social Security number, your mother's maiden name, birth dates, your kids' names or sports teams.
- Change passwords regularly
Don't use your Social Security number.
- You should not carry your Social Security card or number.
- Avoid printing it on checks.
- The only places you must use your Social Security number are government applications and financial forms, such as tax forms and credit applications.
- Be alert to phone and email scams.
- Do not give out personal information over the telephone unless you made contact.
- Be smart about email phishing scams. Emails can appear to be from a legitimate source, but really they are not. Make it a practice to never send personal information via email.
- Know that Citizens Bank of Kentucky will never make an unsolicited phone request for your account information, password or other sensitive data. We will not request confidential information via email.
- Commonly Used Scams
- Online auctions
- Online auctions may offer an extremely low price on an item, request cash or money order payments, or instruct the buyer to send funds to an escrow company.
- Advance fee scams
- The consumers are asked to pay a fee in advance to receiving a credit card, loan, or scholarship. In return, the scammer either disappears or forwards worthless junk.
- Bogus charity
- It's easy for scammers to set up bogus charities using email. These days e-mail messages and Web site links look very legitimate.
- Prizes that may cost you
- One of the most common scams is letters or e-mail messages telling consumers they've won something, even if you haven't entered a contest. Look out for requesting some other type of purchase, request cash, taxes, or handling fees, or require a lot of personal information before you can receive the prize.
Security tips for Online and Mobile Banking
1st- Computer, Laptop, Phone and other Mobile Devices need protection
- Use an anti-virus and anti-spyware software, update frequently.
- Update your computer's operating system when available.
- Use the most recent version of your web browser software.
- Use caution when installing applications/programs.
- Contact the bank (1-866-462-2265) and/or cell phone provider immediately if you use your laptop, phone or other mobile devices to conduct mobile banking, and your device for banking.
- Do not leave your laptop, phone or other mobile devices logged on and/or unattended when in public.
- When not in use, passwords protects and/or locks your laptop, phone or other mobile devices when not in use.
- Do not save financial or personal information on your laptop, phone, or mobile device.
2nd-Secure Personal Information
- When creating passwords, they should contain upper and lower case letters and numbers.
- On no account ever share your passwords.
- Delete an email immediately if you do not know the sender
- Do not open email or click on links or attachments, especially those where the file ends in ".exe".
- Do not include personal or sensitive data in, or in response to, an email.
- Watch the activity on your account for any unusual activity. Citizens Bank Online Banking is a way to monitor account balances, 24/7.
- Always log out of your online and/or mobile banking sessions when you are finished.
- Do not store financial or personal information on your laptop, phone, or mobile device.
3rd- Be Cautious when Browsing the Web
- Allow pop-ups from sites that you authorize.
- Do not give out personal information to blogs, forums and other social networking sites.
- Only make online purchases using secure sites that encrypt your information. To determine if a site encrypts your information look for the locked padlock icon in the browser and "https:" in the address line.
- Never access a website from a link in a suspicious email.
- Access online banking sites by typing the address directly into the browser's address bar.
Privacy Information and Policy
Citizens Bank of Kentucky takes consumer privacy seriously. We will take every precaution to protect your privacy. Citizens National will not share your information with other companies.
The privacy of communications between you (your computer / device) and our servers is ensured via encryption. Encryption scrambles messages exchanged between your browser and our online banking server.