Security

Education

Id theft

While Citizens Bank of Kentucky works to protect your banking privacy, you also play an important role in protecting your information. Here are a few steps you can take to protect your identity:


Protect Yourself

Tips
  • Add your phone numbers to the national Do Not Call Registry at donotcall.gov or by calling 1-888-382-1222. Since February 2008, these registered telephone numbers will no longer expire off the list.
  • Examine your credit card and financial institution statements immediately upon receipt to determine whether there were any unauthorized transactions. Report any that you find immediately to the financial institution.
Quarterly
  • Place a fraud alert every 90 days on your credit file at fraudalerts.equifax.com or by calling 1-800-525-6285. By placing a fraud alert with Equifax, you will automatically have alerts placed at Experian and TransUnion.
Annually
  • Each year, you are entitled to one free credit report through annualcreditreport.com or by calling 1-877-322-8228.
  • Request a copy of your Social Security statements at www.ssa.gov/mystatement to be sure that no one else is using your social security number for employment.
Every 5 Years

Please read the other sections to learn about the different types of fraud and how to prevent them, from spyware and other computer fraud to mail and phone fraud to email phishing and web spoofing. Our Fraud Summary page provides more tips on how to protect yourself.

Contact us immediately at (866) 462-BANK (2265) if you notice any suspicious or unusual activity related to any of your Citizens Bank of Kentucky accounts.


Fraud Summary

Identity Theft is the most popular and profitable form of consumer fraud. It occurs when someone uses your personal information such as your name, Social Security number, credit card number or other identifying information, without your permission to commit fraud or other crimes.

Common ways identity theft can happen:

“Old Fashioned” Stealing
  • Thieves typically steal wallets and purses. They also steal mail such as credit card and bank statements, pre-approved credit card offers, check orders and other financial mail.
Dumpster Diving
  • Thieves dig through trash looking for bills, financial or other personal information.
Change of Address
  • Thieves modify or redirect your billing statements to another address by completing a “change of address” form.
Phishing
  • Thieves may send unsolicited Emails, pretending to be a financial institution or a company, asking you to click a link to update or confirm your personal or login information. The link is directed to a “spoof” website designed to look like a legitimate site.
Skimming
  • Thieves may use a card reader device to copy the card’s magnetic strip to duplicate without the card owner’s knowledge.
Monitor your accounts

Keep track of transactions on your accounts by logging in to Citizens Bank of Kentucky’s Online Banking, where you can view your activity as it is posted.

Protect your personal information
  • Do not carry your Social Security card in your wallet.
  • Do not have personal information such as your Social Security number and driver’s license number printed on your checks.
  • Keep your new and cancelled checks in a safe place.
  • Do not leave your purse, wallet, checkbook, or any other forms of identification in your car.
  • Shred or tear up any documents containing banking or credit information, especially pre-approved credit offers, before you throw them away. To opt out of pre-approved credit card offers, call 1-888-567-8688.
  • Keep your PINs and passwords a secret. Do not write them down or share them with anyone.

Contact us immediately at (866) 462-BANK (2265) if you notice any suspicious or unusual activity related to any of your Citizens Bank of Kentucky accounts.


Computer Security

Citizens Bank of Kentucky continually makes investments in state-of-the-art online banking security to ensure we protect the confidentiality of every customer’s online information and to provide the utmost security of every user.

Computer protection tips:
  • Update your computer operating system on a regular basis.
  • Keep your browser current with the latest security updates.
  • Use updated anti-virus software.
  • Use updated anti-spyware software and consider using more than one, to ensure the most thorough scan.
  • Change your passwords on a regular basis, as a good practice to help prevent unauthorized access.
  • Download free software only from websites you know and trust.
  • Do not install software without knowing exactly what it is or what it will do (read the end-user license agreement).
  • Close pop-up ads by clicking on the “X” instead of clicking within the advertisement itself.
  • Review your browser security settings and set them to a high enough level to help detect unauthorized downloads. (Click your browser’s “Help” menu for steps).
  • Do not click link inside of spam email. Especially emails claiming to offer anti-spyware software.
  • Install a personal firewall on your computer. A firewall works like a filter that prevents access to information on your computer.
  • Don’t give any of your personal information to any web sites that do not use encryption or other secure methods to protect it.

Mail and Phone

We recommend you learn ways to protect yourself from common fraud schemes.

Vishing

Vishing scams target consumers by “spoofing” text or voicemail messages that ask you to call a phone number and give your personal information. Here’s how it works:

  • You receive a “spoof” email or text message about suspicious account activity.
  • The text or voicemail message will ask you to call a “customer service” number.
  • When you call the customer service number, a recording will ask you to provide personal information such as account numbers, passwords, a social security number, or other critical information.
  • The recording may not mention the company’s name and could potentially be an indication the call is being used for fraud.
  • You can also receive a phone call.
  • The call could be a “live” person or a recorded message.
  • The caller may already have your personal information, which may seem as if the call is legitimate.
Smishing

Smishing is when consumers’ cell phones and other mobile devices are targeted with mobile spam. The spam, or text messages, attempt to trick consumers into providing personal information. Here’s how it works:

  • You receive a fake text message, which may include a fraudulent link, asking you to register for an online service.
  • The scammer attempts to load a virus onto your cell phone or mobile device.
  • The scammer may also send a message ‘warning’ you that your account will be charged unless you cancel your supposed online order.
  • When you attempt to log on to the website, the scammer extracts your credit card number and other personal information.
  • In turn, your information is used to duplicate credit, debit and ATM cards.
  • Scammers may also send you a text message again ‘warning’ you that your bank account has been closed due to suspicious activity.
  • The text message will ask you to call a ‘customer service’ number to reactivate your account.
  • When you call the number, you are taken to an automated voice mail box that prompts you to key in your credit card, debit card or ATM card number, expiration date and PIN to verify your information.
  • Again, your information is used to duplicate credit, debit and ATM cards.
Lottery/Sweepstakes Scams

Lottery/Sweepstakes scams target consumers by a notification, which arrives through the mail, by email, or by an unsolicited telephone call. Here’s how it works:

  • The notification advises you have won a prize, but you did not enter in any type of lottery or sweepstake by the promoter contacting you.
  • The promoter will ask you to send payment to cover the cost of redeeming the prize when the prize does not exist.
  • In this type of scam, you may rarely if ever receive any winnings in return.
Check Overpayment Scams

Check Overpayment scams target consumers who sell items through an online auction site or a classified ad. Here’s how it works:

  • The seller takes a big loss when the ‘buyer’ passes a counterfeit cashier’s check, money order, corporate or personal check as payment.
  • The counterfeit check is written for more than the agreed price.
  • The ‘buyer’ will ask the consumer to wire back the difference after the check has been deposited.
  • The check will more than likely bounce and the consumer becomes liable for the entire amount.
Tips for the mailbox

Check Overpayment scams target consumers who sell items through an online auction site or a classified ad. Here’s how it works:

  • Deposit outgoing mail at the Post Office.
  • Remove incoming mail from your personal mailbox as soon as possible, or use a P.O. Box or locked, secure mailbox.
  • Request a mail hold from the United States Postal Service or call them at 1-800-275-8777 if you plan to be away from home for an extended period.
  • Know your billing cycles. If bills are late or missing, contact your creditors.
  • Watch for your new or replacement Checkcard from us. You should receive it within five business days.
  • Switch to a more secure way of receiving your account statement. When you sign up for Citizens Bank of Kentucky Online E-Statements, your statement will no longer sit in your mailbox. Instead, we will send you an email when your statement is available through your secure Online Banking account.
Tips for the phone
  • Do not give out personal information, such as your account numbers, card numbers, Social Security, tax identification numbers, passwords, or PINs, unless you have initiated the call.
  • We will not make an unsolicited call requesting your personal information.
  • If you ever believe you are not talking to a representative of a legitimate company, hang up and call the phone number listed in the telephone book.

Contact us immediately at (866) 462-BANK (2265) if you notice any suspicious or unusual activity related to any of your Citizens Bank of Kentucky accounts


Phishing and Spoofing

Phishing

Phishing scams target consumers by “spoofing” text or voicemail messages that ask you to call a phone number and give your personal information. Here’s how it works:

  • You receive an email message , asking you to click on a link in order to update some sensitive personal information.
  • The link will redirect you to a “spoofed” website, which is designed to look like a legitimate website.
  • The website will ask you to input personal information such as your account numbers, PINs , or a social security number.
Avoid spoofed websites

To protect yourself from going to a spoofed website, always type: “www.wercitizens.bank” into your browser when you login to your Citizens Bank of Kentucky Online Banking Account, instead of clicking a link in an email.

email protection tips
  • Do not click links in Emails to log in, or to update or confirm your sensitive information
  • Do not fill out forms in Emails
  • Be cautious about opening attachments or downloading files, regardless of who sent them
  • ‘Spam’, or mass email messages, often contain links to phishing websites and other unsavory websites.
  • Many phishing scams originate outside of the United states. Be wary of emails from people or sources you don’t know or trust.
  • Poor grammar and misspelled words from unknown sources asking you for personal information are clear warning signs of a phishing scam being operated outside of the United States.
  • Legitimate companies or organizations will never ask you to divulge any personal information over email.
  • Phishing emails may also be fake contests or offerings, asking you to input personal information.
  • If an offer or email you receive is too good to be true, it most likely is.
Bank Error Messages

One of the newest schemes by fraudsters involves spoofing bank error messages. Here’s how it works:

  • Fraudsters will send you an email message about a data or site maintenance error at Citizens Bank of Kentucky or any of your banks.
  • The email will ask you to click on a link, which will redirect you to a site and will install malware on your computer.
  • This malware allows scammers to intercept your password and bypass the dual authentication system many financial institutions use.
  • The next time you attempt to log in to your online banking service, scammers attempt to steal your password and may quickly drain your account.
Emails from Citizens Bank of Kentucky

For your protection, we will not send you an email to update or confirm your sensitive information by clicking a link or replying.

Emails to Citizens Bank of Kentucky

Please do not send personal information in this un-secure email. Secure email may be sent from the Secure Feedback form from within our Online Banking’s Support Tab.

Contact us immediately at (866) 462-BANK (2265) if you notice any suspicious or unusual activity related to any of your Citizens Bank of Kentucky accounts.

Security and Privacy

CBK’s Commitment to your security: your safety and security is very important to us.

Our Environment

Our network and data centers are protected by multiple layers of physical, procedural and technical controls. Our systems continuously monitor activity from unauthorized entry attempts.

User Password

When you sign up for online access, we ask you to create your own password, along with a logon ID, to access your accounts. This information is encrypted during transmission and will remain a secret as long as you do not disclose it.

Timed Log-off

Our system will automatically log you off from Online Banking and Bill Pay after a specified period of inactivity. This reduces the risk of others accessing information from your unattended computer. You may set the timeout period in Online Banking’s User Options screen. We recommend that you always sign off (log out) when done banking online.

Secure communications with Strong Encryption

The privacy of communications between you (your browser) and our servers is ensured via encryption. Encryption scrambles messages exchanged between your computer / device and our online banking server.

How Encryption Works
  • When visiting online banking’s sign-on page, your browser establishes a secure session with our server.
  • The secure session is established using a protocol called Secure Sockets Layer (SSL) Encryption. This protocol requires the exchange of what are called public and private keys.
  • Keys are random numbers chosen for that session and are only known between your computer / device and our server. Once keys are exchanged, your browser will use the numbers to scramble (encrypt) the messages sent between your browser and our server.
  • Both sides require the keys because they need to descramble (decrypt) messages received. The SSL protocol assures privacy, but also ensures no other website can “impersonate” your financial institution’s website, nor alter information sent.
  • To learn whether your browser is in secure mode, look for the secured lock symbol at the bottom of your browser window

All about Phishing and Spoofing

Phishing

Fake emails (phishing) will often…

  • Ask for personal information. They claim that your information has been compromised and ask you to confirm the authenticity of your transactions.
  • Appear to be from a legitimate source. While some emails are easy to identity as fraudulent, others may appear to be from a legitimate address and trusted source. The name or address in the “From” field, can easily be altered.
  • Contain fraudulent job offer, such as work-at-home positions.
  • Contain prizes or gift certificate offers. In exchange for completing a survey or answering questions, some fake emails promise a prize or gift certificate. They require you to give personal information in order to obtain the prize.
  • Links to counterfeit websites. Fake emails may direct you to counterfeit websites that closely resemble a legitimate site while they collect personal information for illegal use.
  • Links to real websites. Some fake emails link to legitimate websites. This is done in an attempt to make a fake email appear real.
  • Contain fraudulent phone numbers. Never call a number featured on an email you suspect is fraudulent; it can be tied to the fraudsters.
  • Contain real phone numbers. Similar to linking to real websites, real phone numbers may be featured in a fake email in an effort to make the email appear legitimate.
What you need to do if you receive a phishing email.

If you receive an e-mail that looks like it is from Citizens Bank of Kentucky or another well-known company requesting financial information or any other personal or sensitive data, please take the following actions:

  • Treat the e-mail with suspicion.
  • Do not reply to the e-mail or respond by clicking on a link within the e-mail message.
  • Do not download anything or open attachments.
  • Report the suspicious e-mail to the FTC and forward the e-mail to uce@ftc.gov.

If you have already provided personal financial information via e-mail and feel your Citizens Bank of Kentucky accounts are in jeopardy, contact our bank as soon as possible to report the suspicious activity. You can reach an Account Information Center representative by calling 1-866-462-2265 (Bank) or via email: info@wercitizens.bank.

Counterfeit websites (spoofing)

Online thieves often direct you to fraudulent websites via email and pop-up windows in an attempt to collect your personal information. In many cases there is no easy way to determine that you are on a phony website because the URL will contain the name of the institution-this is spoofing. If you type or copy/paste the URL into a new browser window and it does not take you to a legitimate website, or you get an error message, it was probably just a cover for the fake site.

What to do…

When logging into your account, look closely at your browser. The address in the location bar should start with “https”-for example, https://www.wercitizens.bank. You should also see a lock icon at the bottom of the browser. If you double-click the icon, it should display security information about Citizens Bank of Kentucky.

Protect Yourself Online

Be proactive when it comes to Online Security!

As your financial institution, we work hard to protect you from fraud. But you and your computer are the front line of defense. In just a few simple steps, you can help keep your computer-and your finances-safe.

  1. Secure your passwords

A good password should:

  • Not be based on personal information that can be easily guessed (your pet’s name, birth date, etc.)
  • Not be a word that can be found in any dictionary of any language.
  • Contain 8 characters, at least 1 number, at least 1 uppercase letter, at least 1 lowercase letter, and password cannot contain leading or trailing blanks.
  • Not be the same as any password you use for anything else.
  • Always memorize your password and do not write it down. Citizens Bank of Kentucky will prompt changing your passwords every 90 days.

Citizens Bank of Kentucky will not ask for your online ID or password by telephone OR by email!

  1. Secure your computer

There are certain precautions you should take to keep your computer safe from viruses and hackers.

  • Keep your operating system and browser up to date.
  • Use up-to-date anti-virus and anti-spyware software – and set them to update automatically.
  • Use a personal firewall.
  • Activate a pop-up blocker.

Keep in mind:

Security software that comes pre-installed on your computer typically works for just a few months unless you pay to extend its usage. Avoid buying software in response to unexpected pop-up messages or ads that claim to have scanned your computer and detected malware. That’s a scare tactic scammers use to spread malware.

  1. Be wary of spyware and malware

About spyware.

Spyware is software loaded on your computer without your knowledge. It collects personal information a

Privacy Policy

To report a Lost or Stolen Debit/ATM Card between the hours of 9am-5pm please call (866) 462-2265.
After hours please call (800) 811-8148, select option 3.