Internet Banking Title
Citywide Banks cares about your privacy and security
Member FDIC and Equal Housing Lender
privacy, security, identity theft

ONLINE SECURITY SAFEGUARDS & CUSTOMER RECOMMENDATIONS

Citywide Banks is committed to safeguarding our customers' financial account and personal identification information. We have implemented several online security measures to provide our customers the peace of mind that online banking transactions will be processed safely and securely. We have also provided some helpful steps that customers can take themselves to safeguard their account information.

Recommended Online Security Steps for Customers

Online Banking Security Features Implemented by Citywide Banks

Examples of Online Fraud Tactics

Examples of Other Bank-related Fraud

 

RECOMMENDED ONLINE SECURITY STEPS FOR CUSTOMERS
Passwords/Personal Identification Numbers (PINs) are an important authentification mechanism for online banking users. Citywide Banks strongly encourages customers to take steps to minimize unauthorized access to your online banking accounts. (click here for more ways to protect yourself from ID theft and fraud)

Citywide Banks strongly recommends all customers consider following the online security recommendations listed below:

- Memorize your PINs and do not write them down or share them with anyone

- Change your OnlineOption Internet Banking PIN and Cash Management User PIN periodically

- Create a 6-8 character PIN that includes both numbers and letters

- Use uppercase, lowercase and special characters to further personalize your PIN

- Avoid using repetitive characters (i.e. "aaa") or sequential numbers (i.e. "1234") within your PIN

- Do not use your Social Security number as a username or password/PIN

- Do not allow Windows to remember your password (this is an optional feature of the popular operating system)

- Immediately change business account PINs when key personnel change positions or leave the organization


ONLINE BANKING SECURITY FEATURES IMPLEMENTED BY CITYWIDE BANKS
Citywide Banks has implemented a number of technology features to help safeguard your online banking experience. We use a watermark authentification image anytime an OnlineOption user is prompted to input their PIN. This image is personalized to each user and alerts users that the login page is the official OnlineOption website. The feature helps counter "phishing" or "pharming" attempts by fraudulent vendors and individuals.

Citywide Banks' OnlineOption users are also protected through an automated monitoring system, which flags any suspicious activity on a customer's account. Customer transactions, such as withdrawal amounts, are initially tracked in order to develop a profile of 'common transaction types' for each OnlineOption user. If there is an attempt to complete a transaction that is outside of a user's common activity, the system triggers a set of challenge questions to verify a users identity. The answers to these questions are defined by each OnlineOption user when they establish their online banking account. Transactions outside of a user's profile are then completed only after the user's identity is verifed.

Citywide Banks also uses the latest encryption methods to securely transmit data over the Internet. When customers connect to OnlineOption or Bill Pay through a personal computer, any information transmitted is fully encrypted. This means is that customer information is scrambled as it travels over the Internet. It is then unscrambled once it safely reaches the Citywide Banks' server.



BE AWARE -- EXAMPLES OF ONLINE FRAUD TACTICS

PHISHING is an Internet scam that lures consumers into divulging their personal financial information on fraudulent web sites, also known as spoofed web sites. For example, the phisher may send an email message to an unsuspecting victim instructing him to click on the link to a bank’s web site (provided in the email) to confirm his account information. Unbeknownst to the consumer, the web site is a convincing fake or copy of the authentic web site. The unsuspecting customer takes the bait and provides the information, thereby enabling the phisher to steal his personal financial information. Phishers use Internet websites to deceive consumers into disclosing sensitive information, such as bank account information, Social Security numbers, credit card numbers, passwords, and personal identification numbers (PINs).  The perpetrator of the fraudulent e-mail message may use various means to convince the recipient that the message is legitimate and from a trusted source with which the recipient has an established business relationship, such as a bank, the Federal Reserve or FDIC.  Techniques such as false "from" address or the use of seemingly legitimate bank logos, web links and graphics may be used to mislead e-mail recipients.

PHARMING (sometimes referred to as Spoofing) is similar to phishing but more sophisticated. Pharmers also send emails. The consumer, however, can be duped by the pharmer without even opening an email attachment. The consumer compromises his personal financial information simply by opening the email message. The pharming email message contains a virus (or Trojan horse) that installs a small software program on the user’s computer. Subsequently, when the consumer tries to visit an official web site, the pharmer’s software program redirects the browser to the pharmer’s fake version of the web site. In this way, the pharmer is able to capture the personal financial information that the consumer enters into the counterfeit web site, and the consumer’s account is again compromised. The latest form of pharming does not require email at all. Password-stealing Trojan horses can attack through Microsoft Messenger® where keyloggers are run. Keyloggers are viruses that track a user’s keystrokes on legitimate sites and steal passwords, allowing a thief to have access to a consumer’s password for future fraudulent transactions.



EXAMPLES OF OTHER BANK-RELATED FRAUD

FAKE CASHIER'S CHECKS A cashier's check is a bank issued check where funds are placed in a special account at a bank.  This can be a safe way to receive payment for a used car you're selling or items you auction over the Internet.  Unfortunately, fake cashier's checks are getting easier for crooks to produce on personal computers.  Always insist on a cashier's check drawn on a local bank or a bank that has a local branch.  This way you can take the check to the bank to ensure it is a valid item.  If you can't get a cashier's check from a bank with a local office, confirm that the out-of-town cashier's check is good by calling the bank.  Always use the phone number from a reliable source, such as directory assistance.  Do not use the phone number listed on the check.  If this is a fraudulent item, the phone number on the check could be that of an accomplice.  If you're not sure where the bank is located or whether it is legitimate, check the FDIC's "Institution Directory" on the Internet at www.fdic.gov/idasp.  You should be comfortable that you are dealing with an honest person.  Start by verifying the name, address, home number and work number of the purchaser through some independent means, such as an Internet database or directory assistance.  Trying to determine whom this person is will be especially important if you are selling something over the Internet, because you are taking a big chance that the buyer could be a thief.  Hold on to the merchandise for several days after you deposit the cashier's check, giving the cashier's check time to pay on the other end.  To be safe, you may want to wait a couple of weeks before releasing the merchandise if you have suspicions about the buyer or the check.  That is how long it could take for your bank to discover if the cashier's check is phony, and if it is, the bank will come looking to you for the money.