Stay Safe Online.
We care about our customers and the security of their accounts. If you believe you are a victim of fraud, notify your bank immediately. If you are a Citizens Bank customer, we will work with you to identify and make appropriate corrections to your account and help to protect you against future fraud.
The following information is provided with the intention of helping to further protect you against possible fraud attempts. We strongly encourage all customers to implement the following "best practices." This is especially important to business online banking users because Regulation E protections related to electronic funds transfers are limited to consumers.
Best Practices for Your Computer Setup
- Use the most recent versions of operating system available for your particular computer.
They're more secure.
- Download security patches and updates. Turn on automatic updates so you've got the latest fixes to problems as they arise.
- Disable "File and Printer Sharing" on your computer to prevent unauthorized access.
- Increase the security settings for your operating system. Limit administrative rights on users' workstations.
- Use a current web browser and keep it updated.
- Set your browser to block pop-ups.
- Turn your computer off when you're not using it. If you're not connected to the internet, you can't be hacked or infected.
- Use only the most trusted sources for computer service. Make sure your personal data is completely secure before allowing anyone to work on your computer.
TIP: It is strongly recommended that computers used by businesses for online banking be restricted to use for that purpose only. All security measures should be implemented and Internet surfing to any sites other than business banking sites prohibited. Business online banking users should also perform a periodic risk assessment of their online banking practices including, but not limited to, electronically initiated ACH and Wire transactions.
Best Practices for Selecting Appropriate Security Tools
- Only use a well-established and highly rated "internet security suite" software with features that include:
- Identity protection
- Email scanning
- Automatic updates
- Automatic scanning
- Always ensure that your security software subscription does not expire and verify that automatic updates and scanning are occurring. For additional assurance, set your security software to automatically perform a "full system" scan of your computer daily or weekly.
- Use a secure Password to prevent access when you're away from your computer.
- Use encryption software to protect data stored on your laptop, PDA, cell phone or other wireless device.
Best Practices for Online Banking
- Access online banking sites by typing the URL directly into the address bar. That way you know the
site is legitimate. You may want to bookmark the site for future visits.
- Look for a lock icon in the browser and "https:" in the address line. They tell you the page is secure. (Still not sure? Double-click the lock icon to verify the security certificate.)
- Check for anything unusual, unprofessional or out of place such as a slightly altered domain name. Also be suspicious of an imperfect or altered bank logo and urgent account verification requests you might receive.
- Do not leave a computer unattended when logged into online banking.
- Avoid having other websites loaded in your web browser when using online banking.
- Don't use public computers to do your banking, including those at schools, libraries, internet cafes, hotels, airports, business centers, and conference centers.
- Avoid using Wi-Fi hotspots when online banking. These are shared by many people and theft of data can occur using established hacking techniques. If you are using a mobile device such as a smartphone or tablet that is connected to the Internet via a proprietary network (i.e. AT&T, Sprint, Verizon, etc.) this is generally considered safer than mobile Wi-Fi hotspots.
- Do not share your online banking login credentials with anyone. Shared account owners should have their own individual logins.
- Take full advantage of available alerts within your financial institution's online banking system. You know best what your banking habits are, so use alerts to make you immediately aware of any suspicious activity with your account.
- Set acceptable limits for funds transfers and ACH. Assign those limits based on user needs.
- Implement dual authorization requirements for high-value transactions.
- Utilize hardware or soft tokens as an additional layer of security for account access and ACH and wire transfer transactions.
- Avoid using email as a delivery method for secure access codes! Instead, use voice calls or text messaging to your mobile device. If your PC has been hacked, so has your email information.
- Enroll for online statements with your financial institution, credit card companies, mortgage company, etc. to avoid having statement information potentially exposed in the mail.
REMEMBER: It is strongly recommended that computers used by businesses for online banking be restricted to use for that purpose only. All security measures should be implemented and Internet surfing to any sites other than business banking sites prohibited. Business online banking users should also perform a periodic risk assessment of their online banking practices including, but not limited to, electronically initiated ACH and Wire transactions.
Best Practices for Creating Strong Passwords
- Don't share your Password with anyone.
- Memorize your Password. Don't write it down or store it on your computer.
- Don't use automatic login features that save user names, login ID's and passwords. Do not respond if you are prompted by a website to save logon credentials.
- Use upper and lower case letters, numbers and symbols.
- Avoid common words or obvious names. Think of a phrase that's memorable to you but not to others. Use Passwords that are at least eight characters long.
- Change Passwords regularly (at least every 90 days).
Best Practices for Safer Email
- Don't open email from someone you don't know. Read subject lines carefully. Don't be tricked by a friendly tone or urgent request.
- Turn off the preview pane in your email program.
- Don't click on links or attachments in unsolicited email, especially if they tell you the problem is urgent or the attached file ends in ".exe."
- Delete email from unknown sources immediately. Make sure you have enabled junk mail filtering.
- Don't forward chain emails. Spam already makes up around 50 percent of all email traffic.
TIP: If your bank sends e-mail to your e-mail address; it should always include a personal or account identifier. Any links included should be to the bank's web site information page, not directly to a page that requires log-in credentials or personal information.
REMEMBER: No one at your bank should ever email you to ask for your personal confidential information or for your account or password information.
Phishing & Spoofing
Phishing scams use email messages which urge you to click on a link within the message to update
personal information. This link then takes you to a “spoofed” website which is designed to
look like the bank’s legitimate site.
To prevent phishing:
- Be suspicious of any email with urgent requests for personal financial information.
- Don’t use the links in an email to get to any web page if you suspect the message might not be authentic. Instead, call the company on the telephone, or log onto the website directly by typing in the Web address in your browser.
- Avoid filling out forms in email messages that ask for personal financial information. You should only communicate information such as credit card numbers or account information via a secure website or the telephone.
- Identity protection
- Email scanning
- Automatic updates
- Automatic scanning