Preventing Identity Theft


Deluxe Provent® Identity Theft Protection

Every year millions of consumers are affected by identity theft. It costs a great deal of time and money to restore your identity. Criminals continually find ways to steal your personal information and perpetrate fraud. But now you can do something to help protect yourself. Citizens Bank Minnesota and Deluxe Provent are pleased to offer you ID Protect Plus service for only $4.99 per month.

Learn More


smsGuardian Text Alerts

Citizens customers have the ability to enroll in free* text alerts for their debit card activity! smsGuardian is a great tool for fraud prevention and detection!

Learn More

*Message and data rates may apply


Credit Reports

• At least annually, check your credit report from each of the three major credit bureaus (Equifax, Experian and TransUnion) for fraudulent activity

• Dispute inaccurate information immediately


Personal Identity Information

• Keep all identification and financial documents in a safe and private place

• Provide personal information only when:

1. You know how it will be used
2. You are certain it won’t be shared
3. You initiated contact and know who you’re dealing with

• Request a vacation hold if you can’t pick up your mail

• Deposit outgoing mail in the post office collection boxes or at your local post office

• Remove mail from your mailbox promptly

• Keep your purse or wallet in a safe place at work

• Memorize your Social Security number rather than carrying your Social Security card

• Do not have your Social Security or driver license number printed on your checks

• Review your Social Security annual statement for accuracy

• Provide your Social Security number only when necessary and to those you trust

• Before revealing your Social Security number, ask:

  1. Why your number is needed
  2. How your number will be used?
  3. What happens if you refuse?


Credit Card and ATM/Debit Cards

• Carry only those cards you really need

• Shred all statements and pre-approved credit card offers

• Photocopy both sides of your credit cards so you have all the account numbers, expiration dates and phone numbers and keep the copies in a safe place

• Cancel unused credit card accounts

• Be aware of people behind you at the ATM or anywhere else you swipe your card

• If you give your credit card or debit card to someone for a transaction, watch them swipe it and inspect the receipt for accuracy

• Know your billing cycles and contact creditors if bills don’t arrive on time

• Examine the charges on your credit card statement every month


Checking Accounts

• Know where your checkbook is at all times

• Print firmly and use permanent ink when writing checks

• Check your account statement for fraudulent activity - With Citizens Bank Minnesota Online Banking, you can check your account whenever and as often as you like

• Do not give your checking account number unless you know the company requesting the information and understand why the information is necessary


Sign up for E-Statements

At Citizens Bank Minnesota you can receive E-Statements online at www.citizensmn.com. Your account statements will no longer have to sit in your mailbox waiting for you to pick them up! E-Statements are safe and secure. To register for E-Statements, log in to Online Banking and click the “Go! Green” tab then click on “Sign Up/Changes”. Once you register for E-Statements, you will no longer receive paper statements. Contact Citizens Connection at 507-354-3165 for more details.


Protect Your Computer

• Update virus protection software periodically and after every new virus alert is announced

• Do not download files or open hyperlinks sent from people you don’t know

• Use a firewall program to reduce the risk of your computer being accessible to hackers

• Enter personal and financial information only when there is a “lock” icon on the browser’s status bar and look for URL to read “https” versus “http”

• If you must store personal and financial information on your computer:

  1. Make all passwords hard to guess by using complex combinations of numbers and upper and lower case letters
  2. Don’t use an automatic log-in feature
  3. Always log off when you’re finished

• Before discarding a computer, delete personal information using a “wipe” utility program to overwrite the entire hard drive


If you are a victim, take these steps immediately:

Place a fraud alert on your credit reports, ask for a free copy of your credit report and review those reports for evidence of accounts you didn’t open. 

Fraud unit contacts are:

Equifax 800-525-6285 

P.O. Box 740241, Atlanta, GA 30374-0241

www.equifax.com


Experian 888-397-3742 

P.O. Box 9532, Allen, TX 75013

www.experian.com


TransUnion 800-680-7289

P.O. Box 6790, Fullerton, CA 92834-6790

www.transunion.com


Close accounts—including share drafts/checks or ATM cards—that have been tampered with or used fraudulently. Contact all of your financial institutions and lenders, credit card issuers, utility companies and the Social Security Administration to notify them of the fraud. Follow up each conversation with a letter.

File a report with law enforcement and insist on getting a copy of the report or the report number.

File a complaint with the FTC. Visit ftc.gov/bcp/edu/microsites/idtheft/ for more information or call 877-IDTHEFT.


What do you do if your wallet is stolen and the bank is not open?

Do you know what to do if you lose your Citizens Debit Card or checkbook? Here are the contact numbers to call if this happens to you after normal Citizens business hours.

•Debit Card: If your Debit Card is lost or stolen after regular business hours, please contact 800-535-8440.

•Checkbook: If your checkbook is lost or stolen it is not necessary to close your account. You can simply request a stop payment for the lost checks. Please contact us at 507-354-3165 to request a stop payment.


How Citizens Protects You

Passwords

Access to Online Banking requires your banking ID and a unique password. This information along with any interactions and\or transactions performed is encrypted during transmission. Citizens strongly encourages you to define a unique password that only you can provide and is not tied to any personally identifiable information that a hacker could obtain from a phone book or the Internet.

Enhanced Login Security

Citizens provides Enhanced Login Security which significantly increases your level of protection online. When you sign-up for Online Banking you will choose an image that will be associated with your account. By verifying your image when you log in you can be sure that you are at the Citizens Online Banking site.

Timed log-off

The Citizens Online Banking platform will log you off after 10 minutes of inactivity. This reduces the risk of someone else accessing your financial information if you leave your PC unattended.

Firewall

Online Banking systems are protected 24 hours a day by a variety of security measures, including firewalls that block unauthorized entry.

Encryption

Throughout your Online Banking session, from login, to transaction activity, to log-off, all interactions are encrypted between your browser and the web server. Citizens employs some of the strongest levels of encryption available today.

You can identify a secure (encrypted session) by looking for the "closed lock" icon in the lower right-hand corner (Microsoft Internet Explorer) or in the right end of the address bar (Firefox) or in the top right corner (Safari) of your browser. Additionally, the Web address or URL will begin with https://.... This indicates the page you are viewing uses encryption. The "s" stands for "secured."

More Security Measures

While the measures noted above are instrumental to your safe interaction with Online Banking, continuous monitoring is in place to alert Citizens of any unusual activity. If suspicious activity is identified, we will take necessary steps to shut down access until the issue has been resolved. Security of your information is a top priority and we take it very seriously.

Debit Card Fraud Alerts

Citizens Bank Minnesota has enlisted the assistance of our Debit/ATM Card processor, Card Processing Solutions (CPS) Fraud Center, to identify potentially fraudulent transactions. Emails and/or SMS messages are sent 24/7 in efforts to verify authorization of transaction(s) in question. If no response is received within 20 minutes, between the hours of 8:00 AM to 9:00 PM (CST Time), a telephone call will be attempted to your home, mobile device or work number on file. If there is no answer a voice message will be left. CPS Fraud Center will NOT ask for confidential information and will only attempt to verify transaction(s) in question. Citizens may also attempt to contact you during banking hours regarding transaction verification or suspected fraud.


How to protect yourself on the internet

It's not always easy to identify online fraud. Understanding how fraudulent activity takes place helps with prevention, and keeps you safe.

Safeguard your email

Email is often a vehicle used to transmit malware and commit fraud. It is important to evaluate your email behaviors and develop good habits to help protect your computer and your identity.

In addition to viruses and worms that can be transmitted via email, phishing also threatens email users. A type of email fraud, phishing occurs when a perpetrator, posing as a legitimate, trustworthy business, attempts to acquire sensitive information like passwords or financial information.


How to safeguard your email:

Never open or respond to SPAM (unsolicited bulk email messages).

Delete all spam without opening it. Responding to spam only confirms your email address to the spammer, which can actually intensify the problem.

Never click on links within an email.

It's safer to retype the Web address than to click on it from within the body of the email.

Don't open attachments from strangers.

If you do not know the sender or are not expecting the attachment, delete it.

Don't open attachments with odd filename extensions.

Most computer files use filename extensions such as ".doc" for documents or ".jpg" for images. If a file has a double extension, like "notlegit.doc.pif," it is highly likely that this is a dangerous file and should never be opened. In addition, do not open email attachments that have file endings of .exe, .pif, or .vbs. These are filename extensions for executable files and could be dangerous if opened.

Never give out your email address or other sensitive or personal information to unknown web sites.

If you don't know the reputation of a website, don't assume you can trust it. Many websites sell email addresses or may be careless with your personal information. Be wary of providing any information that can be used by others for fraudulent purposes.

Never provide sensitive information in email.

Forged email purporting to be from your financial institution or favorite online store is a popular trick used by criminals to extract personal information for fraud.

Don't believe the hype.

Many fraudulent emails send out urgent messages that claim your account will be closed if sensitive information isn't immediately provided, or that important security needs to be updated online. Your financial institution will never use this method to alert you of an account problem.

Be aware of poor design, bad grammar and spelling.

A tell-tale sign of a fraudulent email or website includes typos and grammar errors as well as unprofessional design layout and quality. Delete them immediately.

Backup your sensitive data records.

Consider backing up all sensitive files. This will not only help you restore damaged or corrupted data, but it will help protect against fraud attacks and help recover lost files if needed.

Safeguard your identity online.

In addition to protecting your email, there are a number of guidelines to follow that will help safeguard your identity online.

Do not allow a website to keep sensitive information or credentials for future convenience.

It is a common practice when registering for access to a website or making a purchase from a website to be asked if you want to keep your access credentials, credit card number or other sensitive information on file as a matter of convenience. This common request is referred to as "remembering" for the future use.

Be selective about where you surf.

Not all websites are benign. Sites that are engaged in illegal or questionable activities often host damaging software and make users susceptible to aggressive computer attacks.

Don't choose "Remember My Password."

You should never use the "remember password" feature for online banking or transactional websites.

Don't use public computers for sensitive operations.

Since you cannot validate the computer's integrity, there's a higher risk of fraud when you log in from a public computer.

Work on a computer you trust.

Firewalls, antivirus, anti-spyware and other protection devices help keep a computer properly monitored and provide peace of mind. These tools are important in order to protect your computer and data. A good firewall is critical if you commonly access the Internet via a wireless connection. It is also important to keep your computer up-to-date with patches to security tools as well as to the operating system and other programs on your computer. Make sure to configure your computer to update all security fixes.

Select a strong password.

The best password is an undetectable one. Never use birth dates, first names, pet names, addresses, phone numbers or Social Security Numbers. Use a combination of letters, numbers and symbols. Be sure to change your passwords regularly.

Use a secure browser.

Only use secure websites when you're conducting transactions online (a website is secure if there is a locked padlock in the lower left-hand corner of your browser).

Sign off, shut down, disconnect.

Always sign off or logout from your Online Banking session or any other website that you've logged into using a user ID and password. When a computer is not in use, it should be shut down or disconnected from the Internet.

Lock your computer when it is not in use.

This helps protect you from unauthorized user access.

Beware of shoulder surfing.

This is a common tactic that happens in public places such as coffee shops, airports and libraries etc. where an attacker will look over your shoulder when you're logged in to obtain your sensitive information. Be vigilant and aware of prying eyes.

Set up a timeout.

The timeout feature is an additional safety check. It can prevent others from continuing your online banking session if you left your PC unattended without logging out. You can set the Timeout period in the User Options screen.


How Fraud Works

Tactics that fraudsters employ all share the same goal: to obtain your personal, confidential and financial information for fraudulent use.

From obtaining your information 'the old fashioned way' via discarded mail, to emails that ask you to verify personal information under the guise of a trusted source – like Citizens – fraudulent activity comes in many different forms.

Fraud tactics include:

Dumpster Diving: 

Thieves rummage through trash looking for bills or other paper that includes your personal information.

Malware:

Also known as 'malicious software', malware is designed to harm, attack or take unauthorized control over a computer system. Malware includes viruses, worms and Trojans. It's important to know that Malware can include a combination of all three of the types noted.

Phishing:

A scam that involves the use of replicas of existing websites to try to deceive you into entering personal, financial or password data. Often suspects use urgency or scare tactics, such as threats to close accounts.

Vishing:

Vishing is a type of phishing attack where the attacker uses a local phone number in the fake email as a means of obtaining your sensitive information. The goal is to fool you into believing the email is legitimate by instructing you that responding to the request by phone is safer than responding by email and shows authenticity. The unsuspecting caller is then tricked through an automated phone system to relinquish their sensitive information.

Pharming:

Pharming takes place when you type in a valid Web address and you are illegally redirected to a websitethat is not legitimate. These 'fake' websites ask for personal information such as credit card numbers, bank account information, Social Security numbers and other sensitive information.

Trojan:

A Trojan is malicious code that is disguised or hidden within another program that appears to be safe (as in the myth of the Trojan horse). When the program is executed, the Trojan allows attackers to gain unauthorized access to the computer in order to steal information and cause harm. Trojans commonly spread through email attachments and Internet downloads. A common Trojan component is a "keystroke logger" which captures a user's keystrokes in an attempt to capture the user's credentials. It will then send those credentials to the attacker.

Spoofing:

Spoofing is when an attacker masquerades as someone else by providing false data. Phishing has become the most common form of website spoofing. Another form of spoofing is URL spoofing. This happens when an attacker exploits bugs in your Web browser in order to display incorrect URLs in your browser location bar. Another form of spoofing is called "man-in-the-middle". This occurs when an attacker compromises the communication between you and another party on the Internet. Many firewalls can be updated or configured to significantly prevent this type of attack.

Spyware:

Loaded on to your computer unbeknownst to you, spyware is a type of program that watches what users do and forwards information to someone else. It is most often installed when you download free software on the Internet. Unfortunately hackers discovered this to be an effective means of sending sensitive information over the Internet. Moreover, they discovered that many free applications that use spyware for marketing purposes could be found on your machine, and attackers often use this existing spyware for their malicious means.

Pop-Ups:

A form of Web advertising that appears as a "pop-up" on a computer screen, pop-ups are intended to increase Web traffic or capture email addresses. However, sometimes pop-up ads are designed with malicious intent like when they appear as a request for personal information from a financial institution, for example.

Virus:

A computer virus is a malicious program that attaches itself to and infects other software applications and files without the user's knowledge, disrupting computer operations. Viruses can carry what is known as a "payload," executable scripts designed to damage, delete or steal information from a computer.

A virus is a self-replicating program, meaning it copies itself. Typically, a virus only infects a computer and begins replicating when the user executes the program or opens an "infected" file.

Viruses spread from computer to computer only when users unknowingly share "infected" files. For example, viruses are commonly spread when users send emails with infected documents attached.

RetroVirus:

This virus specifically targets your computer defenses. It will look for vulnerabilities within your computer operating system or any third party security software. Most security vendors have some form of tamper-proof measure in place, so it is important to keep your patches up-to-date. Retro Viruses are usually combined with another form of attack.

'Game Over' Malware (targets bank accounts):

The FBI is warning consumers of a recent phishing scheme involving spam e-mails—purportedly from the National Automated Clearing House Association (NACHA), the Federal Reserve Bank, or the Federal Deposit Insurance Corporation (FDIC)—that can infect recipients’ computers with malware and allow access to their bank accounts. The malware is called “Game Over” because once it’s on your computer, it can steal usernames and passwords and defeat common methods of user authentication employed by financial institutions. Visit the FBI’s website to learn more about this malware and what you can do to protect yourself.

Worm:

A worm is similar to a virus but with an added, dangerous element. Like a virus, a worm can make copies of itself; however, a worm does not need to attach itself to other programs and it does not require a person to send it along to other computers.

Worms are powerful malware programs because they cannot only copy themselves; they can also execute and spread themselves rapidly across a network without any help.

Questions?