Strong two-factor authentication is required at login as well as for sensitive payment applications to help safeguard transactions. We require all customers to have tokens in addition to login and password. This greatly reduces risk because even if your password is compromised, a fraudster still needs your token pin to access the system.
Device Registration and Challenge
Our login also includes risk-based authentication to allow you to register multiple PCs for additional protection. If a user logs in from an unregistered device they will be forced to correctly answer challenge questions before gaining access.
Our system automatically logs you out after a period of inactivity.
Password Expiration and Lockout
Our system prompts you to change your password at least every 60 days. In addition, three failed attempts to enter the correct authentication credentials results in the user being locked out at which point a system administrator must reactivate the user id.
128-bit Secure Socket Layer (SSL)
Citizens Commercial Banking utilizes state-of-the art security technology to protect your data and transmissions over the internet. Any application or enrollment forms on the Citizens Commercial Banking web site use Secure Socket Layer (SSL) technology to transfer your information across the internet to us. This technology encrypts - or scrambles- the information you provide so it's virtually impossible for anyone other than Citizens Commercial Banking to read it. We use this technology whenever confidential information, such as your account number or social security number is requested. The SSL protocol continuously verifies the identity of each party during the session, encrypting messages to help ensure they remain private and unaltered.
Always look for "https://..." at the beginning of a URL you are about to enter sensitive data into.
We will always inform you if we detect you are using a browser that does not support encryption.
Our system provides you with access to audit logs so you can see what activity has taken place on our accounts. In addition our bank employees also have access to audit logs in order to do the appropriate investigations as needed.
We offer commercial customers dual approval on our systems for both administration and select payment activity. This allows you to put in controls where one person alone cannot send an external payment or make an administrative change to a user such as adding or deleting a user or changing their entitlements.
Inside Citizens Commercial Banking
A fundamental element of safeguarding your confidential information is to provide protection against unauthorized access or use of this information. We maintain physical, electronic and procedural safeguards that comply with federal guidelines to guard your nonpublic personal information against unauthorized access or use. Our employees are subject to a corporate code of ethics and other policies that require maintaining the confidentiality of customer information.
Citizens Commercial Banking will continue to enhance and maintain prudent security standards and procedures to protect against unauthorized access or use of your nonpublic personal information and records. These security procedures also protect former customers and consumers who have applied for an account or service at Citizens Commercial Banking for as long as the information is retained.
When We Will Contact You
From time to time, Citizens Commercial Banking may contact you unsolicited via phone call or email to inform you of a system issue, inform you about new products and services, or in an effort to continue to build the relationship. At no time will you ever receive a call or email from Citizens Commercial Banking asking you for your login credentials. If you receive a suspicious phone call or email asking for your authentication credentials you should decline to do so and call us at 1-877-550-5933.
You Can Protect Your Information
Although Citizens Commercial Banking has taken reasonable and appropriate measures to ensure that your personal information is secure, we cannot guarantee that the nonpublic personal information you provide will not be intercepted by others and decrypted. We are not liable for a breach of security that occurs for reasons outside of our control.
As your banking partner, we offer the following educational tips to build your knowledge and awareness around security. These are for educational purposes only and not meant to be used as a prescriptive solution with any warranties around eliminating fraud.
a Security Policy and Perform Regular Assessments
Here are high level suggested steps for a security policy.
- Identify and locate your assets. - This pertains to both information and material goods. Assess the importance and value of these assets.
- Perform a Threat Risk Assessment. - Categorize the likelihood of these assets being stolen and identify the resulting damage to the organization if such an occurrence comes to pass.
- Perform an informal site survey of your organization.
- Institute a standard for classifying all information - Is it confidential, private, unclassified, etc., and a means to identify which employees, or group of employees have access to this information.
- Ascertain who needs access to external resources and what resources need to be made available.
- Ascertain who needs access to your banking systems and services and make sure the removal of access to those services is part of your HR exit process.
- Create a disaster recovery plan.
- Appoint someone to be responsible for security policy enforcement.
- Understand that the implementation of any security policy needs regular validation.
- Perform Regular Assessments - Make sure your policy is working the way you intend it
Check your statements
Financial crime can go undetected for long periods, simply because victims are not aware it has happened. It may be weeks or months before fraud is spotted.
It's therefore vital that you carefully check all bank statements when you receive them. Make sure that all entries you see are correct. If there are transactions that you don't recognize, please report the details immediately.
If you receive incomplete statements, or fail to receive a bank statement or any other expected financial information, immediately contact us.
If you are in the process of changing your address, make sure you arrange to have all your mail forwarded and inform all parties you deal with.
Additional Tactics to Protect Your
- Use strong passwords
- Use letters from a phrase or song lyric - for example 'The Grand Old Duke of York he had ten thousand men' would give you the phrase 'TGODoYhhttm'. The mix of upper case and lower case letters helps to make the password even more secure
- Use a mixture of characters - including upper and lower case letters, as well as numbers. Some sites will allow you to use symbols such as "/" "~" or "&" for even better security.
- Don't use your PIN - or reuse any other passwords
- Don't use family names or birthdays - they are easy for attackers to guess, especially if you use your own name or birthday
- Don't use dictionary words - attackers will often use dictionaries of commonly used passwords. So avoid passwords which contain 'real' words (such as 'hello' or 'password'), names, or words in foreign languages
- Don't misspell common words - attackers are likely to try these combinations as well, especially sequences which replace letters such as 'I' with '1' or 'e' with '3'
- Utilize a firewall - A firewall is software which helps protect your computer from online attacks. Any computer you use to access the internet should have a firewall installed.
- Keep up-to-date with anti-virus software (e.g., McAfeeŽ or Norton) and anti-spyware. Additional examples can be found online at www.staysafeonline.org.
- Don"t access sensitive systems on an open network
- Consider reserving a computer dedicated to online banking use, which is not enabled for email or other Internet access.
- Run regular updates for your operating system and all applications.
This site and services provided are for commercial use only. It is also important when Customer assesses its risk of loss that Customer takes into consideration the fact that, as Customer is not a "consumer" under the Electronic Funds Transfer Act ("Reg E"), Customer is not able to avail itself of the protections offered by Reg E.
Citizens Commercial Banking encourages you to help us protect your information and to keep your information accurate. If you suspect someone has made unauthorized transactions on your Citizens Commercial Banking accounts, or if you believe that any information about you is not accurate, please call us anytime at 1-877-550-5933.
If you send us email, we may retain the content of the email and your e-mail address in order to respond to questions or concerns that you may have. To help secure transmissions, your e-mails to us should be sent using the "Email Us" page. Since we cannot ensure our response back to you is secure, we will not include nonpublic information such as account numbers in the response.