Keep your accounts secure, by keeping your information secure.


Your online security is always a priority to CIT Bank. CIT Bank is dedicated to keeping your account safe, but we also want to make sure that you can protect yourself and your account.

Fraud can occur in a variety of ways, so it's important to understand what fraud is, how it works, and how to protect yourself and your accounts. Please read through the information below, then check out our Fraud Prevention Guide.

Identity Theft

Identity Theft

Identity Theft occurs when someone uses your personal information, such as your name, Social Security number, date of birth, driver's license number, online banking credentials (User ID and password), or account numbers, without your permission to open accounts, access your existing accounts, or make major purchases in your name.

  • Common approaches Criminals will go through trash to obtain information on discarded mail or use electronic approaches. Phishing (fraudulent email), vishing (fraudulent phone call), smishing (fraudulent text) and malware (software that can disable your computer and access personal information) are ways that fraudsters try to deceive you into revealing personal, financial, or account information.
  • Tips Make sure you have the latest security software installed on your computer and only download software and programs from legitimate sources. Create strong passwords and update them every 90 days. Do not write them down in case they are accidentally discarded. Avoid phishing, vishing, and smishing by using caution when asked by phone, email, or text to update your account information. Do not provide personal information when someone contacts you. Instead contact the company directly using verified contact information.

Back to top

What to do if you think you're a victim of Identity Theft.

  1. Contact the CIT Bank Fraud Prevention Department

    We will help you determine next steps based on your individual situation. It may be necessary to take additional steps and not just the ones listed below.

  2. Contact the credit reporting agencies to place a fraud alert on your profile and to order a report. You only need to contact one credit reporting bureau. The credit bureau you call is required to contact the other two. When you place a fraud alert on your credit profile, any new credit requests will receive careful review to ensure the applicant is you.
  3. Close any accounts in your name that were opened fraudulently.
     
  4. Contact the Social Security Administration Fraud Hotline. 1-800-269-0271.
     
  5. File a police report with your local law enforcement agency.
     
  6. Report identity theft to the Federal Trade Commission so that law enforcement agencies across the country can use the information to help with their investigations. Click here or call 1-877-IDTHEFT (877-438-4338).
     
  7. Contact your local post office if you believe your mail was stolen or redirected. www.usps.com
     
  8. Contact your local Department of Motor Vehicles if you believe someone is trying to get a driver's license or identification card using your name and information.

Back to top

Bank Account Fraud

Bank Account Fraud occurs when a fraudulent deposit, in the form of a check or ACH transfer, is made into your bank account and subsequently returned by the paying bank. Fraudsters may ask you to open a new account or use an existing account. Once the deposit is available, they will want to make transfers out, sometimes offering to let you keep part of the deposit.

  • Common approaches Criminals will use scams involving employment, dating online, or selling items to commit deposit fraud. Download our complete Fraud Prevention Guide for more information about ways to identify deposit fraud scams.
  • Tips Never initiate transfers to or from an account that you do not own, accept deposits on behalf of someone else, or allow someone to overpay you on shopping or auction sites. Never accept an employment offer that involves processing checks, ACHs, or electronic payments through your personal account or an account in your name.

Back to top

What to do if you think you're a victim of Bank Account Fraud.

  1. Contact the CIT Bank Fraud Prevention Department

    We will help you determine next steps based on your individual situation. It may be necessary to take additional steps and not just the ones listed below.

  2. File a police report with your local law enforcement agency.
     
  3. File a complaint regarding Internet-related fraud with the Internet Crime Complaint Center. www.ic3.gov
     
  4. Report scams to your state Attorney General.
     
  5. Report bank account fraud to the Federal Trade Commission so that law enforcement agencies across the country can use the information to help with their investigations. Click here or call 1-877-382-4357

Back to top

10 Secure Mobile Banking Tips

  1. Risk: Mobile devices without passwords: Mobile devices often times do not use passwords to authenticate users and control their access.

    Protecting yourself: Enable user authentication: Ensure your device is configured in a way that forces the use of "Passwords and Personal Identification Numbers (PINs)" to gain access. The password field should also be masked to prevent casual viewing. Consider activating idle-time screen locking. This will force the need to have proper credentials being granted access to your information. Enable auto-wipe feature after excessive password failures.

  2. Risk: Near Field Communications (NFC) broadcast the presence of your mobile device. Mobile devices sometimes have NFC enabled to permit the exchange of information directly between two devices. This exchange of information between two devices can happen between you and a trusted friend or between you and a criminal, allowing them to capture the sensitive personal information stored on your device.

    Protecting yourself: At a minimum, follow these simple instructions: (1) Read the fine print that comes with your NFC-enabled device and applications; (2) Ensure that you apply software updates to your device in a timely manner; and (3) When not using your NFC capability, be sure to turn it off.

  3. Risk: Clicking on a banking link received in a text message or email: Be suspicious of any URL links that you may receive from the bank sent via text message or email. Links received in this fashion can be very dangerous, redirecting you to malicious websites owned by cyber-criminals.

    Protecting yourself: Enter the bank's web address into your mobile device and bookmark the link. Then use this link instead of the one that was sent to you. Using this technique will prevent you from being tricked into going to fake websites. Also, don't send sensitive or personal information such as account information or password in a text message or email. Important Tip: Here are two ways to ensure validity of the links:

    Important Tip: Here are two ways to ensure validity of the links:
    1. On a desktop, hover your mouse over URL links to determine its validity prior to clicking on it. If you cannot validate, do not click on the link.
    2. Copy the link into your browser; the part of the URL you don't see will be copied and any potentially hidden malicious site URL will be revealed.

    Important Note: At times CIT will send out emails that include URL links to our company websites www.cit.com, www.bankoncit.com and www.onewestbank.com. The emails will come from donotreply@bankoncit.com or donotreply@owbmail.com.

  4. Risk: Failure to delete all sensitive information from devices that are no longer in use. Leaving the names of banks or credit unions, passwords, or other personal information on your device could result in identity theft.

    Protecting yourself: You must delete the data from your old phone before disposing or passing it on to another person. The easiest way to accomplish this is to wipe the device by performing a factory reset and then entering fake data to overwrite any traces of the original data. Follow the instructions provided by your device manufacturer to accomplish this process prior to disposing of the device.

  5. Risk: Downloading applications from unofficial sites that contain malicious software. It is not uncommon for consumers to inadvertently download applications that are disguised as useful programs, but in reality, contain malware that serves the intent of the cyber-criminal.

    Protecting yourself: Be sure that your application is sanctioned by the bank prior to downloading and installing it. Follow your device's software update procedures to verify the application's signature and to confirm the package is authentic and complete.

    Download mobile apps only from reputable sites:
    • iOS: App Store
    • Android: Google play and Amazon App Store

    For Android users, evaluate apps before installing. Look at the number of downloads, read customer reviews and look at the app's rating; if low, be suspicious as this means there has not been thorough vetting of the app (e.g., for security issues, functionality, etc.). Be aware of the app's permissions and access (e.g., location, contacts, photos, camera, microphone); be suspicious of requests for excessive access (e.g., does a game app really need access to your contact list or the ability to send text messages?)

  6. Risk: Loss of Mobile device: Losing a mobile device can potentially result in divulging your sensitive information to thieves.

    Protecting yourself: Install tracing and remote deletion software to help you find the device's location in the event it is ever lost or stolen. Also, if feasible, install software that permits you to perform remote deletion. You should also consider leveraging the device's locking capabilities; depending on the device you will need to trace a pattern, or insert a Personal Identification Number (PIN) into your phone to enable the device locking feature. This added layer of security will slow a criminal down long enough for you to disable your bank account before any unauthorized access occurs.

  7. Risk: Lack of security software or circumventing security controls: Mobile devices need to have security software to protect against malicious applications and spyware. Usually, these devices do not come pre-installed with the appropriate security software or users fail to install the security software. Be aware that jailbreaking (iOS) and rooting (Android) provide the user with additional access to circumvent mobile device security controls—and for certain mobile devices allow the user to download applications from untrusted sources—which may introduce malware onto the device.

    Protecting yourself: Install Anti-Malware Capability: Users should ensure that appropriate software is installed and enabled on their mobile device to protect against unwanted email attachments, voice messages, and text messages as well as malicious applications, viruses, and spyware. Avoid jailbreaking or rooting your mobile device.

  8. Risk: Out-of Date Operating Systems and circumventing security controls: Security patch updates on operating systems and third party applications can sometime take weeks before these are provided to, and installed by, users.

    Protecting yourself: Your mobile device can be configured to automatically update to the latest operating system version. Follow the instructions that come with your device so that you can ensure these updates are transmitted promptly.

  9. Risk: No restrictions on Internet Connections. By not limiting the ports that can be used by a device, you may permit a potential criminal to enter the device through an unsecure access point.

    Protecting yourself: Install Anti-Malware Capability: Users can install a mobile personal firewall. When this software is installed appropriately, the programs will enable the mobile device to protect against unwanted email attachments, voice messages, and text messages; as well as, malicious applications, viruses, and spyware.

  10. Risk: Connection to an Unsecured Wi-Fi Network. Public network connections are notoriously not very secure. When using Wi-Fi networks, users become susceptible to Man-in- the-Middle attacks (MITM) where criminals eavesdrop on the network connection. When this happens, users are at risk of their personal information being viewed and/or stolen.

    Protecting yourself: Do not participate in banking activities while connected to a public network. It is better to disable Wi-Fi and switch to the cellular network when handling personal banking transactions or look into setting up a Virtual Private Network (VPN) that encrypts your Wi-Fi connections.

Back to top

Computer Bugs and Viruses

As new computer bugs and viruses are created and distributed, we want you to know what we're doing to protect your information.

What are bugs and viruses?
A software bug is a flaw in the computer code that creates errors in the application or program, which can make your computer vulnerable or have unexpected results. A computer virus is malicious code that can copy itself, and infect your computer and the way it operates. It can have unexpected or damaging effects.

The best thing to do...

  • Be cautious when downloading files from the internet, opening attachments or clicking on links. Use a recognized antivirus software or comprehensive security software.
  • Update your system and mobile devices with the latest operating system versions and patches.
  • Create different passwords for different websites, and make those passwords appropriately complex, using upper- and lower-case letters, numbers and, if allowed, symbols.
  • Change your password regularly and enable your Online Banking account alerts. Those, along with other online account tools, will add another layer of coverage to your account.

Back to top

How to Protect Yourself from Scams

Phishing


The term "phishing," as in fishing for confidential information, refers to a scam that encompasses fraudulently obtaining and using an individual's personal or financial information. This is how it works:
  • A consumer receives an e-mail that appears to originate from a financial institution, government agency, or other well-known/reputable entity.
  • The message describes an urgent reason you must "verify" or "re-submit" personal or confidential information by clicking on a link embedded in the message.
  • The provided link appears to be the Web site of the financial institution, government agency or other well-known/reputable entity, but in "phishing" scams, the Web site belongs to the fraudster/scammer.
  • Once inside the fraudulent Web site, the consumer may be asked to provide Social Security numbers, account numbers, passwords or other information used to identify the consumer, such as the maiden name of the consumer's mother or the consumer's place of birth.
  • When the consumer provides the information, those perpetrating the fraud can begin to access consumer accounts or assume the person's identity.

It is important to note that CIT Bank will never ask for personal or confidential information in this manner. CIT Bank communications will only use links to the official CIT Bank web page located at https://www.bankoncit.com

Anti-malware software can identify and warn you when accessing a suspicious website. You can also look for the following items to determine if a site is valid or not.

The CIT Bank site will include the following:

  • A lock icon in the address bar;
  • A URL that begins with https://; and
  • A URL like the one shown below.
Fraud Prevention Phishing

If you click on a link that takes you to a website whose address begins with something else, or which includes apparent abbreviations of our bank name, it’s not a genuine CIT Bank site – even if it looks familiar. You should refrain from using any links or information found at such fraudulent sites.

If you suspect an e-mail or Web site is fraudulent, please report this information to CIT Bank, using this number 855-462-2652. If you suspect that you have been a victim of identity theft, perhaps because you submitted personal information in response to a suspicious, unsolicited e-mail or you see unauthorized charges on your credit card, immediately contact CIT Bank and, if necessary, close existing accounts and open new ones. Also contact the police and request a copy of any police report or case number for later reference. In addition, contact the credit reporting agencies to place a fraud alert on your profile and to order a report. You only need to contact one credit reporting bureau. The credit bureau you call is required to contact the other two. When you place a fraud alert on your credit profile, any new credit requests will receive careful review to ensure the applicant is you.

Back to top

Voice Phishing Phone Calls

You will never receive a call from CIT Bank asking you to provide your account information. Imposters placing these calls are engaging in a practice known as "vishing" or "voice phishing," through which they attempt to obtain your account and security information.

If you receive a call like the one described above, or any other suspicious phone call inquiring about your account(s) with CIT Bank, do not provide your account or security information. If you have any questions, please contact our Customer Call Center toll-free at 855-462-2652 to report such activities.

Back to top

Text SMS

Text (SMS) scams “smishing” is a phishing attempt using text messages with the goal of obtaining your bank account number and/or other personal/sensitive information. CIT Bank customers can sign up to receive SMS text alerts on their accounts. If you’ve signed up to receive SMS text alerts on your account(s) and receive a text message on your mobile device that you were not expecting or were uncertain that it came from CIT Bank, please delete it immediately and DO NOT call the telephone number or open any links in the message. Use known phone numbers (855-462-2652). This type of message may be an attempt to obtain your bank account number fraudulently.

Back to top

Email

If you receive an e-mail claiming that your access to "Online Services" with CIT Bank has been suspended, know that it is false and was NOT sent by CIT Bank.

If you receive an email claiming to be from CIT Bank, telling you that your access has (or will be) suspended, please DO NOT open it or click any of the links inside. Promptly delete the e-mail or mark it as "Spam."

Remember, we will never send you an e-mail requesting sensitive account information.

If you believe that you've been the victim of online fraud or identity theft, please notify us by either calling toll-free at 855-462-2652 Monday through Friday, 8 a.m. to 9 p.m., Saturday, 9 a.m. to 5 p.m. and Sunday, 11 a.m. to 4 p.m. or e-mail us at privacyemail@cit.com. Please include your name, e-mail address, telephone number and a detailed description.

Back to top

Caller ID Spoofing

There are companies engaging in telemarketing activities that will spoof (or manipulate) the caller ID to make it appear that the call is coming from CIT Bank. These companies are performing this illegal activity for purposes of enticing the called party to pick up the phone, after which they proceed to pitch the service they are offering. We encourage any customer receiving this type of call or any other suspicious call in which the caller claims to be a representative of CIT Bank to ask for the name of the caller and then contact our Call Center toll-free at 855-462-2652.

If you receive a suspicious call from someone claiming to be from CIT Bank, please be vigilant and follow the guidelines below:

  1. Do NOT provide any personal information to these callers.
  2. Contact CIT Bank toll-free at 855-462-2652.

Back to top

Back to fraud and security
Selected products ()
Product
APY**
Minimum balances
Available as IRA
Available as Custodial
APY**
Minimum balances
Available as IRA
Available as Custodial