• How We Protect You
  • Protect Yourself
  • Report Fraud
  • Resources

How We Protect You

Security Reminder: Never provide personally identifiable information (Social Security Number, Account Number, etc.) in response to an e-mail. For security purposes, City Bank will not contact you for this information over the phone or through unsecured e-mail. And if we direct you to login, we will always send you to our homepage at

City Bank takes a layered approach to help protect your accounts and your identity. Every time you sign on to City Bank Online Banking you will see your Personal Security Image and Security Phrase. These settings - customized by you - let you know that you are at the City Bank Online Banking site and not an imposter site. In addition, we will ask you to answer a Security Question that only you should know the answer to if you are attempting to sign on from a computer that we do not recognize in order to help verify your identity. These security questions are asked periodically as an additional layer of security.

How does it work?

This security feature adds a dual-layer of protection to your online account.

  • You'll know you're at the authentic City Bank Online Banking site when you see the Personal Security Image you selected.
  • And we'll know it's really you trying to access your account by identifying the computers you normally use to log into your account.  If we don't recognize your computer, we'll ask a question only you should know the answer to in order to verify your identity.

Do I need to sign up for this added security feature?

No, when you first register with City Bank Online Banking, after entering your User ID, you will be prompted to select your new Personal Security Image and Questions.

E-mail Correspondence

When we receive your e-mail address when you apply for a product or service or contact us online, we will retain that address to facilitate communication, provide you with information about your account, complete a service you have requested and better serve you. We will not send particularly sensitive information such as account numbers or social security numbers in an e-mail. When you give us your e-mail address we may allow you to choose not to receive e-mail from us that primarily contain marketing messages on our products or we may provide a way for you to tell us to stop sending such e-mail in any e-mail messages we send. The contents of your messages to City Bank will be retained for quality assurance and to meet regulatory and legal requirements. Please refer to our Consumer Privacy Policy Disclosure for information about how we maintain and use information about you, including your e-mail address.

We do not sell or share your e-mail address with third parties to use to independently market you for their products.

Protect Yourself

Protect Yourself from Identity Theft & Fraud Attacks.

    Password Tips 

    • Select passwords that are not obvious. Avoid using personal information as passwords, such as your last name or birthday. Also, avoid using the same user ID and password for multiple web sites.
    • Do not write or post user IDs, passwords or other sensitive information.
    • Remind your users to frequently change their passwords and not to share user IDs or passwords.
    • Prevent unauthorized persons from using your computer by logging off or locking your workstation when you leave the area.

    Anti-Virus Software and Download Tips 

    • Scan any software downloaded from the internet for viruses before installation.
    • Ensure your computer's operating system and software is updated on a regular basis.  Consult with your company's IT professional for assistance.
    • Use anti-virus and anti-malware software, and keep the software up-to-date.

    Social Engineering

    In a social engineering attack, an attacker uses human interaction to manipulate a person into providing them information. People have a natural tendency to trust. Social engineering attacks attempt to exploit this tendency in order to steal your information. Once the information has been stolen it can be used to commit fraud or identity theft.

    Criminals use a variety of social engineering attacks to attempt to steal information, including:

    Website Spoofing

    Website spoofing is the act of creating a fake website to mislead individuals into sharing sensitive information. Spoof websites are typically made to look exactly like a legitimate website published by a trusted organization.

    Prevention Tips:

    • Pay attention to the web address (URL) of websites. A website may look legitimate, but the URL may have a variation in spelling or use a different domain.
    • If you are suspicious of a website, close it and contact the company directly.
    • Do not click links on social networking sites, pop-up windows, or non-trusted websites. Links can take you to a different website than their labels indicate. Typing an address in your browser is a safer alternative.
    • Only give sensitive information to websites using a secure connection. Verify the web address begins with “https://” (the “s” is for secure) rather than just “http://”.
    • Avoid using websites when your browser displays certificate errors or warnings.


    Phishing is when an attacker attempts to acquire information by masquerading as a trustworthy entity in an electronic communication. Phishing messages often direct the recipient to a spoof website. Phishing attacks are typically carried out through email, instant messaging, telephone calls, and text messages (SMS).

    Prevention Tips:

    • Delete email and text messages that ask you to confirm or provide sensitive information. Legitimate companies don’t ask for sensitive information through email or text messages.
    • Beware of visiting website addresses sent to you in an unsolicited message.
    • Even if you feel the message is legitimate, type web addresses into your browser or use bookmarks instead of clicking links contained in messages.
    • Try to independently verify any details given in the message directly with the company.
    • Utilize anti-phishing features available in your email client and/or web browser.
    • Utilize an email SPAM filtering solution to help prevent phishing emails from being delivered.

    Browsers and Encryption

    City Bank's standards are among the highest on the Internet. For accessing our secure applications, such as City Bank Online Banking, City Bank requires that your browser supports SSL and 128-bit. It is important that you regularly update your browser in order to ensure that you are protected from the latest security vulnerabilities.

    Clearing Your Internet Browser's Cache and History

    To ensure your privacy, we recommend that you clear the Internet browser's cache and history after visiting any City Bank web site. Internet browsing software, such as Microsoft Internet Explorer and Netscape, stores or "caches" content of web sites visited during online sessions to display pages previously viewed more quickly. Additionally, the Internet browser's history list tracks web site addresses you visit. Clearing your browser's cache and history ensures that other people using the computer (particularly public computers) do not have access to your session information.

    Additional Online Business Security Tips

    Internal Controls

    • Maintain appropriate internal controls, including segregation of duties.  For example, have different people involved in reconciling accounts from those making payments. One important step you can take to improve your controls is by requiring one user to set-up or initiate online payments and another to approve such payments.
    • Perform a periodic risk assessment and evaluation of your own internal controls, including reviews of your users and the permissions you grant them.
    • Regularly review your transactions and statements to detect unauthorized activity. Details of your transactions are promptly posted and available on City Bank Online. It can be very useful to monitor and control transactions--including those originating online and through other channels, such as checks you've written or withdrawals you've made. 
    • City Bank Online Cash Management offers an online Positive Pay Service to help you monitor and control checks clearing against your accounts.
    • There are also, several internal control you can have set up within Cash Management that add layers of security. These include:
    • Automatic E-mail Notifications for initiated ACH Batches.
    • Tokens
    • IP Address Restrictions
    • Access time Restrictions

    Report Fraud

    I think I'm a victim.

    If you suspect that your personal and/or financial information has been compromised, City Bank recommends that you call us immediately. The sooner we know what's happened, the sooner we can begin helping you. Please call us now.

    This includes:

    • Personal Identifiable Information – such as Social Security or Tax ID #
    • Debit Cards (lost or stolen)
    • Online User ID's or passwords

    City Bank Fraud

    806-792-7101 ext. 2425 Or 1-800-OUR-BANK

    City Bank Debit Card

    806.792.7101 ext. 2205 Or 1-800-OUR-BANK

    City Bank Online Banking

    806.792.7101 ext. 2233 Or 1-800-OUR-BANK

    City Bank also recommends taking these additional steps to report identity theft and fraud

    Notify the authorities about the identity theft and fraud

    It is recommended that you file a police report where you suspect the identity theft and fraud occurred. The local police station may not have an "identity theft" report per se, but ask if you can file a "miscellaneous incident" report. It is critical that you either obtain a copy of this report or get a copy of the report's number.

    You can also file a report with the Federal Trade Commission, a government agency charged with protecting consumers. Although they are not a law enforcement agency, they can share your identity theft report with law enforcement agencies for investigation purposes.

    Federal Trade Commission - consumer complaints: or 1-877-IDTHEFT

    Notify your other financial institutions

    Although your other accounts may not be compromised, it is recommended that you make your other financial institutions aware of your identity theft. In case your problem is more widespread than you originally thought, they can place a fraud alert on your accounts and monitor for unusual activity.

    Contact the credit bureaus

    There are three main credit reporting agencies in the U.S.: Equifax, Experian (formerly TRW) and TransUnion. They compile reports on an individual's credit history, such as how many credit accounts they have, the dollar amounts of these accounts, and an assessment of the individual's payment history (good or bad).

    If you suspect identity theft and fraud, it is critical that you:

    • Contact one of the credit reporting agencies
    • Place a fraud alert with them

    They will notify the other two agencies. You will receive a confirmation in the mail that a fraud alert has been placed with all three of them.

    Credit BureauWeb SiteFraud Line


    National Cyber Security Alliance

    US-CERT - Cyber Security Tips

    Federal Trade Commission - Privacy & Security

    Deter, Detect, and Defend Against Identity Theft

    BBB Data Security - Made Simpler

    Bureau of Consumer Protection - Data Security