• Privacy & Security

  • OneWest Bank is committed to safeguarding your personal information. Click the links below to understand how we may collect and use your information.

    Last update: December 2018

    Download Privacy Notice

    Why? Financial companies choose how they share your personal information. Federal law gives consumers the right to limit some but not all sharing. Federal law also requires us to tell you how we collect, share, and protect your personal information. Please read this notice carefully to understand what we do.

    The types of personal information we collect and share depends on the product or service you have with us. This information can include:

    • Social Security number and income
    • account balances and payment history
    • credit history and credit scores
    • transaction or loss history
    • overdraft History

    When you are no longer our customer, we continue to share your information as described in this notice.

    How? All financial companies need to share customers’ personal information to run their everyday business. In the section below, we list the reasons financial companies can share their customers’ personal information; the reasons CIT chooses to share; and whether you can limit this sharing.
    Reasons we can share your personal information Does CIT share? Can you limit this sharing?
    For our everyday business purposes - such as to process your transactions, maintain your account(s), respond to court orders and legal investigations, or report to credit bureaus Yes No
    For our marketing purposes - to offer our products and services to you Yes No
    For joint marketing with other financial companies No We don't share
    For our affiliates' everyday business purposes - information about your transactions and experiences Yes No
    For our affiliates' everyday business purposes - information about your creditworthiness No We don't share
    For non-affiliates to market to you No We don't share
    • For CIT Bank, N.A. call: 1.855.462.2652
    • For OneWest Bank, a division of CIT Bank, N.A. call: 1.888.846.3433
    • For CIT Bank Residential Servicing call: 1.800.781.7399
    Who we are
    Who is providing this notice? CIT Bank, N.A. and its OneWest Bank and CIT Bank Residential Servicing divisions.
    What we do
    How does CIT protect my personal information? To protect your personal information from unauthorized access and use, we use security measures that comply with federal law. Measures include computer safeguards and secured files and buildings.
    How does CIT collect my personal information?

    We collect your personal information, for example, when you:

    • open an account or make deposits
    • pay your bills or apply for a loan
    • provide account information
    • use your debit card

    We also collect your personal information from others, such as credit bureaus, affiliates, or other companies.

    Why can't I limit all sharing?

    Federal law gives you the right to limit only:

    • sharing for affiliates' everyday business purposes - information about your creditworthiness
    • affiliates from using your information to market to you
    • sharing for nonaffiliates to market to you

    State laws and individual companies may give you additional rights to limit sharing. See below for more on your rights under state law.

    Affiliates None.
    Nonaffiliates Companies not related by common ownership or control. They can be financial and nonfinancial companies.
    • We do not share with nonaffiliates so they can market to you.
    Joint marketing A formal agreement between nonaffiliated financial companies that together market financial products or services to you.
    • We do not have joint marketing partners.

    Other important information

    California residents: In accordance with California law, we will not share nonpublic personal information about you with our affiliates or any nonaffiliated third party, other than permitted by law, unless we receive your consent.

    Vermont residents: In accordance with Vermont law, we will not share nonpublic personal financial information about you with our affiliates or any nonaffiliated third party, other than permitted by law, unless we receive your consent.

    Nevada residents: Nevada law requires that we provide you with the following contact information regarding "do-not-call" lists: (a) Bureau of Consumer Protection, Office of the Nevada Attorney General, 555 E. Washington St., Suite 3900, Las Vegas, NV 89101; Telephone 702-486-3132; email: BCPINFO@ag.state.nv.us; and (b) If you wish to be placed on our internal "do-not-call" list contact CIT Bank, N.A., P.O. Box 7211, Pasadena, CA 91109-7311; Telephone: 800-669-2300; email: Privacy.Questions@cit.com

    The USA PATRIOT Act, a federal law, requires all financial institutions to obtain sufficient information to verify your identity when creating a new banking relationship. You may be asked several questions including your name, address, date of birth, Social Security number or other government-issued identification number, and to provide one or more forms of identification to fulfill this requirement. In some instances, we require other identifying documents and/or use a third party information provider for verification purposes. Our established Privacy Policy helps protect your personal information

    At OneWest Bank we're committed to securing your personal information.

    Last Updated: March 2018


    CIT Group Inc. and its affiliates (collectively "CIT," "we," "us," or "our") respect your privacy and are committed to treating and using Personal Information (as defined below) about you responsibly.

    This Online Privacy Policy ("Policy") explains CIT's online practices to collect, use and share Personal Information from or about you except as otherwise provided in this Policy. This Policy applies both to any CIT site and/or mobile application that links to this Policy (such sites and/or mobile applications, and all activities thereon, constituting "the Services"). This Policy applies regardless of what computer or device ("computer") you use to access the Services.

    Throughout this Policy, we refer to nonpublic personal information that can directly and without additional information identify you or your accounts as "Personal Information." "Personal Information" includes information such as your name, address, email address, or phone number and other information that is not otherwise publicly available (such as your date of birth, Social Security number and financial information). Please read this Policy carefully. When you visit this site you consent to the terms of this Policy and the information described herein.

    Any dispute related to this Policy will be governed by our Terms of Use.

    If you have a financial product or service with us, we will use and share any information that we collect from or about you in accordance with our Consumer Privacy Notice.

    Back to top

    Personal information we collect

    We collect Personal Information from and about you in order to identify you as our customer, establish and manage customer accounts (including collection activity), complete customer transactions and understand our customers and their needs. We also collect this information to improve how we market products and services, learn about our markets and design and improve our products and services. Furthermore the collection of this information helps us to comply with legal and regulatory requirements, and protect the rights, property, or safety of CIT, its employees, customers, visitors to the Services, and others.

    We may also collect Personal Information from you if you

    1. apply for employment through the Services (which may include your name, address, references and employment history)
    2. use the Services to check the status of your accounts (such as your name, account number and login password); and
    3. send us an email to inquire about your account or to request information (such as your name, email address and any other Personal Information you supply in your message).

    Back to top

    How we use the Personal Information we collect

    We may use the Personal Information that you provide to us as follows:

    1. if you apply for a job, to consider you for the position and to contact references (please note that your references may be contacted without prior notice to you); or
    2. if you apply for credit, to assess your creditworthiness including retrieving credit reports and to approve or reject your application; or
    3. to respond to inquiries you may have about your account and other related matters; or
    4. if you send us an email for information, to reply to your request.

    Back to top

    How we may share Personal Information you provide to us

    Please see the CIT Consumer Privacy Notice for information on how Personal Information may be shared.

    Unless our Consumer Privacy Notice provides otherwise CIT may share your Personal Information under the following circumstances:

    Affiliates: We may share your name, address and information about your transactions and experiences with us (such as your payment history or other facts about your account) with our affiliates.

    Agents and service providers: To establish, administer, and manage our customers' accounts, evaluate credit, provide customer service and benefits, process account transactions and account statements, engage in collections activities, or process job applications, we may disclose your Personal Information to companies that work with us to perform services or business operations on our behalf. We may also share your Personal Information with companies that perform marketing services on our behalf, or with other financial institutions (including insurance companies) with whom we have joint marketing agreements.

    Nonaffiliated third parties: In certain instances, we are permitted or even required to disclose your Personal Information to nonaffiliated third parties. For example, reporting your transaction history and information with us to credit reporting agencies, responding to regulators or auditors, to protect against fraud, or to provide information in connection with proposed or actual business transactions involving CIT companies or accounts. We may also disclose your Personal Information to third parties when legally compelled to do so, such as to comply with the law, to enforce our terms of use, or to protect the rights, property, or safety of CIT, its employees, customers, visitors to these Services, and others. Please be aware that these disclosures are permitted by law without your consent.

    Other third parties: We may also share, as permitted by law, or unless our Consumer Privacy Notice provides otherwise, your Personal Information with other third parties with whom we do not have joint marketing agreements, such as other financial services providers, insurance companies, or with nonfinancial companies such as service organizations, retailers, travel services and direct marketers. We require these companies to adhere to CIT's confidentiality standards with respect to your Personal Information.

    USA Patriot Act Section 326 compliance: When you open an account with us, we will ask for your name, address, and other identifying documents such as your driver's license, that will allow us to identify you. We do this to help the government fight the funding of terrorism and money laundering activities. U.S. federal law requires all financial institutions to obtain, verify and record information that identifies each person who opens an account.

    Business transfers: As we develop our business, we may sell or buy businesses or assets, or be involved in mergers or other corporate reorganization. In transactions such as these, your Personal Information may be shared in connection with any of the foregoing types of transactions, even prior to the existence of a final, binding, agreement to buy, sell, merge, or reorganize.

    Back to top

    How we protect the confidentiality and security of your Personal Information

    CIT uses reasonable measures to protect Personal Information from unauthorized access, deletion or alteration. In addition, we have physical, electronic, and procedural safeguards to protect your Personal Information. As part of our security practices, CIT does not send requests for Personal Information to our customers. Any Personal Information you request CIT to send you via email, such as your account balance, is encrypted. However, standard email communications are not. Therefore, you should not transmit your Personal Information to us through email. Please note that no company can guarantee perfect online security, and please remain careful and vigilant in your online activities.

    Back to top


    CIT operates general audience online Services that are accessible to the public. These Services are not intended for visitors under 18 years of age. We do not knowingly market our products or services to children, nor do we knowingly collect Personal Information from children.

    Back to top

    Information we automatically collect (not Personal Information)

    When you visit or browse our Services, we may collect information such as your Internet Protocol or "IP" address, the "URL" of the web pages you visit, and we may use "cookies," web beacons, or other objects to collect statistical and other information about your use of our Services. The purpose of collecting this information is to improve the effectiveness of our Services and product offerings. The collected information may include, for example, information about your computer, its unique identifiers, and its configuration, the web pages you visited or mobile applications used; the date and time of your visit; the websites you visited immediately before and after visiting our web site; your language preference; demographic and/or location-based information; and the popularity of various advertising words and phrases used by us. The collection of this information allows for the compilation of aggregate and anonymous information about the usage of our Services, and can help us improve your use of our Services, for example, providing quick login, streamlining site navigation and maintaining up-to-date content for all users. Should you configure your browser to reject cookies, you may disable some of our Service's features.

    Back to top

    Online Behavioral Advertising, "Cookies", and Similar Technologies

    CIT and our digital partners (e.g. ad network or agency) may use cookies, mobile advertising identifiers, and other information for the purposes of delivering tailored advertising to you on third-party websites.

    Cookies are pieces of data stored by your browser. They are used by web servers to uniquely distinguish your browser from all others and remember your browser over time, including preferences and other information. Cookies are associated with particular web domains and are transmitted to a web server when your browser opens a page or sends a network request to that domain. We and our partners may also use web beacons with or without cookies for various purposes, including analytics and targeting interest-based advertising. Web beacons are small image files that are loaded when a web page or other online resource is processed by your browser (including when emails are opened). For mobile applications, advertising identifiers set by the device are used, together with other information, to generate usage analytics and target ads.

    If you click on one of our ads on a third-party website, cookies may also be used to track the effectiveness of our online advertising and for the purposes of delivering ads that may be relevant to you in the future.

    You can opt-out of having our partners use your web browsing behavior for purposes of serving interest-based advertising by opting out here.

    Please note this opt-out works via cookies, so if you delete cookies, use a different device, or change web browsers, you will need to opt-out again.

    You may still see some of our untailored ads, but these will not be served to you based on your inferred interests or web browsing activity on our CIT websites.

    Back to top


    We currently do not employ technology that changes how our servers treat your browser if our servers receive a "do-not-track" signal from your browser.

    Back to top

    Changes to this Policy, and contact information

    CIT may update this Policy from time to time. CIT may notify you of an update to this Policy by any reasonable means, including by email, online account notification, mobile application pop-up, or regular mail. You agree that if you choose to continue to use the Services after CIT sends you such an e-mail, online account notification, mobile application pop-up, or regular mail (allowing one week from the sent date for delivery of regular mail), you are bound to the most recent version of the Policy. You should periodically check the effective date at the top of this Policy to be sure that you are aware of the most recent version of this Policy and the important information described in it.

    Back to top

    If you have questions about this Online Privacy Policy, please email us at privacy.questions@cit.com.

    Back to top

    If you receive a suspicious call, text or email, reach out to us at 1-877-741-9378 or visit your branch.

    At OneWest Bank, we are committed to the security of your financial information. However, you must also take every step to ensure the safety and privacy of your information. In order to help educate you on identity theft, online fraud and lottery scams on all fronts, we've detailed the major threats on the Internet today, as well ways to take action to both prevent and manage these issues if they occur.

    Regulatory and government agencies are warning about a continued and significant increase in BEC scams. Fraudsters have tried to steal billions of dollars from businesses, posing as company executives and ordering huge wire transfers. These scams can be in the form of emails, phone calls or texts. Many of the attempts are targeted to specific individuals or business functions (e.g., Payroll, HR, Accounting) and appear to be about everyday business processes. A common tactic is to convey a sense of urgency and/or secrecy. Often, the emails arrive late in the day, just before a holiday or weekend, or when the purported sender is out of the office. If you receive an email that appears suspicious, be sure to check the authenticity of the email prior to performing any wire transfers. Any suspicious email that you have questions about can be directed to the CIT Antifraud Group, by emailing AntifraudGroup@cit.com or calling 1.973.740.5722.

    10 Secure Mobile Banking Tips:

    1. Risk: Mobile devices without passwords:

      Mobile devices often times do not use passwords to authenticate users and control their access.

      Protecting yourself:

      Enable user authentication: Ensure your device is configured in a way that forces the use of "Passwords and Personal Identification Numbers (PINs)" to gain access. The password field should also be masked to prevent casual viewing. Consider activating idle-time screen locking. This will force the need to have proper credentials being granted access to your information.

      Enable auto-wipe feature after excessive password failures.

    2. Risk: Near Field Communications (NFC) broadcast the presence of your mobile device.

      Mobile devices sometimes have NFC enabled to permit the exchange of information directly between two devices. This exchange of information between two devices can happen between you and a trusted friend or between you and a criminal, allowing them to capture the sensitive personal information stored on your device.

      Protecting yourself:

      At a minimum, follow these simple instructions: (1) Read the fine print that comes with your NFC-enabled device and applications; (2) Ensure that you apply software updates to your device in a timely manner; and (3) When not using your NFC capability, be sure to turn it off.

    3. Risk: Clicking on a banking link received in a text message or email:

      Be suspicious of any URL links that you may receive from the bank sent via text message or email. Links received in this fashion can be very dangerous, redirecting you to malicious websites owned by cyber-criminals.

      Protecting yourself:

      Enter the bank's web address into your mobile device and bookmark the link. Then use this link instead of the one that was sent to you. Using this technique will prevent you from being tricked into going to fake websites. Also, be sure not to send sensitive or personal information such as account information or password in a text message or email.

      Important Tip:

      Here are two ways to ensure validity of the links:

      1. Hover your mouse over URL links to determine its validity prior to clicking on it. Or,
      2. Copy the link into your browser; the part of the URL you don’t see will be copied and any potentially hidden malicious site URL will be revealed
      Important Note:

      At times CIT will send out emails that include URL links to our company websites www.cit.com, www.bankoncit.com and www.onewestbank.com. The emails will come from donotreply@bankoncit.com or donotreply@owbmail.com.

    4. Risk: Failure to delete all sensitive information from devices that are no longer in use.

      Leaving the names of banks or credit unions, passwords, or other personal information on your device could result in identity theft.

      Protecting yourself:

      You must delete the data from your old phone before disposing or passing it on to another person. The easiest way to accomplish this is to wipe the device by performing a factory reset and then entering fake data to overwrite any traces of the original data. Follow the instructions provided by you device manufacturer to accomplish this process prior to disposing of the device.

    5. Risk: Downloading applications from unofficial sites that contain malicious software.

      It is not uncommon for consumers to inadvertently download applications that are disguised as useful programs, but in reality, contain malware that serves the intent of the cyber-criminal.

      Protecting yourself:

      Be sure that your application is sanctioned by the bank prior to downloading and installing it. Follow your device's software update procedures to verify the application's signature and to confirm the package is authentic and complete.

      Download mobile apps only from reputable sites:

      • iOS: App Store
      • Android: Google play and Amazon App Store

      For Android users, evaluate apps before installing. Look at the number of downloads, read customer reviews and look at the app's rating; if low, be suspicious as this means there has not been thorough vetting of the app (e.g., for security issues, functionality, etc.). Be aware of what permissions an app has access to (e.g., location, contacts, photos, camera, microphone); be suspicious of requests for excessive access (e.g., does a game app really need access to your contact list or the ability to send text messages?)

    6. Risk: Loss of Mobile device:

      Losing a mobile device can potentially result in divulging your sensitive information to thieves.

      Protecting yourself:

      Install tracing and remote deletion software will help you find the device's location in the event it is ever lost or stolen. Also, if plausible, install software that permits you to perform remote deletion. You should also consider leveraging the device's locking capabilities depending on the device you will need to trace a pattern, or insert a Personal Identification Number (PIN) into your phone to enable the device locking feature. This added layer of security will slow a criminal down long enough for you to disable you bank account before any unauthorized access occurs.

    7. Risk: Mobile devices without security software installed:

      Mobile devices need to have security software to protect against malicious applications and spyware. At times, these devices do not come pre-installed with the appropriate security software or users fail to install the security software.

      Protecting yourself:

      Install Anti-Malware Capability: Users should ensure that appropriate software is installed and enabled on their mobile device to protect against unwanted email attachments, voice messages, and text messages as well as malicious applications, viruses, and spyware.

    8. Risk: Out-of Date Operating System:

      Security patch updates on operating system and third party applications can sometime take weeks before these are provided to, and installed by users. Jailbreaking (iOS) and rooting (Android) provide the user with additional access to circumvent mobile device security controls. For certain mobile devices, rooting and jailbreaking allow the user to download applications from untrusted sources, which may introduce malware onto the device.

      Protecting yourself:

      Your mobile device can be configured to automatically update to the latest operating system version. Follow the instructions that come with your device so that you can ensure these updates are transmitted promptly. Avoid jailbreaking or rooting your mobile device.

    9. Risk: No restrictions on Internet Connections.

      By not limiting the ports that can be used by a device, you may permit a potential criminal to enter the device through an unsecure access point.

      Protecting yourself:

      Install Anti-Malware Capability: Users can install a mobile personal firewall. When this software is installed appropriately, the programs will enable the mobile device to protect against unwanted email attachments, voice messages, and text messages; as well as, malicious applications, viruses, and spyware.

    10. Risk: Connection to an Unsecured Wi-Fi Network.

      Public network connections are notoriously not very secure. When using Wi-Fi networks, users become susceptible to the Man-in- the-Middle attacks (MITM) where criminals eavesdrop on the network connection. When this happens, users are at risk of their personal information being viewed and/or stolen.

      Protecting yourself:

      Do not participate in banking activities while connected to a public network. It is better to disable Wi-Fi and switch to the cellular network when handling personal banking transactions or look into setting up a Virtual Private Network (VPN) that encrypts your Wi-Fi connections.

    Be aware of Phishing Website Scams

    OneWest Bank has created this webpage to inform and warn consumers about a type of fraud called "phishing." The term "phishing" - as in fishing for confidential information - refers to a scam that encompasses fraudulently obtaining and using an individual's personal or financial information. This is how it works:

    • A consumer receives an e-mail that appears to originate from a financial institution, government agency, or other well-known/reputable entity.
    • The message describes an urgent reason you must "verify" or "re-submit" personal or confidential information by clicking on a link embedded in the message.
    • The provided link appears to be the Web site of the financial institution, government agency or other well-known/reputable entity, but in "phishing" scams, the Web site belongs to the fraudster/scammer.
    • Once inside the fraudulent Web site, the consumer may be asked to provide Social Security numbers, account numbers, passwords or other information used to identify the consumer, such as the maiden name of the consumer's mother or the consumer's place of birth.
    • When the consumer provides the information, those perpetrating the fraud can begin to access consumer accounts or assume the person's identity.

    Recently, criminals have been using the OneWest Bank's name and reputation to perpetrate various "phishing" schemes. It is important to note that OneWest Bank will never ask for personal or confidential information in this manner. One “phishing” scheme was perpetrated using the following domain name: www.onewstbk.com

    Please do not attempt to transact any business or submit any personal information through the above web site.

    Any genuine OneWest Bank communication will only utilize links to the official OneWest web page located at www.onewestbank.com Any genuine link will commence with that URL as in the example below:

    Phishing Website Scam

    If you click on a link that takes you to a website whose address begins with something else, or which includes apparent abbreviations of our bank name, it’s not a genuine OneWest Bank site – even if it looks familiar. You should refrain from using any links or information found at such fraudulent sites. Look for:

    • Anti-malware warning when trying to access a web page.
    • No lock icon in the address bar and/or URL does not start with https.
    • Observe the overall look and feel of the site - be cautious if there appears to be random content on the site or links that appear to access unrelated content (e.g., a bank site with links to pharmaceuticals).

    If you suspect an e-mail or Web site is fraudulent, please report this information to OneWest Bank, using this number 1.877.741.9378. If you suspect that you have been a victim of identity theft, perhaps because you submitted personal information in response to a suspicious, unsolicited e-mail or you see unauthorized charges on your credit card, immediately contact OneWest Bank and, if necessary, close existing accounts and open new ones. Also contact the police and request a copy of any police report or case number for later reference. In addition, call the three major credit bureaus (Equifax at 800-525-6285, Experian at 888-397-3742 and TransUnion at 800-680-7289) to request that a fraud alert be placed on your credit report.

    Your online security is always a priority to OneWest Bank.
    Given the recent news of the Bash "Shellshock" bug, we want you to know what we're doing to protect your information.

    First, what is the Bash Shellshock Bug?
    The Shellshock bug refers to a coding flaw housed in utility program called "Bash," which affects computers and websites running operating systems such as Mac OS and Linux. Bash enables computer programs to connect, and one of its chief uses is in connecting web server software to underlying operating systems. It also enables individual computers to execute commands like "run my Web browser" and "open this application," etc. Generically, programs like Bash are called "shells," and that's how the bug was given its name.

    Bash has been in use all over the world for well over 20 years, but in September 2014, it was discovered that modifications to the code in the early 1990s inadvertently created a flaw that allows malicious code execution to take over an operating system and access confidential information. As a result, lots of companies with an internet presence are potentially at risk from the Shellshock bug. Certain personal computers may also be at risk.

    What is OneWest Bank doing about it?
    OneWest is using both automated and manual protocols to detect Bash vulnerabilities in our own systems and swiftly deploy the appropriate patches. We are also working with our vendors to detect and eliminate vulnerabilities.

    What should I do?
    There are two things you can do to protect yourself, and they are not new:

    First, the best way to limit your exposure to computer bugs that target internet-based activity is to have different passwords for different websites, and to make those passwords appropriately complex, using upper- and lower-case letters, numbers and if allowed, symbols. Change your passwords periodically.

    Second, it's always wise to watch for and promptly implement operating system updates or patches designed to enhance security. Bash is used in personal computers running the Mac operating system, though Apple has explained that OS X is safe for all but those running advanced Unix services. A patch is coming for those users, according to Apple. Bash is not native to Windows-based computers, but there is a window-based version in use on some machines, that is reportedly vulnerable. So stay up to date on security patches for your machine(s)!

    Why you can feel confident.
    We're serious about security. Your online account with OneWest Bank is protected with a sophisticated information security program. Our multi-layered defense system consists of preventive, detective and response controls managed by a team dedicated to tracking threats such as the Shellshock bug.

    We are vigilantly monitoring this situation and will take additional steps, as needed, to guard against the Shellshock bug and safeguard your information.

    Calls Claiming to Come from OneWest Bank’s Security Department:

    Recently, some of our customers have received telephone calls featuring a recorded message that claims to be from OneWest Bank’s Security Department. The recorded message asks the called party to enter their debit card number. These calls are not from OneWest Bank. The imposters placing these calls are engaging in a practice known as "vishing" or "voice phishing," through which they attempt to obtain a called party’s debit or credit card and security information.

    Do not become a victim! If you receive a call like the one described above, or any other suspicious phone call inquiring about your account(s) with OneWest, do not provide your card number(s) or security information. If you have any questions, please contact our Customer Call Center (at 1.877.741.9378) or use our branch locator to contact your local branch to report such activities.

    We are aware that there are companies engaging in telemarketing activities that will spoof (or manipulate) the caller ID to make it appear that the call is coming from OneWest Bank. These companies are performing this illegal activity for purposes of enticing the called party to pick up the phone, after which they proceed to pitch the service they are offering. We encourage any customer receiving this type of call or any other suspicious call in which the caller claims to be a representative of OneWest to ask for the name of the caller and then contact our Call Center (at 1.877.741.9378) or use our branch locator to contact their local branch to report such activities.

    If you receive a suspicious call from someone claiming to be OneWest Bank, please be vigilant and follow the guidelines below:

    1. Do NOT provide any personal information to these callers
    2. Contact OneWest Bank at 1.877.741.9378
    3. OneWest Bank has filed a complaint with Federal Communications Commission (FCC) reference #14-T01346568 and will add the information you provide to our complaint.
    4. Customers can also file a complaint with the FCC, directly. The FCC can be reached at 1-888-CALL-FCC (888-225-5322) or www.fcc.gov/complaints (you can reference OneWest’s complaint ID # within your complaint to the FCC).

    Your online security is always a priority to OneWest Bank.
    Given the recent news of the Heartbleed bug, we want you to know what we're doing to protect your information.

    First, what is the Heartbleed Bug?
    The Heartbleed bug is a coding flaw that has potentially exposed information on some web sites, including user names and passwords.

    The best thing to do...
    This site is not vulnerable to Heartbleed. However, it’s a good idea to change your password regularly and turn on your Online Banking account alerts. Those, along with other online account tools, will add another layer of coverage to your account.

    Why you can feel confident.
    We're serious about security. Your online account with OneWest Bank is protected with a sophisticated information security program. Our multi-layered defense system consists of preventive, detective and response controls managed by a team dedicated to tracking threats such as the Heartbleed bug.

    You can be confident we are vigilantly monitoring this situation.

    Updated July 18, 2011

    The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of fraudulent emails that have the appearance of being from the FDIC.

    The emails appear to be sent from various "@fdic.gov" email addresses, such as "protection@fdic.gov," "admin@administration.fdic.gov," or "service@admin.fdic.gov." The messages have various subject lines that read: "Update for your banking account" or "ACH and Wire transfers disabled," and "Banking security update."

    The fraudulent emails are addressed to "Dear clients" and state "Your account ACH and Wire transactions have been temporarily suspended for your Security, due to the expiration of your security version. To download and install the newest Updates, follow this link. As soon as it is set up, your transaction abilities will be fully restored." The message concludes with, "Best regards, Online security department, Federal Deposit Insurance Corporation."

    An example of a fraudulent FDIC e-mail can be seen below:

    Fraudulent FDIC Emails

    These emails and links are fraudulent and were not sent by the FDIC. Recipients should consider the intent of these e-mails as an attempt to collect personal or confidential information, or to load malicious software onto end users' computers. Recipients should NOT access the link provided within the body of the emails and should NOT, under any circumstances, provide any personal financial information through this media.

    Financial institutions and consumers should be aware that other subject lines and modifications to the e-mails may occur over time. The FDIC does not directly contact consumers in this manner nor does the FDIC request personal financial information from consumers.

    For more information about these fraudulent emails, click here to view the FDIC consumer alert website.

    A recent text message (SMS) scam has been identified in the banking industry in which online banking customers receive fraudulent text messages claiming to be from their financial institution.

    If you recently received the text message below on your mobile device, please delete it immediately and DO NOT call the telephone number or open any links. This message is an attempt to obtain your bank account number and was not sent by OneWest Bank.

    Fraudulent Text Message:
    Customer Issue, Bank of the West Service frozen, please call at 562-923-9916.

    If you believe that you've been the victim of online fraud, identity theft or a lottery scam, please notify us by either calling 1.877.331.3785 Monday through Friday, 8:00 a.m.– 9:00 p.m. (EST) or e-mail us at privacyemail@owb.com.

    Please include your name, e-mail address, telephone number and a detailed description.

    Don't be fooled by this e-mail scam!

    If you recently received the e-mail below claiming to be from IndyMac, please delete it immediately and DO NOT click on any links. This e-mail was not sent from IndyMac Mortgage Services or OneWest Bank, and it is an attempt to steal your personal information.

    Remember, we will never send you an e-mail with sensitive account information.

    An example of the fraudulent e-mail is shown below to help you identify this and other scams.

    Malware E-mail

    If you believe that you've been the victim of online fraud, identity theft or a lottery scam, please notify us by either calling 1.877.331.3785 Monday through Friday, 8:00 a.m.– 9:00 p.m. (EST) or e-mail us at privacyemail@owb.com.

    Please include your name, e-mail address, telephone number and a detailed description.

    Don't be fooled by this e-mail scam!

    You may have received a fraudulent e-mail claiming that your access to "Online Services" with OneWest Bank has been suspended. This e-mail is false and was NOT sent by OneWest Bank.

    We have effectively prevented the scam from reaching further customers, but you may still be at risk if you already received it. If you received an e-mail with the subject line "Access Suspended" claiming to be from OneWest Bank, please DO NOT open it or click any of the links inside. Promptly delete the e-mail or mark it as "Spam."

    Remember, we will never send you an e-mail with sensitive account information.

    An example of the fraudulent e-mail is shown below to help you identify this and other scams.

    OWB Scam Alert

    If you believe that you've been the victim of online fraud, identity theft or a lottery scam, please notify us by either calling 1.877.331.3785 Monday through Friday, 8:00 a.m.– 9:00 p.m. (EST) or e-mail us at privacyemail@owb.com.

    Please include your name, e-mail address, telephone number and a detailed description.

    Identity theft consists of any situation in which you have unintentionally given your information in a phishing or other identity theft scam or your information has been used by an unauthorized party to conduct transactions, business or other enterprises under your name.

    If you suspect that you may be a victim of identity theft, please contact the Federal Trade Commission immediately at http://www.consumer.ftc.gov/features/feature-0014-identity-theft or 1.877.IDTHEFT.

    Additionally, please take the following actions immediately to prevent damage to your finances and/or credit:

    1. Report it to your financial institutions. Let them know what has occurred and ask them to place fraud alerts on all your accounts. Contact OneWest Bank immediately by using the Notify Us link.
    2. Contact one of the three major credit bureaus and discuss placing fraud alerts on your file. This will help to prevent identity thieves from opening new accounts in your name:
      • Equifax: 1.800.525.6285
      • Experian: 1.888.397.3742
      • TransUnion: 1.800.680.7289
    3. Review your statements regularly to make certain all charges are correct. If your statement is late in arriving, call your financial institutions to find out why.

    We are committed to the security of your financial information. However, you must also take every step to ensure the safety and security of your accounts and transactions.

    How can I prevent identity theft?

    • Do not leave your account information where others can see or have access to it. For example, do not write down your password.
    • Do not use easy-to-guess passwords such as birth dates, first names, pet names, addresses, phone numbers or Social Security numbers (after initial registration) that can be easily obtained. Do not use a password that contains part of your online user ID, e-mail address, or a version of the word "password."
    • Do not use single words that can be found in the dictionary in any language. Strong passwords contain upper case and lower case letters, digits AND punctuation marks.
    • Never reveal or share your account access information with another person, including your builder or contractor. OneWest Bank will never ask you to confirm or provide personal information in an e-mail. Should anyone attempt to obtain your personal information, or if you have responded to one of these fraudulent e-mails, immediately contact us by using the Notify Us link.
    • At the end of your session, be sure to properly sign off by selecting "sign out" or "log off," and close your browser window. This is especially important if you are using a computer in a public location, such as an Internet café or library. Do not leave your computer unattended while you are connected.
    • For further information and practical tips from the federal government, to help protect you from Internet fraud, secure your computer, and protect your personal information, please visit http://onguardonline.gov/ and http://www.fdic.gov/quicklinks/consumers.html.

    OneWest Bank is dedicated to providing a safe, secure and protected environment in which to access your online accounts. Overall, online banking and e-commerce through OneWest are safe methods of managing your finances and mortgage, and you can trust that every transaction you make is protected. If you have questions or concerns regarding a specific contact from OneWest Bank, please let us know via our Notify Us link.

    Online fraud occurs when someone poses as a legitimate company to obtain your personal and financial information in order to illegally conducts transactions on your existing accounts. Often called "phishing" or "spoofing," the most current methods of online fraud are fake e-mails, websites and/or pop-up windows.

    OneWest Bank will never send an unsolicited request for personal information through e-mail or require customers to send personal information to us via e-mail or pop-up windows. Any unsolicited request for OneWest Bank account information you receive through e-mails, websites, or pop-up windows should be considered fraudulent and reported to us immediately via our Notify Us link.

    Fake e-mails will often:

    • Ask you for personal information. Fake e-mails often contain an overly-generic greeting and may claim that your information has been compromised, that your account has been frozen, or ask you to confirm the authenticity of your transactions.
    • Appear to be from a legitimate source. While some e-mails are easy to identify as fraudulent, others may appear to be from a legitimate address and trusted online source. However, you should not rely on the name or address in the "From" field, as this is easily altered.
    • Contain fraudulent job offers. Some fake e-mails appear to be from companies offering jobs. These are often work-at-home accounting positions which are actually schemes that victimize both the job applicant and other customers. Be sure to confirm that the job offer is from a known and trusted company.
    • Contain prizes or gift certificate offers. Some fake e-mails promise a prize or gift certificate in exchange for completing a survey or answering questions. In order to collect the alleged prize or gift certificate you may be directed to provide your personal information. Just like with job offers, be sure to confirm that prize or gift certificate is being issued from a known and trusted company.
    • Link to counterfeit websites. Fake e-mails may direct you to counterfeit websites carefully designed to look real, but which actually collect personal information for illegal use. Check the URL in your browser’s address bar to ensure you are visiting a legitimate website.
    • Link to real websites. In addition to links to counterfeit websites, some fake e-mails also include links to legitimate websites as supplements to fraudulent e-mails in order to make them appear real.
    • Contain fraudulent phone numbers. Fake e-mails often contain telephone numbers that are tied to the fraudsters. Never call a number featured on an e-mail you suspect is fraudulent, and be sure to cross-check any numbers you do call with companies you know and trust.
    • Contain real phone numbers. Some of the telephone numbers listed in fake e-mails may be legitimate, connecting to actual companies. Just like with links to legitimate websites (above), fraudsters include real phone numbers in an effort to make the e-mail appear legitimate.

    Example of a fake email:

    Fake E-mail

    Trojan horses

    These fake e-mails may also contain a virus known as a "Trojan horse" that can record your keystrokes. The virus may live in an attachment or be accessed via a link in the e-mail.

    Again, OneWest Bank customers should keep in mind that we do not request personal information via e-mail or send e-mail attachments. Never respond to e-mails, open attachments, or click on links from suspicious or unknown senders.

    If you're not sure if an OneWest Bank e-mail is legitimate, report it to us via our Notify Us link without replying to the e-mail you received.

    How is my e-mail address obtained by online fraudsters?

    E-mail addresses can be obtained from publicly-available sources or through randomly-generated lists. Therefore, if you receive a fake e-mail that appears to be from OneWest Bank, this does not mean that your e-mail address, name or any other information has been taken from OneWest Bank's systems.

    Counterfeit websites

    Online thieves often direct you to fraudulent websites via e-mail and pop-up windows and try to collect your personal information. In many cases there is no easy way to determine that you are on a phony website because the URL will contain the name of the institution it is spoofing. However, if you type (or cut and paste) the URL into a new web browser window and it does not take you to a legitimate website, or you get an error message, it was probably counterfeit website.

    Another way to detect a phony website is to consider how you arrived there. Generally, you were directed by a link in a fake e-mail requesting your account information. Again, OneWest Bank will not request personal information from customers via e-mail. Any unsolicited request should be considered fraudulent and reported immediately via our Notify Us link.

    How can I prevent online fraud?

    With a few simple steps, you can help protect your OneWest Bank accounts and personal information from fake e-mails and websites:

    • Delete suspicious e-mails without opening them. If you do open a suspicious e-mail, do not open any attachments or click on any links it may contain.
    • Never provide sensitive account or personal information in response to an e-mail. If you have entered personal information, notify OneWest Bank immediately via our Notify Us link.

    Avoiding malware:

    • Keep a “clean” machine: Set your security software, Internet browser, and operating system (like Windows or Mac operating systems) to update automatically. Ensure your Internet browser setting is set to detect unauthorized downloads.
    • Instead of clicking on a link in an e-mail, type the URL of the site you want directly into your Internet browser. Criminals send e-mails that may appear to be from known, trusted sources, but clicking them could download malware or send you to a spoofed site designed to steal your personal information.
    • Don’t open e-mail attachments unless you can confirm the sender and the content of the attachment.
    • Download and install software only from websites you know and trust.
    • StaySafeOnline.org and OnGuardOnline.gov contain user-friendly information on commonly used, free security software as well as safe computing best practices.

    Detecting and removing malware:

    • Update your security software, and then run it to scan your computer for viruses and spyware. Delete anything it identifies as a problem. You may have to restart your computer for the changes to take effect.
    • If your computer is covered by a warranty that offers free tech support, contact the manufacturer. Before you call, write down the model and serial number of your computer, the name of any software you've installed, and a short description of the problem.
    • Many companies – including some affiliated with retail stores – offer tech support on the phone, online, at their store, and in your home. Decide which is most convenient for you. Telephone and online help generally are the least expensive, but you may have to do some of the work yourself. Taking your computer to a store usually is less expensive than hiring a repair person to come into your home.
    • Once your computer is back up and running, think about how malware could have been downloaded to your machine, and what you could do differently to avoid it in the future.

    Updated January 15, 2009

    The Federal Deposit Insurance Corporation (FDIC) is warning consumers, businesses and financial institutions to be aware of fraudulent e-mails allegedly from the Federal Reserve Bank. The fraudulent e-mails claim that a phishing attack has affected the Fedwire system and that restrictions are in place. The e-mails further instruct recipients to click on links within the e-mail for additional information.

    The fraudulent e-mails have included various spoofed names and addresses in the "From:" line of the messages, including "Bank System Administration," "System Administration" and "Federal Reserve Bank." The e-mails contain the following message verbatim:

    Phishing Federal Reserve Scam

    The message contains links to two Web pages that attempt to load malicious Trojan horse programs onto end users' computers.

    Please review these helpful guidelines of what to do when you’ve received or click links within unsolicited emails:

    • If an end user received the e-mail and clicked on any of the links, fully scan the computer using updated anti-virus software. If malicious code is detected on the computer, consult with a computer security or anti-virus specialist to remove the malicious code or re-install a clean image of the computer system.
    • Be aware that phishing e-mails frequently have links to Web pages that host malicious code and software. Do not follow Web links in unsolicited e-mails from apparent federal banking agencies. Instead, bookmark or type the agency's Web address.
    • Always use anti-virus software and ensure that the virus signatures are automatically updated. Ensure that the computer operating systems and common software applications security patches are installed.
    • Do not open unsolicited or unexpected e-mail attachments because of the risk of malicious code or software in the attachments. Instead, call the agency using a known and appropriate telephone number to verify the legitimacy of the message and attached file.
    • Be alert to different variations of the fraudulent e-mails.

    Information about counterfeit items, cyber-fraud incidents and other fraudulent activity may be forwarded to the FDIC's Cyber-Fraud and Financial Crimes Section, 550 17th Street, N.W., Room F-4004, Washington, D.C. 20429, or transmitted electronically to alert@fdic.gov. Questions related to federal deposit insurance or consumer issues should be submitted to the FDIC using an online form that can be accessed at https://www2.fdic.gov/starsmail/index.asp.

    Lottery Scam

    A newly-discovered scam known as the "Lottery Scam" is not committed online or by e-mail, but by regular mail. Victims of lottery scams receive a letter declaring the recipient the winner of a lottery or sweepstake (usually British or Canadian). The letter refers to an enclosed check for a small portion of the winnings which is to cover tax, fees, and/or insurance. The recipient is instructed to contact the sender to negotiate the balance of their winnings, at which time personal information is requested to "verify" the recipient's identification. The enclosed check is not valid, and the request for identification information is an attempt at identity theft.

    How can I protect myself from lottery scams?

    Never provide sensitive account or personal information in response to such a letter. If you have already provided personal information, please contact your local law enforcement agency immediately. If you receive a similar letter and you are unsure about its validity, either contact law enforcement or the bank that issued the enclosed check.

    Forensic Mortgage Loan Audit Scam

    Similar to foreclosure rescue scams, forensic mortgage loan audit scams charge several hundred dollars to review distressed homeowners' loans to see if they may be able to use the audit report to avoid foreclosure, accelerate the loan modification process or even cancel the loan—none of which ever occur.

    Forensic mortgage loan audit scams will often:

    • Guarantee to stop foreclosure on your home.
    • Advise you to cease contact with your lender, lawyer or credit or housing counselor.
    • Charge a fee before providing any services, accepts payment only by cashier’s check or wire transfer.
    • Encourage you to lease your home so you can buy it back at a later date.
    • Recommend that you make your mortgage payments directly to it, rather than your lender.
    • Urge you to transfer your property deed or title to it.
    • Offer to buy your house for cash at a fixed price that is inappropriate for the housing market.
    • Pressure you to sign papers you haven’t had a chance to read thoroughly or that you don’t understand.

    How can I protect myself from forensic mortgage loan audit scams?

    Never provide sensitive account or personal information to any company or individual that seems suspicious or displays one of the above warning signs. If you suspect you've encountered a forensic mortgage loan audit scam, please contact your local law enforcement agency immediately and visit the Federal Trade Commission website for information on how to report the illegal activity at www.ftc.gov.

    To notify us of online fraud, identity theft or a lottery scam, please call 1.877.331.3785 Monday through Friday, 8:00 a.m.– 9:00 p.m. (EST) or e-mail us at privacyemail@owb.com .

    Please include your name, e-mail address, telephone number and a detailed description.