CITIBANK ONLINE SECURITY

Citi protects. Citi cares

Citi protects. Citi cares
Protecting Yourself

Ptracker Alert

Any Android phone that installed an illegal phone tracking app named Ptracker will face the risk of having its data manipulated, i.e. OTP when users make transactions on Citibank Online and CitiMobile.If user’s account and password on Citibank Online and CitiMobile are disclosed, the risk of online financial crime can occur.

We highly recommend you to uninstall Ptracker and change Citibank Online and CitiMobile account’s password if you have downloaded this application.
In addition, you should not download any software from unofficial online app stores to prevent virus and eavesdropping applications.

Customer Alert

Beware of suspicious telephone calls. Citibank won't contact you by phone with the offer of a preapproved credit card. If you receive a phone call from someone offering you a preapproved Citibank credit card - on the basis you supply them with personal information such as drivers licence, address details, income details - report it to the police or contact CitiPhone at (84 8) 3521 1111 (84 8) 3521 1111.

Protect your identity by keeping your personal data in the right hands. For more information please click on "Fraud Protection".

Tips to "Spot" and "Avoid" Scams

Internet Banking Security Tips

  • Before Logging On to Citibank Online it is important you protect your computer and information with some easy-to-use tools such as firewall programs, email filters, anti-virus software and spyware filters.
  • Review your account statements as soon as you receive them and notify Citibank immediately of any unauthorized transactions.
  • Always type www.citibank.com.vn into your browser when signing on to Citibank Online.
  • Citibank will never send you emails containing links. It is important not to click on any links to Citibank Online from an email.
  • Keep your ATM PIN secure and never disclose it to anyone.
  • Do not select an easily identifiable ATM PIN like 1111, 1234 or dates of birth.
  • Before submitting information through a website, look for the "padlock" icon on your browser's status bar or that the website address starts with "https://" and not just "http://"- when such security details are present, your information is in a secured session.
  • Contact CitiPhone immediately at (84 8) 3521 1111 (84 8) 3521 1111 if you notice a discrepancy in the date and time of your last sign in. This information is found at the top of the "My Home" page after you login to Citibank Online.
  • Misspelled words either in the email message or within the website may signal a potential scam.
  • Always exit Citibank Online by clicking on the "sign-off" option, do not just close your browser.
  • Report all suspicious emails by forwarding them as an attachment to Citibank: email spoof@citicorp.com - for further investigation and action.
  • If you suspect your account has been compromised in any way, call CitiPhone immediately at (84 8) 3521 1111.
  • Customers should understand that Citibank will never send emails to customers to verify personal and/or account information.

It is important you disregard and report emails which:

  • Request any customer information - including your ATM PIN or account details. Therefore, customers should not reply to emails that request such information.
  • Advise you to contact a phone number to verify your card or account details. Always call CitiPhone at (84 8) 3521 1111 (84 8) 3521 1111.
  • Send emails to customers instructing them to login or apply for a product via a link in an email. Therefore customers should not click on such links.

Protect your personal computer

  • Install up to date anti-virus software on your computer to safeguard against viruses being downloaded onto your system.
  • Use a personal firewall to prevent unauthorized access to your computer.
  • Use an up to date operating system (such as Microsoft Windows XP) and Internet browsing software.
  • Learn more about software and browser requirements to effectively protect your computer.

Protect your personal and account data

  • Change your Citibank ATM PIN on a regular basis.
  • Never disclose your ATM PIN to anyone, not even to a Citibank representative.
  • Be careful when using public or shared computers, and check they use up to date anti-virus software and firewalls.
  • Learn more about which browsers are recommended.
  • Contact CitiPhone immediately at (84 8) 3521 1111 (84 8) 3521 1111 if you suspect your personal or account data has been compromised.
How We Protect You

How Citibank is protecting you

  • Citibank is committed to providing a secure banking environment for our customers. Citibank uses the latest technology and systems to deliver a range of security initiatives as part of an ongoing program to enhance the security of our online banking website.
  • All communication sent from your computer to our secure systems is encrypted to ensure the confidentiality of all data sent and received.
  • Citibank's dynamic on-screen keyboard, found on the sign on page of Citibank Online, is a means of protecting your password when you enter it. This sign on method consists of an on-screen keyboard from which your password is entered with your computer's mouse, rather than a keyboard which can be more easily targeted by key logging software.
  • A digital certificate (found by clicking on the Padlock Icon in the Status Bar at the foot of the page) is used to verify the identity and authenticity of Citibank's websites.
  • Immediately upon signing in to Citibank Online, the "My Home" page details the date and time of your last sign in. Contact CitiPhone immediately at (84 8) 3521 1111 (84 8) 3521 1111 if you notice a discrepancy in the date and time of your last sign in.
  • A security feature unique to Citibank is the Online Authorization Code which provides added protection when performing third party funds transfers.
  • The Citibank Online website is constantly monitored by dedicated personnel 24 hours a day who review the website to identify opportunities to enhance the site's security and to maintain all the internet banking services available for our customers.
  • Citibank customers are able to contact CitiPhone 24 hours a day, seven days a week for assistance with any queries.
  • If you believe your account has been compromised in any way, call CitiPhone immediately at (84 8) 3521 1111 (84 8) 3521 1111.
What Could Happen

Email fraud - spoof (also known as phishing or hoax)

  • A spoof website is one that mimics a popular company's website to lure one into disclosing confidential information. To make spoof sites seem legitimate, thieves use the names, logos, graphics and even code of the real company's site.
  • Although they can be difficult to spot, these sites generally ask you to click a link to a spoof website and request you provide, update or confirm sensitive personal information. As bait, they may allude to an urgent or threatening condition concerning your account.

Signs of a spoof email

  • There may be a sense of urgency. Example: Your account will be closed or temporarily suspended or you will be charged a fee if you do not respond.
  • Advise customers to contact a phone number to verify your card or account details.
  • There are embedded links that look legitimate because they contain all or part of a genuine company's name. These links may take you to spoof sites that ask you to enter, confirm or update sensitive personal information.
  • There may be obvious spelling errors. These errors enable spoof emails to avoid the spam filters that internet service providers use.
  • If you've received one of these emails, please forward it to email spoof@citicorp.com. As email spoofs continuously evolve, providing us with examples will help our ongoing investigations. Email spoofs can continually evolve, and even slight variations, like differences in the embedded links, will aide our investigations.
  • Customers should understand that Citibank will never send emails to customers to verify confidential, personal or account information.
  • If you believe your account has been compromised in any way, call CitiPhone immediately at (84 8) 3521 1111 (84 8) 3521 1111.
FAQ

If you receive a suspicious email that appears to have been sent by Citibank, contact CitiPhone immediately at (84 8) 3521 1111 (84 8) 3521 1111. Forward all suspicious emails as an attachment to email spoof@citicorp.com for further investigation and action.

You can verify that you are communicating with a genuine financial institution by examining the website certificate during a secure session. This will verify the identity of the specific website you are accessing as well as validate that the site is secure and genuine. It also ensures that no other website can assume the identity of the original secure site. Please refer to your internet browser's documentation for instructions on how to view a certificate. Always ensure that you are using a secure website when submitting credit card or other sensitive information. To make sure you are on a secure web server, check the beginning of the website address in your browser's address bar - it should read https://, rather than just http://.

Report the theft of information to Citibank by contacting CitiPhone as quickly as possible at (84 8) 3521 1111 (84 8) 3521 1111.

Web browsers use standard security protocols like Secure Socket Layer (SSL), and Secure Hyper Text Transfer Protocol (S-HTTP) to enable private information to be transmitted safely over the Internet. When you visit a website with the SSL protocol, a secure connection is created between your computer and the website server you are visiting. Once this connection is established, you can transmit any amount of information to the web server safely. In contrast, the S-HTTP is designed to transmit individual messages securely.

For most web browsers such as Microsoft Internet Explorer and Netscape Navigator, a secure, encrypted session will be indicated by a closed padlock or an unbroken key icon that appears in the lower left or right hand corner of the browser window. You should also check the address bar of your browser. If the website address starts with "https://" rather than the standard "http://" then the session is secure.

Some phishing attacks use viruses and/or Trojans to install programs called "key loggers" onto your computer. These programs capture and send out any information that you type to the phisher, including account numbers, usernames and passwords. In this case, you should:

  • Install and/or update anti-virus and personal firewall software.
  • Update all virus definitions and perform a full scan.
  • Confirm every connection your firewall allows.

Digital certificates are issued by extensively audited and controlled certification authorities to authenticate a website or elements of websites. The certificate identifies the originator of the site and verifies that it has not been tampered with. When your web browser is presented with a certificate, it will check to see if a legitimate certification authority issued the certificate. If there is a match, your session will continue. Otherwise, your browser will issue a warning, and your safest action is to cancel your activity.

If a secure session is established and the information is encrypted during transmission, then others will not be able to view your information. However, you should be aware that some web browsers will store information on your computer even after you are finished conducting your online activities; this is called caching. Therefore, you should close your browser once you are finished using the Internet, particularly if you visit secure sites to conduct financial transactions, check account balances or view any other information that you regard as private and confidential.

Email sent over the Internet is generally not secure unless it is encrypted. In reality, most email programs currently do not have this capability. As most email transmissions are not secure, you should never send any personal or financial information, such as your credit card number, over email.

Supported Browsers

You are recommended to use supported and updated browsers to ensure that your internet banking is secure.

Web Browsers / OS: Windows Mac OSX iOS Android
8.1 8 7 Vista XP 10.10 10.9 10.8 7.1.2 7 4.1.2
Internet Explorer 11 X X
Internet Explorer 10 X X
Internet Explorer 9 X X
Internet Explorer 8 X X X
Chrome 35 X X X X X
Chrome 32 X X X X X
Chrome 31 X X X X X
Firefox 33 X X
Firefox 30 X X X
Firefox 28 X
Firefox 26 X X X X
Firefox 25 X X X X
Safari 8.0 X
Safari 7.0 X
Opera 12 X X
Opera 10 X X X X
Tablet Local Browser X X X X
(Samsung Galaxy Note 10.1)
X
(Kindle Fire HD)

You can download a new browser from:

  • Microsoft Internet Explorer™
    http://www.microsoft.com/windows/ie/downloads/ default.mspx http://www.microsoft.com/windows/ie/downloads/default.mspx http://www.microsoft.com/windows/ie/downloads/default.mspx
  • Google Chrome
    http://www.google.com/chrome
  • Mozilla Firefox
    http://www.mozilla.org/products/firefox
  • Safari
    http://www.apple.com/safari/download
  • Opera
    http://www.opera.com/computer/windows

NOTE: We do not recommend that you download beta versions, since they are experimental and may undergo significant changes before they're released. Please only download the above recommended versions.

If you are not ready to upgrade your browser, or you do not use one of these operating systems, you can still visit our site. However, should the browser be rejected, you will need to upgrade your browser from the recommended links above and they can be usually downloaded for free from the company's web site stated above.

How can I tell which browser version I am using?

For Windows Users:

  • Microsoft® Internet Explorer™ - Menu > Help > About Internet Explorer
  • Mozilla Firefox - Menu > Help > About Mozilla Firefox
  • Google Chrome - Wrench icon, top right corner > About Google Chrome

For Mac Users:

  • Safari - Safari > About Safari
  • Wide choice of deposits to secure your future.
  • Smooth, Safe, Sensible way to Citibank Online.