To ensure your online banking sessions are secure, on both personal computer and mobile phone, Citibank recommends that you follow these simple security tips.
Click on to expand and on to minimize the details.
You should not use public or shared computers like those in Internet Cafes or even computers belonging to someone else for Internet banking, you may be open to harmful or specific software programs housed within these computers, which could capture your personal information.
*Only applicable for HK stock
Always enter the Citibank website address http://www.citibank.co.th or http://www.citigold.citibank.co.th directly into your PC or mobile browser address bar before you login to ensure that you are on the legitimate Citibank website.
Check that the bank's website address changes from http:// to https:// and a security icon that looks like a lock or key appears at the bottom of the webpage when authentication and encryption is expected.
You can click on the lock icon at the bottom of the webpage to review the Secure Sockets Layer (SSL) certificate information. The certificate should be issued to http://www.citibank.co.th or http://www.citigold.citibank.co.th.
Click log out when you have finished your banking session. Do not just close your browser window.
Update the bank when you change your contact details. This will enable us to contact you in a timely manner if we detect unusual transactions.
Check your accounts on a regular basis and contact Citibank immediately at our 24-hour CitiPhone Banking Tel. 1588 should you encounter any difficulties or irregularities.
Your password should be a combination of at least 6 alphabet and alphanumeric characters, without repeating any character more than once.
Your password should not be based on a User ID, personal telephone number, birthday, or other personal information.
You should memorize your password and not record it anywhere including your mobile phone.
You should change your password regularly.
You should use a separate password for online banking and for logging into other non-banking websites.
Ensure that no one is watching you while you key in your password or any other sensitive information. Do not share your password or make it accessible to others.
You should NOT reveal your password to anyone even if they purport to be a staff member of Citibank.
You should not allow anyone to keep, use or tamper with your mobile phone, the number of which was registered with Citibank to receive OTP.
You should not reveal the OTP to anyone.
Update the bank immediately when you change your mobile phone number.
Do not select the option auto-save on browsers for storing or retaining user name and password when logging into online banking.
Make sure your computer and mobile phone has the most current anti-virus software. Anti-virus software needs frequent updates to guard against new viruses. Make sure you download the anti-virus updates as soon as you are notified that a download is available.
Install a personal firewall to help prevent unauthorized access to your home computer and mobile phone. Be sure to update the firewall with security patches or newer versions on a regular basis.
Make sure your computer and mobile phone's Operating System and browser software is updated with the latest security patches.
Clear your browser's cache and history after each session so that your account information is removed, especially if you are using a shared computer.
If you are using a Windows OS, ensure File & Print sharing is disabled while online.
Make regular backups of critical data.
Consider the use of encryption technology to protect highly sensitive data.
You should set a password for your wireless point. This will prevent unauthorized users from accessing and using your wireless connection.
Disable broadcasting to your network name (SSID - Service Set Identifier) to prevent casual surfers from detecting and connecting to your wireless network.
You should use encryption on data transmission to protect your wireless network.
You should allow only registered machines for your wireless network.
A fraudulent (a.k.a. spoofing, impostor, or phishing) e-mail is one that has been forged. It usually tricks you into providing sensitive personal information either on the spot (e.g. by replying to the e-mail) or including links to a fake website that tries to get you to disclose personal data or log in.
Do not disclose personal, financial or credit card information to little known or suspect websites.
Do not open e-mail attachments from strangers or install software or run programs of an unknown origin.
Under no circumstances will Citibank ever send you an e-mail asking for your personal information. You should NOT respond to such e-mail or reveal your PIN and/or password to anyone.
Spyware is a piece of software inserted in your computer that collects information about you and your Internet traffic. It is stored in your PC (with/without your consent) when you download software, games, screensavers, etc. from the Web. It usually claims to be able to improve your computer's performance.
Spyware can be used maliciously to gain access to your passwords, PINs, card numbers, and Internet browsing history. They can also be used to scan files on your hard drive and slow down your computer by consuming system resources leading to system instability or a crash.
Do not login to Citibank Online while such software is installed on your computer. If you have installed any software that claims to speed up your internet connection, or have additional third-party toolbars on your browsers, then you may be using software that has the ability to track your internet sessions. We recommend that you uninstall such software.
Protecting our customers and providing a secure online banking experience is top priority at Citibank.
All data sent to and from Citibank is "scrambled" and "reassembled" between Citibank and your personal computer or mobile phone using 128-bit encryption, one of the highest levels of encryption commercially available.
Citibank offers a virtual keyboard login mechanism to that provides extra security for our customers when they log in.
Secured log in using double-security questions
Besides a password, the answer to a double-security question chosen by the customer must be entered every time he/she logs into Citibank Online. Under no circumstances will Citibank store a customer's password or answer locally on his/her computer or mobile phone.
Automatic Time Out
When there is no activity for 5 minutes, Citibank will terminate customer's secured Citibank Online session to help protect against unauthorized access.
Strict Protection of Customer Information
Citibank has strict standards of security and confidentiality to safeguard the confidentiality of customer information. Regular audits are conducted internally to uphold these standards.
If you suspect that there has been any unauthorized breach of your account(s) online, or that an online transaction has taken place that you did not initiate, you should notify Citibank immediately by calling our 24-Hour CitiPhone banking Tel.1588.
- Security incidents will be escalated to our technical support staff for evaluation. If any breach of security appears to have occurred, the bank will investigate it further.
- Citibank will provide you an interim update of our investigations and the status of your case. Final resolution of any incident, though, will depend on the nature and complexity of the incident, as well as the details surrounding the case.
- While we investigate, our officers may ask you to provide more details surrounding the incident to allow us to resolve your case as quickly and as efficiently as possible.
Online banking users also have a role to play to ensure that they are protected online.
- You are responsible for keeping your password confidential. Take all steps to prevent discovery of your password and the unauthorized access of your account, which would include ensuring that no one is watching you while you key in your PIN.
- Do not use a shared computer or device that cannot be trusted for online banking such as an Internet Cafe computer
- If you believe that your card number and/or ATM/credit card PIN may have been lost or stolen, or that someone has transferred or may transfer money from your account(s) or otherwise has operated your account(s) without your permission, you should notify Citibank immediately by calling CitiPhone Banking Tel.1588
- Read and follow Citibank's recommended online security tips to ensure the safeguarding of your personal information, computer, and mobile phone
- Ensure that your computer and mobile phone is free from any electronic, mechanical, data failure or corruption, computer viruses and bugs
- Do not leave your computer or mobile phone unattended while you are still engaged in an online banking session
- You are responsible for abiding to the Citibank's terms & conditions for online banking and obliged to read and agree to these prior to commencing online banking.