- Security Center
Learn how we protect your banking experience at Citi, and how you can protect yourself against identity theft and other security risks at the same time.
As the first step to protect your accounts, we’ll educate you on the different types of fraud that exist – from discovering how to spot and stop fraud, to additional preventive steps that you can take.
Protect Yourself from Fraud
Here are a few types of fraud and steps that you can take to prevent yourself from becoming a victim.
Phishing emails, also known as hoax or spoof emails, are fraudulent emails that appear to be sent from a trusted source but are in fact, designed to trick you into revealing valuable data such as your User ID, password, card details and One-Time Pin (OTP).
HOW TO PROTECT YOURSELF FROM PHISHING
Be aware of emails claiming to be Citi
- Always check the sender's email address.
- Remember that Citi will never ask you to confirm a payment or transaction via email.
- If in doubt, don't click the link and contact Citi.
SMiShing messages appear to be from a legitimate company and typically contain a link that takes you to a spoof website, or ask you to call a phone number. Even if you don't enter any information, clicking the link can lead to other problems, such as installing malicious software or dangerous viruses to your phone.
HOW TO RECOGNIZE SMS FRAUD
You may receive an SMS from a fraudster posing as Citi, requesting you to share personal information, such as account or card details.
In most cases you will be directed to a fraudulent lookalike website that requests you to enter your:
- Card details
- Name & Address
- User ID & Password
- One-Time PIN (OTP)
Fraudsters can utilise your details to make immediate purchases or fund transfers.
HOW TO PROTECT YOURSELF FROM SMISHING
Be aware of SMS claiming to be Citi
- Always check that the SMS is sent from Citi, not a strange phone number
- Minimize clicking on links in SMS as they may link to illegitimate websites.
Never reply to unsolicited SMS
- Responses could be used by fraudsters to socially engineer information
- You may be tricked into performing unwanted actions
Stay alert and verify details
- Always check that you intend to conduct a credit card transaction
- Do not provide OTP to authorize payments you did not make
- Citi will never request for your PIN, password or OTP through phone call, email or SMS.*
* Except for cases where you have contacted Citi to conduct a transaction via phone, and our staff needs the OTP from you to confirm the transaction.
We're constantly updating and improving our wide variety of security measures, providing you the confidence you need when using Citi Mobile or Citibank Online.
Our 128-bit SSL (Secure Sockets Layer) encryption engine provides industry standard levels of security, ensuring your information can't be accessed by anyone else.
- The green address bar on Citi websites indicates that the site has undergone extensive vetting by our security teams and has been granted a security certificate known as an Extended Validation SSL Certificate.
- For safety, we’ll suspend your online access if three failed login attempts are made. We’ll also block access to cash machines if the wrong PIN is entered three times.
- You are recommended to use supported and updated browsers to ensure your internet banking is secured at all times.
- Every time you sign in to Citibank Online, the date and time of your last visit are shown. If you didn't sign in then, this will indicate an unauthorised account access has occurred.
2-way SMS Notification
Our 2-way SMS Notification alerts you whenever a suspicious transaction is detected. Your prompt response plays an important role in safeguarding your account.
HOW THE 2-WAY SMS NOTIFICATION WORKS
An alert will be sent to you whenever we detect a suspicious transaction.
- If you DID perform that transaction, reply with 1. Citi will keep your card active and you can continue using your card.
- If you DID NOT perform that transaction, reply with 2. Citi will block your card and contact you to check for any other fraudulent transactions. A new card will be issued, if needed.
- For AIS and Truemove networks, you will receive SMS from the number 4514588
- For DTAC network, you will receive SMS from the number 1611588
- We will not ask for any additional information other than “1” or “2”
- For more information, click here
Citi Mobile® Token
- Citi Mobile® Token is a feature within the Citi Mobile® App that authenticates transactions as an alternative to other authentication methods such as One-Time PIN (OTP) via SMS.
The benefits of Citi Mobile Token are:
Protected by a 6-digit Unlock Code chosen by you and restricted to one device of your choice.
Enter your unique Unlock Code to instantly authenticate your transactions initiated in
Citi Mobile® App on your
Citi Mobile® Token enabled device without having to wait for OTP via SMS.
Authenticate all online transactions such as payments and transfers, adding new payee and updating your contact details in just a few clicks.
- With the Citi Mobile® Token, you can instantly authenticate all transactions initiated in the Citi Mobile® App. You can also instantly generate OTP with your unique Unlock Code to authenticate transactions on Citibank Online. To learn more, click here
- After enrolling to Citi Mobile® Token, you should not share or reveal your Unlock Code to anyone, including Citi staff.
If you suspect there are unauthorised transactions on your account or you wish to report suspicious emails, SMS messages or phishing websites:
Lock your card on the Citi Mobile® App
- If you have misplaced your card or suspect there are unauthorized transactions, you can temporarily lock your card via Citi Mobile® App so that no one else can use it. You can unlock your card just as easily when you need to.
- While your card is locked, you will not be able to use it for point-of-sale transactions. However, any recurring payment instructions that you may have established on your card will not be affected.
- To terminate your card and request for a replacement if your card is lost or stolen, please contact us.
Change your Citibank Online User ID, Password and ATM PIN immediately.
To ensure your online banking sessions are secure, on both personal computer and mobile phone, Citibank recommends that you follow these simple security tips.
Click on to expand and on to minimise the details.
You should not use public or shared computers like those in Internet Cafes or even computers belonging to someone else for Internet banking, you may be open to harmful or specific software programs housed within these computers, which could capture your personal information.
Always enter the Citibank website address http://www.citibank.co.th directly into your PC or mobile browser address bar before you login to ensure that you are on the legitimate Citibank website.
Check that the bank's website address changes from http:// to https:// and a security icon that looks like a lock or key appears at the bottom of the webpage when authentication and encryption is expected.
You can click on the lock icon at the bottom of the webpage to review the Secure Sockets Layer (SSL) certificate information. The certificate should be issued to http://www.citibank.co.th.
Click log out when you have finished your banking session. Do not just close your browser window.
Update the bank when you change your contact details. This will enable us to contact you in a timely manner if we detect unusual transactions.
Check your accounts on a regular basis and contact Citibank immediately at our 24-hour CitiPhone Banking Tel. 1588 should you encounter any difficulties or irregularities.
Your password should be a combination of at least 6 alphabet and alphanumeric characters, without repeating any character more than once.
Your password should not be based on a User ID, personal telephone number, birthday, or other personal information.
You should memorize your password and not record it anywhere including your mobile phone.
You should change your password regularly.
You should use a separate password for online banking and for logging into other non-banking websites.
Ensure that no one is watching you while you key in your password or any other sensitive information. Do not share your password or make it accessible to others.
You should NOT reveal your password to anyone even if they purport to be a staff member of Citibank.
You should not allow anyone to keep, use or tamper with your mobile phone, the number of which was registered with Citibank to receive OTP.
You should not reveal the OTP to anyone.
Update the bank immediately when you change your mobile phone number.
Do not select the option auto-save on browsers for storing or retaining user name and password when logging into online banking.
Make sure your computer and mobile phone has the most current anti-virus software. Anti-virus software needs frequent updates to guard against new viruses. Make sure you download the anti-virus updates as soon as you are notified that a download is available.
Install a personal firewall to help prevent unauthorized access to your home computer and mobile phone. Be sure to update the firewall with security patches or newer versions on a regular basis.
Make sure your computer and mobile phone's Operating System and browser software is updated with the latest security patches.
Clear your browser's cache and history after each session so that your account information is removed, especially if you are using a shared computer.
If you are using a Windows OS, ensure File & Print sharing is disabled while online.
Make regular backups of critical data.
Consider the use of encryption technology to protect highly sensitive data.
You should set a password for your wireless point. This will prevent unauthorized users from accessing and using your wireless connection.
Disable broadcasting to your network name (SSID - Service Set Identifier) to prevent casual surfers from detecting and connecting to your wireless network.
You should use encryption on data transmission to protect your wireless network.
You should allow only registered machines for your wireless network.
A fraudulent (a.k.a. spoofing, impostor, or phishing) e-mail is one that has been forged. It usually tricks you into providing sensitive personal information either on the spot (e.g. by replying to the e-mail) or including links to a fake website that tries to get you to disclose personal data or log in.
Do not disclose personal, financial or credit card information to little known or suspect websites.
Do not open e-mail attachments from strangers or install software or run programs of an unknown origin.
Under no circumstances will Citibank ever send you an e-mail asking for your personal information. You should NOT respond to such e-mail or reveal your PIN and/or password to anyone.
Spyware is a piece of software inserted in your computer that collects information about you and your Internet traffic. It is stored in your PC (with/without your consent) when you download software, games, screensavers, etc. from the Web. It usually claims to be able to improve your computer's performance.
Spyware can be used maliciously to gain access to your passwords, PINs, card numbers, and Internet browsing history. They can also be used to scan files on your hard drive and slow down your computer by consuming system resources leading to system instability or a crash.
Do not login to Citibank Online while such software is installed on your computer. If you have installed any software that claims to speed up your internet connection, or have additional third-party toolbars on your browsers, then you may be using software that has the ability to track your internet sessions. We recommend that you uninstall such software.
Protecting our customers and providing a secure online banking experience is top priority at Citibank.
All data sent to and from Citibank is "scrambled" and "reassembled" between Citibank and your personal computer or mobile phone using one of the highest levels of encryption commercially available.
Automatic Time Out
When there is no activity for 5 minutes, Citibank will terminate customer's secured Citibank Online session to help protect against unauthorized access.
Strict Protection of Customer Information
Citibank has strict standards of security and confidentiality to safeguard the confidentiality of customer information. Regular audits are conducted internally to uphold these standards.
If you suspect that there has been any unauthorized breach of your account(s) online, or that an online transaction has taken place that you did not initiate, you should notify Citibank immediately by calling our 24-Hour CitiPhone banking Tel.1588.
- Security incidents will be escalated to our technical support staff for evaluation. If any breach of security appears to have occurred, the bank will investigate it further.
- Citibank will provide you an interim update of our investigations and the status of your case. Final resolution of any incident, though, will depend on the nature and complexity of the incident, as well as the details surrounding the case.
- While we investigate, our officers may ask you to provide more details surrounding the incident to allow us to resolve your case as quickly and as efficiently as possible.
Online banking users also have a role to play to ensure that they are protected online.
- You are responsible for keeping your password confidential. Take all steps to prevent discovery of your password and the unauthorized access of your account, which would include ensuring that no one is watching you while you key in your PIN.
- Do not use a shared computer or device that cannot be trusted for online banking such as an Internet Cafe computer
- If you believe that your card number and/or ATM/credit card PIN may have been lost or stolen, or that someone has transferred or may transfer money from your account(s) or otherwise has operated your account(s) without your permission, you should notify Citibank immediately by calling CitiPhone Banking Tel.1588
- Read and follow Citibank's recommended online security tips to ensure the safeguarding of your personal information, computer, and mobile phone
- Ensure that your computer and mobile phone is free from any electronic, mechanical, data failure or corruption, computer viruses and bugs
- Do not leave your computer or mobile phone unattended while you are still engaged in an online banking session
- You are responsible for abiding to the Citibank's terms & conditions for online banking and obliged to read and agree to these prior to commencing online banking.