|
Home>Service Channels>Internet Security |
|
|
|
At Citibank Online, your Internet Security is our utmost concern. Citibank considers customer confidentiality one of our highest priorities and we employ every appropriate measure to safeguard it. |
|
|
|
Strong Encryption (128 Bit) |
|
All data sent to and from Citibank is "scrambled" and "reassembled" between Citibank and your personal computer using 128-bit encryption, the highest level of encryption generally available today. |
|
Register your payee online |
|
You need to add your payee on Citibank Online, and use the OAC we send to you via your registered mobile number and email address to activate this new payee before payment and transfer. |
|
Automatic Time Out |
|
Your session will be terminated if your computer stays idle for more than 6 minutes, to protect against unauthorized access. You will be requested to sign on again before you can access any of our Online services. |
|
One Time Password to secure your online transaction. |
|
Before you access to key functions (e.g. Payment and Transfer) of Citibank Online, you need to use the One Time Password send from Citibank to your registered mobile phone for authentication. |
|
Monitor on Transaction Risks or System Risks. |
|
Risk Monitor for suspicious transaction;
Regular Online Banking self-testing and monitor to fix system bug immediately. |
|
Never share or reveal your personal information |
|
- Your password is only known to yourself, never share your password with anyone under any condition, and keep your PIN, User ID, Password and private information secure. Do not write down your password on paper, store it on your PC/mobile phone or any other form of media.
- Citi will never ask you for your PIN, User ID or Password over the telephone, in an email, via SMS or in any other form of written communication. If you access any websites or receive any suspicious calls/e-mails requesting your account information or password, please do not respond to them and reach us via our 24-hour hotline 400-821-1880 / 800-830-1880 within mainland China. If you are calling from other parts of the world, please call us from 86-20-38801267.
- If you feel that your password has been compromised, change the password and notify us via our 24-hour hotline 400-821-1880 / 800-830-1880 within mainland China. If you are calling from other parts of the world, please call us from 86-20-38801267.
|
|
Choose strong passwords and manually change them regularly |
|
- Choose password that is easy to remember but hard to guess, use special characters and a mix of letters and numbers and a combination of lower case and capital letters if the passwords or PINS are case sensitive. Do not use obvious data, such as your name, initials, Social Security ID number, phone number, license plates, address, birthdays, names of friends, families, or pets, company names, words in the dictionary, sequences of numbers, or keyboard characters.
- Changing your passwords regularly provides greater security.
|
|
Use a unique ID and password |
|
- Do not use the same user ID/password combination for your Citi account that you use for other computer or online accounts. Also always use a different password for each of your Citi accounts. Using the same login credentials for multiple accounts means that if one account login is compromised from another company or your home computer, then that information would also work for all other accounts using that information.
|
|
Secure Your Online Service |
|
- Always type http://www.citibank.com.cn into your browser address bar before you sign on to ensure you are on a legitimate Citibank website.
- Check your browser connects using 128-bit encryption.
- Always sign off/log out correctly from Citibank Online when you are finished with using our Online services.
|
|
Beware of e-mail scams that trick you into providing your account information or passwords |
|
- Citi will never ask for your account number, online banking password, ATM Card/Credit Card Personal Identification Number (PIN), account balance and identity card/passport number or any other sensitive information in response to an e-mail.
- Be alert for fraudulent emails, which appear to come from a trusted business or friend, but actually are designed to mislead you into opening a fraudulent website and disclosing sensitive information. Be suspicious of any email that contains an embedded hyperlink or a request to enter personal information, do not reply, click on a hyperlink or input any sensitive information. If you've received a suspicious email purporting to be from Citi, please notify us immediately. Email attachment from unspecified or suspicious sources may be a virus or worm, do not open any attachment unless you are sure it is safe.
- Do not send sensitive personal or financial information unless it is encrypted on a secure website. Regular emails are not encrypted. If you provide sensitive information to a suspicious website, you should immediately report to the police. If the website is purporting to be a Citi site, please also notify us as soon as possible.
|
|
Do not use public or shared computers such as those at Internet cafes for Internet banking |
|
- You are responsible for keeping your PIN, Online User ID, Password and Security Questions confidential.
- You should not use public or shared computers such as those in Internet Cafes for Internet banking; you may be open to harmful programs, which could capture your personal information.
|
|
Protecting your Personal Computer |
|
- Do not select the option auto save on browsers for storing or retaining user name and password when logging into Citibank Online on computers that are shared.
- Make sure your home computer has the most current anti-virus software. Anti-virus software needs frequent updates to guard against new viruses. Make sure you download the anti-virus updates as soon as you are notified that a download is available.
- Install a personal firewall and the latest antivirus software to help prevent unauthorized access to your home computer, particularly when they are linked via broadband connections, digital subscriber lines or cable modems. Be sure to update the anti-virus and firewall products with security patches or newer versions on a regular basis.
- Clear your browser's cache and history after each session so that your account information is removed, especially if you are using a shared computer.
- If you are using a Windows OS, ensure File & Print sharing is disabled while online, particularly if you are linked to the Internet via any broadband connection, digital subscriber lines or cable modems.
|
|
Click on to expand and on to minimise the details. |
|
How does Citibank Online protect customer's information? |
|
Citibank currently offers 3 levels of security to help safeguard your financial information. |
|
- Strong Encryption (128 Bit)
All data sent to and from Citibank is "scrambled" and "reassembled" between Citibank and your personal computer using 128-bit encryption, the highest level of encryption generally available today.
- Password
Your Password must be entered every time you sign on to Citibank Online.
- Automatic Time Out
Your session will be terminated if your computer stays idle for more than 6 minutes, to protect against unauthorized access. You will be requested to sign on again before you can access any of our Online services.
|
|
|
|
What is encryption? |
|
Encryption technology allows secure transmittal of information along the Internet by encoding the transmitted data using a mathematical formula that scrambles the data. Without a corresponding "decoder," the transmission would look like nonsense text and would be unusable. Encryption technology can be used for a host of applications, including electronic commerce (sending credit card numbers for orders or transmitting account information), secure e-mail messages and sensitive documents. Basic encryption is used in the transmission of data from one party to another. The sender encodes the data by scrambling it, and then sends it on. The receiver must decode the data with the correct "decoder" in order to read and use it. |
|
|
|
How does encryption work? |
|
Cryptography can provide the following services: |
|
- Data confidentiality -- ensures that data is not disclosed to unauthorized parties
- Data Integrity -- ensures that data has not been altered or destroyed in an unauthorized manner
- Authentication -- verify that the data was actually sent by the claimed sender
- Non repudiation -- enables a third party to ensure that a message has been sent and received without modification or duplication
|
|
|
|
How secure is encryption? |
|
Encryption effectiveness depends on the strength of an encryption algorithm, secrecy of an encryption key and length of an encryption key. The encryption algorithms used by Citibank Online are industrial standard algorithms that have been extensively tested by cryptographers. The level of security that an encryption algorithm provides is measured by the length of a key - the longer the key, the harder it would take to break the code. This is measured in bits (e.g. 40-bit encryption, the level of encryption used with many ordinary browsers, versus 128-bit encryption, the level of encryption required to use Citibank Online). For a 40-bit key there are 2^40 possible different combinations. For a 128-bit key (the level of encryption that Citibank requires) there are 2^128 possible different combinations. According to Netscape, 128-bit encryption is 309,485,009,821,345,068,724,781,056 times more powerful than 40-bit encryption. |
|
|
|
What level of encryption does Citibank Online support? |
|
All transmission of customer information through Citibank Online is encrypted using 128-bit encryption technology, which currently is the strongest generally available. Citibank does this through the use of special server software and server certificate, which allow us to establish secure 128-bit encryption sessions between the Citibank Online website and the browser you are using. |
|
|
|
How do I know if my browser supports 128-bit encryption? |
|
To determine if your browser supports 128-bit encryption, click on "Help" in the toolbar of your Internet browser and click on "About [browser name]". A pop-up box or window will display. For Internet Explorer - Next to "Cipher strength" you should see "128-bit". For Netscape - the following text should appear: "This version supports high-grade (128-bit) security with RSA Public Key Cryptography". If your browser does not support 128-bit encryption, you will need to upgrade to a browser that does in order to continue to access secure pages of the website. Recommended browsers include: Netscape Navigator 4.75 or above, Internet Explorer 5.0 above. |
|
|
|
How can I confirm I am securely connected to Citibank? |
|
You can (1) Check for the SSL secure connection symbol and (2) the digital certificate. |
|
- Check for the SSL secure connection symbol
When you connect to the Citibank Online sign-in page, a secure session will be established between the browser on the computer you are using and Citibank. You can confirm your Citibank Online session is encrypted by the appearance of a closed padlock symbol on the status bar of your browser. The following table shows the symbols, as they will appear in the different browsers.
- Check the digital certificate
Every time you connect to Citibank Online, the service sends your browser a packet of information called a 'digital certificate'. This certificate identifies the site you are connecting to, and establishes the secure session. You can view the contents of the certificate when you connect by clicking on the padlock symbol on the status bar of your browser. The Issuer field on the certificate should contain a reference to Verisign, the issuer of the 'digital certificate'. The certificate will be issued to www.citibank.com.cn.
|
|
|
|
What should I do if I think somebody is accessing my accounts without my permission? |
|
Citibank will never ask you for APIN, Online User ID, Password and Security Questions over the telephone, in an electronic message, or in any written communication. If you come across any websites or receive any suspicious calls or e-mails requesting for your account information or password, please do not respond to them and contact us via our 24-Hour Service Hotline at 400-821-1880 or 800-830-1880 (For land lines within mainland China). If you are overseas, please call (+86)-(20)-3880-1267 (Personal and CitiBusiness customers) or (+86)-(21)-3896-9500 (Credit Card customers). |
|
|
|
|
|
|
|
|
|