Online Security

Complementing the security measures used by the Citi Private Bank website and mobile application, there are measures you can take to ensure the security of your computerized personal information.

• We recommend that you use anti-virus, anti-spyware and pop up blocker software.
• Keep your operating system updated with the latest security updates and patches.
• Review your internet security settings.
• Be wary of emails from addresses or people you do not know.
• Watch out for phishing email scams.
• Avoid using public computers or network connections, especially when reviewing financial
  information.
• Protect your laptop and other portable electronic devices.
• Clear your browser's cache regularly.
• Back up your personal data and store backups in a secure location.

• Do not disclose personal, financial or credit card information on suspicious or little known websites.
• Do not select the browser option for storing or retaining user name and password.
• Check the authenticity of the financial institution's website by comparing the URL and the financial institution's name in its digital certificate, or by observing the indicators provided by an extended validation certificate.
• Always check that the financial institution's website address changes from http:// to https:// and a security icon that looks like a lock or key appears when authentication and encryption is expected.
• Check your bank account balance and transactions frequently and report any discrepancy.
• Consider the use of encryption technology to protect highly sensitive data.
• Log off the online banking session when not in use.
• Do not install software or run programs of unknown origin.
• Remove file and printer sharing on your computers, especially if they have internet access via cable modems, broadband connections or similar set-ups.
• Delete junk or chain emails.
• Print and maintain a hard copies of your trade documents for future reference.

• Website passwords should be at least 6 digits or 6 alphanumeric characters, without repeating any digit or character more than once.
• Website passwords should not be based on user-id, personal telephone number, birthday or other personal information.
• Website passwords must be kept confidential and not be divulged to anyone.
• Website passwords must be memorized and not be recorded anywhere.
• Website passwords should be changed regularly. Avoid using the same password for different websites, applications or services, particularly when they relate to different entities.
• Do not allow anyone to keep, use or tamper with your Security Token (one-time electronic PIN generator).
• Do not reveal the PIN(s) generated by your Security Token/Phone/Mobile Token to anyone.
• Do not reveal the unlock code of your Mobile Token.
• If you have registered for enhanced security capabilities and in the event of mobile device loss or theft, please do the following:
  • Enable enhanced security capabilities on another device. The enhanced security capabilities registered on the previous device will automatically be de-registered.
  • You can also choose to de-register from enhanced security capabilities via In View Client web. This may be done through Settings > Security Center > Trusted Identity.
  • Contact your Private Banker or Web Services and Support Team in Asia Pacific to lock your account. Contact details can be found on our client support page. 
• Unlock code should be changed regularly. Deactivate the Mobile Token in the event of loss or theft of handset. 
• Consider the use of encryption technology to protect highly sensitive data.
• Delete junk or chain emails.

There have been increasing reports of email scams being used to target individuals and businesses. Examples of the malicious emails include:

• Safety advice and tips for preventing the spread of viruses
• Tax adjustments and/or refunds to help struggling businesses
• Donation pages for charities, victims and vaccines
• Advertisements for health products, such as face masks and hand sanitizer
• Requests to send supplier payments to new bank accounts

Scammers could also pose as Citi, Citi Private Bank, or even law enforcement officials attempting to contact you regarding your bank account.

Please remain alert and always follow these important rules:

• Check the source and content of emails carefully before clicking links or opening attachments.
• Never share personal, financial or login data in emails, SMS messages, or other messaging app communications, including via links from those sources.
• Only log into your account by going directly to our website or Citi Private Bank In View, never via links

Always contact your Private Banker immediately to verify any Citi Private Bank email or other message you find suspicious. Thank you for staying vigilant in these uncertain times and please let us know if you require further advice.