ONLINE SECURITY TIPS

Secure online banking. Powered by Citi.

At Citi, we consider your security to be the topmost priority when banking online with us. As users of Citibank Online, please take note of the recommended security measures to further safeguard yourself while using our online banking service.

Tips
Bank safely

Do's
  • Always enter the Citibank website address "www.citibank.com.my" or "www.citigold.com.my" directly into your browser address bar before you log in to ensure that you are on the legitimate Citibank website.
  • Always check that the Citibank website address changes from http:// to https:// once you are on the login page.
  • Always look out for a security icon that looks like a lock or key, which normally appears at the bottom of the webpage or next to the URL bar (depending on the browser used), when authentication and encryption is expected.
  • Always review your account details. Log in at least once a week and view your account details to check if there are any transactions you don't recognize.
  • Always update the bank when you change your contact details. This will enable us to contact you in a timely manner if we detect unusual transactions.
  • Always set up account alerts, which are delivered to your mobile phone or email address. Example: set up alerts for large transaction amounts debited from your account.
  • Always check all transaction alerts to help identity suspicious activities in a timely manner.
Don'ts
  • Never disclose your banking details on any third party websites that are not owned by Citi.
  • Never proceed if you encounter a request for information not normally requested for and/or if the online experience differs from previously when using Citibank Online. Contact us immediately if you encounter such incidences.
  • Never close your browser window or leave your browser / computer unattended without logging out. Always click log out when you have finished your banking session.
Note:
If you are the target of SMS, email or phone call spamming, be cautious and check for any fraudulent activity in your bank accounts.

Check your Citibank account regularly and contact us immediately at our 24-hour CitiPhone at 03-2383 0000 should you encounter any difficulties or irregularities.
Protect your username, password and other authentication credentials

Do's
  • Always ensure your password is at least 6 alphanumeric characters, without repeating any digit or character more than once.
  • Always select a password or PIN that is not based on the username, personal telephone number, birthday or other personal information.
  • Always memorise your ATM/Telephone PIN, online banking username and password and do not record it anywhere, including your mobile device.
  • Always use a separate password for your online banking purposes and for logging into other non-banking websites.
  • Always ensure that no one is watching you while you key in your username, password, ATM PIN, Telephone PIN or any other sensitive information.
Don'ts
  • Never disclose your username and password to anyone via unsolicited emails or any website other than our official Citibank website.
  • Never reveal your ATM/Telephone PIN, username, password or other authentication credentials such as One-Time PIN (OTP) to anyone EVEN IF they claim to be a staff member of Citi or an officer of a regulatory body.
Note:
Notify Citi immediately by calling our 24-Hour CitiPhone at 03-2383 0000 upon knowing that your username and password has been breached.
When using a computer

Do's
  • Always make sure your computer's operating system and browser software is updated with the latest security patches.
  • Always configure a personal firewall and install the latest anti-virus software to help prevent unauthorized access to your home computer, particularly when they are linked via broadband connections, digital subscriber lines or cable modems.
  • Always be sure to update the anti-virus and firewall products with the latest security patches on a regular basis.
  • Always clear your browser's cache and history after each session so that your account information is removed, ESPECIALLY if you are using a shared computer.
  • Always make regular backups of critical data.
  • Always consider the use of encryption technology to protect highly sensitive data.
Don'ts
  • Never select the option AUTO SAVE on browsers for storing or retaining your username and password when logging into online banking.
  • Never enable File & Print sharing while online, particularly if you are linked to the internet via any broadband connection, digital subscriber lines or cable modems when using a Windows operating system.
When using a mobile device

Do's
  • Always ensure security protections are built in and updated on a regular basis. Having the latest mobile security software, web browser and operating system will help safeguard against virus, malware and other threats.
  • Always protect your personal information. Lost or stolen devices can be used to gather information about you and, potentially, others.
  • Always secure your phone by using a strong passcode to lock your phone.
  • Always review the privacy policy and understand what data (location, access to your social networks) an application can access on your device before you download it.
  • Always be vigilant against SIM card swap fraud. This allows fraudsters to request a SIM card swap from telecommunications companies and gain access to a customer's mobile number; allowing them to perform fraudulent transactions. If your SIM card is cancelled without your request, contact your telecommunications provider and the bank immediately.
  • Always take precaution by declining any unexpected message or connection attempt as this may be an attempt to send a malicious program to your mobile device. Always decline such attempts in connection when in doubt.
Don'ts
  • Never disclose personal information via text messages, and be wary when opening links in text messages.
  • Never download the Citi Mobile application from any website. ONLY download it from Apple App Store or Google Play. Take note of the official Citi Mobile application icon below.

    Citi Mobile Citibank MY
Wireless networks

Do’s:
  • Always set a strong password and encryption for your wireless point. This prevents unauthorised users from accessing and using your wireless connection.
  • Always disable broadcasting of your network name (SSID-Service Set Identifier) to prevent casual surfers from detecting and connecting to your wireless network.
  • Always use encryption on data transmission to protect your wireless network.
  • Only allow registered machines for your wireless network.
Important tips when using the ATM
  • Apply ATM cards only for accounts used regularly.
  • Keep a minimal amount of money in the accounts that are linked to the ATM cards.
  • Be alert and watch out for any suspicious persons or activities around the ATM. Be alert of anyone loitering in close proximity to or even at a distance from the ATM location.
  • If you notice any "unauthorized" devices or objects fixed to the ATM, do not use the ATM machine and report it immediately to our 24-Hour CitiPhone.
  • If you withdraw cash, put it away immediately. Do not count it at the ATM machine.
  • When leaving an ATM location make sure you are not being followed by anyone. Make your way to a police station, crowded area or well-lit location immediately if you are being followed.
  • Do not accept any offers of assistance with the ATM from strangers.
  • Never lend your ATM card to anyone.
Note:
If you need help, use the phone located at the ATM machines to contact our 24-Hour CitiPhone for help.
Citibank Security
Protecting our customers and providing a secure online banking/ATM/Telephone Banking experience is top priority at Citi. Here's the list of features we work with to make banking with us safer:

Online banking:
  • 1024 bit encryption
    Data transferred between Citi and your computer or mobile device is encrypted using 1024-bit encryption.
  • Secured log in using username and password
    Only customers using their Citibank Online username and password will be able to access their accounts.
    A customer's username and password must be entered every time he/she logs into Citibank Online. Under no circumstances will Citi store a customer's username and password locally on his/her computer.
  • One-Time PIN (OTP)
    Whether you are logging on from home, the office or elsewhere, the One-Time PIN (OTP) when used with your username and password, provides additional protection against unauthorised access of your online account information and from various forms of online fraud.
  • Automatic time out
    When there is no activity for a certain timeframe, Citi will terminate the customer's secured Citibank Online session to help protect against unauthorized access.
  • Strict protection of customer information
    Citi has strict standards of security and confidentiality to safeguard our customer information.
  • ATM transactions
    The ATM PIN is encrypted for the whole duration of the ATM transaction thus ensuring a secure environment for your transactions performed via the ATM.
  • Telephone Banking transactions through Interactive Voice Response (IVR):
    The Telephone PIN is encrypted for the whole duration of the telephone session thus ensuring a secure
       environment for your transactions performed via telephone banking.

    If the Telephone PIN is incorrectly keyed in for 3 consecutive times, the telephone PIN and its corresponding
       Self-Service Phone Banking Service will be disabled.
Safeguard Yourself

Online banking/ATM/Telephone Banking users also have a role to play to ensure that they are protected at all times.

Do's
  • Always safeguard your username, password, ATM PIN, Telephone PIN or other authentication credentials such as One-Time PIN (OTP).
  • Always make sure that no one is watching you, while you key in your username, password and/or PIN.
  • Always read the websites privacy policies prior to providing any confidential information.
  • Always practice safe social networking. Understand, update, and frequently check the account, privacy and security settings on your social networking profiles. Know what information you are sharing and with whom.
  • Always check your statements regularly to ensure transactions are accurate. Sign up for Citi Alerts to receive free notifications on your account activities.
  • Always read information and security warnings posted on Citibank's website for the latest updates.
  • Always read and follow Citi's recommended online security tips to ensure the safeguarding of your personal information and computer.
Don'ts
  • Never use easy-to-guess numbers as your ATM PIN and Telephone PIN such as your date of birth, telephone number or simple sequential numbers such as 1111, 1234, etc. Once a PIN is chosen, memorize it and never write it down on anything that you carry with you, including the back of your card.
  • Never use the same username and password to log into social networking sites that you use to access your Citi accounts. Never post any information which may help identity theft, for example your contact and employment details.
  • Never use a shared computer or device that cannot be trusted for online banking such as an internet cafe computer.
  • Never leave your computer unattended while you are still engaged in an online banking session.
  • Never disclose your authentication credentials to anyone over the telephone, mail, SMS or over the internet, including the staff of Citi or regulatory bodies.
Note:
  • You are responsible for abiding to Citi's terms & conditions for online banking/ ATM/Telephone Banking.
  • You are required to read and understand the terms and conditions prior to commencing your online banking activities.
  • If you believe that your username, password, ATM PIN, Telephone PIN is compromised or that someone has transferred / may transfer money from your account or otherwise has operated or access your account without your permission, you should notify Citi immediately by calling CitiPhone at 03-2383 0000 and change your PIN immediately.
  • You must always use reasonable precaution to prevent the loss of your card. If your card is lost or stolen, you must notify CitiPhone at 03-2383 0000, followed by a written confirmation together with a copy of police report no later than seven (7) days from the occurrence of the event. Your maximum liability for unauthorized transaction*, as a consequence of a lost/stolen card shall be limited, provided that you have not acted fraudulently or have not failed to inform us as soon as reasonably practicable after having found that your credit card is lost or stolen.
*For the avoidance of doubt, the term transaction includes Citibank debit card transactions, point of sale terminal, internet transaction or such other terminals or channels that are available to Citi.

At Citi, we're constantly updating our security technology to protect your privacy and confidentiality. It is as important that you take the necessary measures to safeguard yourself.
Fraud
Scam emails

Scam emails are fraudulent (a.k.a. spoofing, impostor, or phishing) e-mails that appear to be sent from a legitimate source. These fraudulent emails attempt to trick you into providing sensitive personal information either by replying to the e-mail or by including links to a fake website that will attempt to get you to disclose personal data or login credentials.



Protect yourself:
  • Never disclose personal, financial or credit card information to unknown or suspicious websites. Citi or regulators will NEVER send emails, SMSs, Facebook messages, or Tweets asking for identity confirmation or security details.
  • Never open email attachments from strangers, install software or run programs of an unknown origin.
Note:
In case of any uncertainty, contact us immediately via CitiPhone at 03-2383 0000.
Spyware

Spyware is a piece of software installed in your computer that collects information about you and your internet traffic. It is stored in your PC (with/without your consent) when you download certain software, games, screensavers, etc. from the web. It usually claims to be able to improve your computer's performance.

Spyware can be used maliciously to gain access to your passwords, usernames, card numbers and internet browsing history. They can also be used to scan files on your hard drive and slow down your computer by consuming system resources leading to system instability or a crash.

Protect yourself:
  • Never log in to Citibank Online if you suspect that a spyware is installed on your computer.
Note:
In case of any uncertainty, contact us immediately via CitiPhone at 03-2383 0000.
Embedded links

Cyber criminals may use embedded links to trick you into clicking on them to upload malware to your computer or network in order to collect your personal or confidential information.

Note:
Only click on embedded links from trusted sources to avoid running the risk of malware being uploaded to your computer or network.
Money mule

A "money mule" is a person who receives and transfers money on behalf of fraudsters. In effect, the money mule’s bank account acts as a transit point.

Fraudsters may pose in a number of ways to lure potential victims into transferring money to another bank account usually located outside of Malaysia, later to be withdrawn by the fraudster.

Protect yourself:
  • Do not give your particulars or bank account details to people you do not know or have met only over the internet.
  • Never allow your bank account to be used for incoming money transfers, from new acquaintances, especially if you are offered a commission/reward for it.
  • If you suspect that you have received money in your bank account under the circumstances outlined above, report to the Police, and CitiPhone at 03-2383 0000.
Phishing scams

Phishing occurs when fraudsters send out fraudulent emails to random email addresses. These emails usually contain a link to a look-alike website to mislead you into entering sensitive financial information such as your account number and PIN. This will enable the fraudsters to capture your account information and access your bank accounts.


Protect yourself:
  • If you suspect you've been sent a fraudulent email, contact our CitiPhone at 03-2383 0000 immediately or forward the entire phishing email as an attachment to spoof@citicorp.com
  • Do not input any sensitive information that might provide access to your accounts, even if the website appears legitimate.
Note:
Citi will NEVER send emails to customers to verify confidential, personal or account information.
Pretext calling

Pretext calling is a deceptive means of obtaining personal information and unauthorised disclosure of your financial information. Fraudsters may pretend to be bank officers to obtain your account number or credit card number and other information required. Upon obtaining your information, the fraudsters may call your bank posing as you and perform transactions using your account.

Another form of pretext calling is when fraudsters request for your confirmation on transactions that were supposedly made with your credit cards. When you inform fraudsters that you do not have such credit cards, you are provided with a fake Bank Negara Malaysia telephone number in order to lodge a report. Upon calling, the fraudsters will request for personal information which will subsequently be used for fraudulent activities.

Protect yourself:
  • Monitor and pay attention to your credit card and bank statements to ensure your transactions are accurate.
  • Do not share personal information, such as account numbers, passwords, National Registration Identity Card (NRIC) number and other personal information over the telephone, email, SMS or internet, unless you know who you are dealing with.
  • Store your personal information in a safe place and shred your old credit card receipts, ATM receipts, old account statements, and any other correspondences prior to disposing them.
Note:
Bank Negara Malaysia will NEVER request for your personal or financial information through SMS or telephone calls and will never ask anyone to transfer money to any third party account.
Pharming

Pharming is a scamming practice in which a malicious code is installed on a personal computer or server, misdirecting you to fraudulent websites without your knowledge or consent. Pharming can be conducted either by changing the host file on your computer by exploitation of a vulnerability in DNS server software.

Protect yourself:
  • If you access websites which requires your personal information, ensure the website address has https:// in its URL.
Keylogging

Keylogging is a form of online fraud where the keys inputted on a keyboard is captured, typically in a covert manner so that the person using the keyboard is unaware that their actions are being monitored.

Protect yourself:
  • Install anti-spyware applications which are able to detect and disable/cleanse keylogging softwares.
Note:
Citibank Online’s One-Time PIN (OTP) is SAFE from keylogging as each PIN is invalidated as soon as it is used.
Keylogging on ATM

Keylogging on an ATM is known as overlaying ATMs keyboard pin pad to capture people's PINs. The device is designed to look like an integrated part of the ATM so that bank customers are unaware of its presence.

Protect yourself:
  • If you notice any "unauthorized" devices or objects fixed to the ATM, do not use the ATM machine and report it immediately to our 24-Hour CitiPhone.
  • If you notice anything strange at the ATM, leave immediately. If you have already started a transaction, cancel it and leave immediately.
Note:
Citi ONLY uses certified encrypting pin pad for all the ATMs.
Keylogging on mobile - Interactive Voice Response (IVR)

Keylogging on mobile phones has been known in the market for a number of years. The main purpose of such spyware is to capture and transmit information including email, SMS and keystrokes on the cell phone without the user of the phone being aware of it.

Protect yourself:
  • Review the privacy policy and understand what data (location, access to your social networks) an application can access on your device before you download it.
  • Take precaution by declining any unexpected message or connection attempt as this may be an attempt to send a malicious program to your mobile device. Always decline such attempts in connection when in doubt.
  • Avoid downloading Citibank Mobile application from any site unless it is from Apple App Store and Google Play sites.
SMS spoofing

SMS spoofing uses the short message service (SMS) to set who the message appears to come from by replacing the originating mobile number (sender ID) with alphanumeric text. Spoofing has both legitimate uses (setting the company name from which the message is being sent, setting your own mobile number, or a product name) and illegitimate uses (such as impersonating another person, company or product).



Protect yourself:
  • If you suspect any SMS spoofing, you should notify Citi immediately by calling CitiPhone at 03-2383 0000.
Note:
Citi will NEVER request for your personal details via SMS.
Types of ATM fraud
  • ATM Card skimming
    Instances where a skimming device is used to copy an ATM card's security information on its magnetic stripe in order to reproduce the customer's information on a counterfeit card.
  • ATM Card jamming
    Instances where an ATM's card reader is tampered with the intention to trap a customer's card. The criminal removes the card once the customer has walked away from the ATM Machine.
  • ATM Card swapping
    Instances where a customer's card is swapped with another card without their knowledge during an ATM transaction.
  • Shoulder surfing
    Instances where an individual stands next to someone and observe as they enter a PIN number at an ATM machine.
  • Compromise of ATM PIN number
    Instances where either the customer's ATM PIN is obtained via observation i.e. "shoulder surfing" or the ATM PIN is illegally recorded by a hidden camera.
Minimize your risk of falling victim to ATM card fraud:
  • When choosing a PIN, don't use common numbers like the last six digits of your IC or your date of birth.
  • Once you have chosen a PIN, memorize it. Never write it down on anything that you carry with you, including the back of your card.
  • Try using the same ATM for your transactions. When you are familiar with it, you will be able to recognize changes to it.
  • Be alert and vigilant when conducting transactions at any ATM, and be sure not to be distracted by strangers.
  • Be mindful when entering your PIN in the presence of others near the ATM.
  • If your card is withheld by the ATM, report it immediately to our 24-Hour CitiPhone hotline.
  • Do not respond to any mobile phone text messages or emails requesting for personal information, especially your PIN and passwords to your banking account. Banks will never request for such information in this way. If you do receive such call or text message, take down the caller's details and call the bank directly to verify their identity with the bank's customer service centre.
Minimize your loss if you do fall victim:
  • If your ATM card has been lost, stolen or otherwise compromised, immediately call the bank to cancel the card and get another with a new PIN.
  • If you have reason to believe that an identity thief has tampered with your bank accounts, cheques or ATM card, close the account immediately.
  • Check your bank statements regularly even after you have reported your ATM card missing. If you find any suspicious charges, notify the bank immediately.
Types of telephone banking fraud
  • Telephone Tapping
    Telephone tapping is the unauthorized monitoring of telephone and Internet conversations and/or key tone by a third party. Telephone Tapping is possible on a public switched telephone network and can be difficult to detect.
Protect yourself:
Supported Browsers

You are recommended to use supported and updated browsers to ensure that your internet banking is secure.

Web Browsers / OS: Windows Mac OSX iOS Android
8.1 8 7 Vista XP 10.10 10.9 10.8 7.1.2 7 4.1.2
Internet Explorer 11 X X
Internet Explorer 10 X X
Internet Explorer 9 X X
Internet Explorer 8 X X X
Chrome 35 X X X X X
Chrome 32 X X X X X
Chrome 31 X X X X X
Firefox 33 X X
Firefox 30 X X X
Firefox 28 X
Firefox 26 X X X X
Firefox 25 X X X X
Safari 8.0 X
Safari 7.0 X
Opera 12 X X
Opera 10 X X X X
Tablet Local Browser X X X X
(Samsung Galaxy Note 10.1)
X
(Kindle Fire HD)

You can download a new browser from:

  • Microsoft Internet Explorer™
    http://www.microsoft.com/windows/ie/downloads/default.mspx
  • Google Chrome
    http://www.google.com/chrome
  • Mozilla Firefox
    http://www.mozilla.org/products/firefox
  • Safari
    http://www.apple.com/safari/download
  • Opera
    http://www.opera.com/computer/windows

NOTE: We do not recommend that you download beta versions, since they are experimental and may undergo significant changes before they're released. Please only download the above recommended versions.

If you are not ready to upgrade your browser, or you do not use one of these operating systems, you can still visit our site. However, should the browser be rejected, you will need to upgrade your browser from the recommended links above and they can be usually downloaded for free from the company's web site stated above.

How can I tell which browser version I am using?

For Windows Users:

  • Microsoft® Internet Explorer™ - Menu > Help > About Internet Explorer
  • Mozilla Firefox - Menu > Help > About Mozilla Firefox
  • Google Chrome - Wrench icon, top right corner > About Google Chrome

For Mac Users:

  • Safari - Safari > About Safari
Reporting
If you suspect any unauthorised breach of your account, transaction(s) that you did not initiate, or other irregularities concerning your account, notify Citi immediately by calling our 24-Hour CitiPhone at 03-2383 0000.

While we investigate, our officers may ask you to provide more details surrounding the incident to allow us to resolve your case as quickly and as efficiently as possible.
Last modified: 10th November 2015