Citibank - Internet Banking - Security of the Application Citibank Online


	• privacy • citibank.com • Citibank Online • site map • česky • home

Security test
Citibank Online is regularly tested and examined by our specialists.

Detection systems
Detection systems that monitor attempts at attacking the integrity of Citibank Online run 24 hours a day.

VeriSign certificate
VeriSign is a digital certificate that users obtain from a certification agency (VeriSign) as proof that what they are trying to access is the true server of the service provider. The digital certificate protects users from communicating with servers trying to pass themselves off as the server to which the user would like to connect in order to obtain their personal data (username and password). The user will find an icon of a lock in the bottom corner of the browser. By clicking on the icon, you can visualize the VeriSign certificate that identifies the website.

Whether you sign on through the www.citibank.cz homepage, www. citibankonline.cz or www.citibusiness.cz, you should always verify the correctness of the certificate by clicking on the lock symbol in the bottom right-hand corner of the login window before you enter your login data. Continue signing on only as long as the website shows the correct Citibank certificate, i.e. with an address Issued to: production.citibank.cz. Should this not appear, please contact the CitiPhone customer line immediately.

Automatic access blocking
If your password is used three times incorrectly and if you provide three incorrect answers to security questions, the system will lock your account, and only the bank can grant you access again as soon
as you prove your identity.

Security of the Citibank Online system
For the security of the system, Citibank Online utilizes the RC4 128 Bit Secure Socket Layer RSA 1024 Bits technology, which is characterized by a high standard of security for transferring information over the Internet. The Internet server also supports the Global Server Digital ID technology made by the company VeriSign, which enables the use of the 128-bit encoding also for 40-bit browsers.

When logging onto Citibank Online, the client uses a chosen User Name and Password (s/he has chosen both of these during registration) and a One-time Security Code generated by the allotted Security Key. Verification of the Client’s identity is done through the “Challenge Response” mechanism. When opening the connection, the Citibank Online server sends the client a random number. On the part of the Client, this random number is encrypted by means of the “Triple DES” algorithm using the User Name and Access Password to Citibank Online. This encrypted random number is returned to the server for verification of authorized access. This procedure ensures that the User Password for accessing Citibank Online is never sent over a public network; not even in its encoded form.

Security Key
Your authentication calculator (or Security Key) is yet another layer of security of Citibank Online. It generates a One-time password that permits you risk-free access to your bank account. Code is generated on the basis of time, login order and a unique key recorded in the Security Key. The server verifies whether the One-time Security Key is the same as the expected code for the given client.

Warning: The use of electronic access to banking products over the Internet can be affected by a breakdown, error or a temporary interruption in the functioning of the network, as a result of a delay in the processing or sending of data, computer viruses, unauthorized attack by a third party or a breakdown of the system. The bank, for this reason, besides the security features that are used in the course of making a maximum effort to assure the security of the electronic access to the banking products, does not accept any responsibility for any damage that may occur related to the use of such access to banking products with an exception of cases when the damage was caused by the failure of responsibility of the bank.