Home>Internet Security The rapid expansion of Internet has revolutionized the way we work and deal with our customers who can now do their banking online at their own convenience, 24 hours a day. While we do our utmost to ensure security and confidentiality in our online banking systems and technology, there are steps you need to take as well to ensure your security when using the Internet and when conducting banking online. At Citibank information security & protection of our customers are of paramount importance. Please take the time to find out what you can do to protect yourself against these risks and understand your roles & obligations with respect to online banking. Check if the address in the address bar of your browser starts with: https://online.citibank.ae/ Check certificates which protect this site. In order to do it click on the "yellow padlock" icon in the bottom bar of your browser. Use "firewall" programs and anti-virus software, which protect your computer against attacks via the Internet. Change your password regularly. If you suspect that someone could get to know your password, change it immediately. Click on to expand and on to minimise the details. What is 'phishing'? Internet and email users across the world are often targeted by an internet scam called "Phishing". Emails are sent by fraudsters intending to collect critical personal and financial information through a fraudulent email that appears to be from a legitimate bank. These e-mails look genuine and always contain a link to a "spoofed" website asking you to provide update or confirm sensitive personal information. These emails are commonly called 'phishing' e-mails. What "phishing" emails are after? Password or PIN Credit card validation (CCV) code ATM/Debit Card or Credit Card number Social Security Number (SSN) Bank Account number Even if you do not provide what they ask for, simply clicking the link could subject you to background installations of key logging software or viruses. Key logging is another method to capture your personal information. Here's how it works. You click on a link to a website or open an attachment that secretly installs software on your computer. Once installed, it records everything you type, including any User name, Password and account or personal information. Fraudsters know how to retrieve this information, or even set it up to automatically have it sent back to them! This is a very real risk when using public or shared computers such as those in Internet cafes. How to identify a "phishing" email Although there's no foolproof formula for spotting a spoof e-mail or web site, these signs should arouse your suspicion. There may be a sense of urgency in the email with messages like "For security and maintenance of your account" "For investigation of irregularities.", "Your account has been frozen", "we need to reconfirm your details", "your credit card has been cancelled" or even "you have a large sum of money in your account, please verify the withdrawals." This is intended to increase the likelihood of you clicking on the hyperlink to sign on or complete a set of questions. There are embedded links that look legitimate because they contain all or part of the real company's name. There may be obvious spelling errors. These help phishing emails avoid the spam filters that most Internet Service Providers use. Citibank will never send you an email asking for your confidential or sensitive information like Username, Password, PIN, Mothers maiden name, Date of Birth etc. What you need to do if you receive a fraudulent email If you receive an email claiming to be from Citibank asking for your financial or confidential information, please do not respond. Forward the fraudulent email to uae.emailfraud@citi.com This will enable our Information Security regulators to shut down the fraudulent website. After forwarding the email, you should delete it from your inbox. In case you have already responded to the email providing confidential information/ details pertaining to you, please ensure that you immediately re-set your Citibank Online User Name, Password and ATM PIN by signing onto Citibank Online. You are also advised to check your accounts for any suspicious transactions by either calling our 24-hour CitiPhone Banking Service or by signing on to Citibank Online. Important Tips to Protect Yourself Whenever you use a link to access a website, be sure to check the website address. Our website address shows as www.citibank.com/uae/ on your browser and you are advised to type this URL or save it as a bookmark on your browser for any future reference. Sign on to Citibank Online regularly - at least once a week - and monitor your account details to see if there are any transactions you do not recognize. Register for Citibank Alerting Service. Account alerts are delivered to your mobile phone or email address with updates on your account balance, bill payment, etc. which will help you flag suspicious activity. Change your Citibank Online Username and Password periodically - every 30 to 60 days is recommended. You can change this by signing onto Citibank Online. Use a strong password - at least 6 to 8 characters consisting of characters, numbers and symbols. Example of a strong password - 5occerfan1963, mar28mbdd. Update your anti-virus software regularly. Anti-virus softwares need frequent updates to guard against new viruses, so be sure to download updates as soon as they are available. Use a personal firewall. Many ISPs (Internet Service Providers) offer this feature, which protect your home computer against unauthorized access by hackers. Should you require further assistance, please call our 24-hour CitiPhone Banking Service on +971 4 311 4000 and a CitiPhone Representative will be glad to assist you. Protecting our customers and providing a secure online banking experience is top priority at Citibank. We have implemented the best available security solutions & technology to ensure that all of our customers' online transactions are safe and secure. 128 Bit Encryption All data sent to and from Citibank is "scrambled" and "reassembled" between Citibank and your personal computer using 128-bit encryption, the highest level of encryption commercially available. Secured login using 16 digit Card Number and Personal Identification Number (PIN) Only customers using their Citicard / Credit Card number and PIN, will be able to access the accounts. A customer's PIN must be entered every time he/she logs into Citibank Online. Under no circumstances does Citibank store customers PINs locally on their computers. For the convenience of customers, the Internet PIN used to login to Citibank Online is same as the APIN ie PIN used by customers for accessing the ATM. Ethical Hacking of new functionality / service Any new functionality / Service that is introduced on Citibank Online undergoes an hacking test, what this means is that we try and break into our own creation using latest tools and only when it passes the most stringent of tests, is a Service introduced for you. Automatic Time Out When there is no activity for 5 minutes, Citibank Online will display a warning message, and upon no activity within one minute, customer's secured Citibank Online session will terminate to help protect against unauthorized access. Strict Protection of Customer Information Citibank has strict standards of security and confidentiality to safeguard the confidentiality of customer information. Regular audits are conducted internally to uphold these standards. Adherence to Regulatory Standards We abide by all information security and online banking regulations set by the authorities both here in United Arab Emirates and in the U.S., with regular audits conducted to ensure compliance. With the above steps taken, customers can be assured of the online security that Citibank offers and should not hesitate to use our 24x7, convenient online banking services to conduct their financial transactions. Citibank is committed to offering our customers the highest level of support possible. If you suspect that there has been any un-authorized breach of your Account(s) online, or that an online transaction has taken place that you did not initiate, you should notify Citibank immediately by calling CitiPhone Banking at (9714) 311-4000. Security incidents will be escalated to our technical support staff for evaluation. If any breach of security appears to have occurred, the bank will investigate it further. Citibank will provide you an interim update of our investigations and the status of your case. Final resolution of any incident, though, will depend on the nature and complexity of the incident, as well as the details surrounding the case. While we investigate, our officers may ask you to provide more details surrounding the incident to allow us to resolve your case as quickly and as efficiently as possible. Click on to expand and on to minimise the details. Unauthorized use of Accounts Will an unauthorized person be able to access my accounts with Citibank Online? Only the signers on an account, using their Citibank ATM Card / Credit Card number and PIN, will be able to access the account. It's important to remember that your ATM Card is valuable and that you exercise care with it. Never lend your card to anyone and never accept advice from strangers while you are using it. Also, be sure to keep your PIN to yourself. This code is an important means of protection for you. Never write it down anywhere. Cookies What are Cookies? What is Citibank's policy regarding the use of Cookies? A Cookie is a small piece of information that an Internet site sends to your browser to hold onto until it is time to read it. Computers other than those on the Internet can also send Cookies. Cookies can contain expiration dates and specific instructions on which web sites can read them. Citibank uses Cookie technology as a means to store only the user profiles you create to connect to Citibank Online. This information is stored on your computer's hard drive and is encrypted to prevent an unauthorized party from accessing that information.Under no circumstances does Citibank store your Personal Identification Number (PIN) locally on your computer. Account Holders need to enter a PIN each time they attempt to connect to Citibank Online. While cookies are not required to log into Citibank Online, Citibank recommends you modify your browser settings to accept cookies in order to save your user profile. Encryption What is encryption? Encryption technology helps provide secure transmission of information along the Internet by encoding the transmitted data using a mathematical formula to scramble the data. Without a corresponding "decoder," the transmission would look like jumbled text and would be unusable. Encryption technology can be used for a host of applications, including electronic commerce (sending credit card numbers for orders or transmitting account information), e-mail messages and sensitive documents. Basic encryption involves the transmission of data from one party to another. The sender encodes the data by scrambling it, and then sends it on. The receiver must decode the data with the correct "decoder" in order to read and use it. How secure is encryption? The effectiveness (or level of security) for encryption is measured in terms of how long the key is -- the longer the key, the longer it would take for someone without the correct "decoder" to break the code. This is measured in bits (e.g., 40-bit encryption, the level of encryption used with many browsers, versus 128-bit encryption, the level of encryption required to use Citibank Online). 128 bit-encrypted messages are over 309,485,000,000,000,000,000,000,000 times harder to break than 40-bit messages. What level of encryption protection does Citibank Online support? All financial transactions are secured using 128-bit encryption, which is currently the strongest available for commercial use. In case your browser supports a lower level of encryption we suggest you upgrade your browser. Security How can I be sure that my information and account data are securely sent through Citibank Online? Citibank currently offers 3 levels of security to help safeguard your financial information: Strong Encryption (128-bit): All data sent to and from Citibank is "scrambled" and "reassembled" between Citibank and your personal computer to protect your personal and financial information. 128-bit encryption, the highest level of encryption commercially available, means there are 2128 possible combinations of "keys" but only one that will "unlock" the information. Personal Identification Number (PIN): Your PIN must be entered every time you sign on to Citibank Online. Remember; always keep your PIN confidential. Automatic Time Out: When there is no activity for 6 minutes, Citibank will terminate your secure Citibank Online session to help protect against unauthorized access. How can I verify that the Citibank Online pages belong to Citibank? Digital Certificates provide the user with third Party (Certification Authority) evidence of the server's authenticity. This safeguards users from trusting unauthorized sites and allows the session to be encrypted. The customer will see a "closed lock" icon on the leftmost (Netscape) / rightmost (Internet Explorer) bottom corner of the Citibank Online Screen. Clicking on the image of lock or a key at the bottom of the browser window when you have reached the page that needs your ATM Card / Credit Card number and PIN input will allow the customer to see the VeriSign Certificate authenticating the site. I would like to refer to a paragraph on your User Agreement, how can I get a copy of it? The Citibank Online Terms and Conditions are displayed after you sign on to Citibank Online. These Terms and Conditions are also available on this website. Can I exit Citibank Online by clicking the browser-closing button at top right? You should click the "Sign-Off" button at screen top. This will ensure your session is properly signed off. What if my computer crashes or I get disconnected from the Internet in the middle of a transaction by accident? Don't worry. While a reference number will be given in most completed transactions, you can also re-logon to check your account balances, or re-initialize the transaction, if needed. Should you have any doubts or questions, call our 24-hour CitiPhone Banking Service to check the status at (9714) 311-4000. How do I know whether the transactions made through Citibank Online have been completed? A reference number is given at the end of each completed transaction. If you have any questions, feel free to call our 24-Hour CitiPhone Banking Service at (9714) 311-4000 to enquire about the transaction. Who can I contact if I run into some technical problems? Contact your ISP if they are ISP related. Otherwise, call our 24-Hour CitiPhone Banking Service at (9714) 311-4000. Online Banking Commercial Banking