Online Security

We protect. We care. When you are with Citibank you are guaranteed in security. Find out how Citibank has endeavored to protect you.

Latest Security Alerts

Ptracker Alert

Any Android phone with illegal phone tracking app Ptracker installed will face the risk of data manipulation, i.e. the One-Time PIN provided to make transactions on Citibank Online and CitiMobile®. If your account and password details are disclosed, online fraud could occur.

We highly recommend that Ptracker is uninstalled, and login details for Citibank Online and CitiMobile are updated for customers who have downloaded this application.

For your security, we strongly advise against downloading software from unofficial online app stores.

Credit card fraud

Credit card fraud can occur when someone obtains your credit card details and uses them over the phone or on the Internet to make purchases in your name. You should always carefully check your statement each month to determine if there are charges for purchases you did not make.

Beware of suspicious telephone calls. Citibank won't contact you by phone with the offer of a preapproved credit card. If you receive a phone call from someone offering you a preapproved Citibank credit card - on the basis you supply them with personal information such as drivers licence, address details, income details - report it to the police or contact CitiPhone at (84 28) 3521 1111 (84 28) 3521 1111.

How to protect yourself

Protect your personal computer

  • Install up to date anti-virus software on your computer to safeguard against viruses being downloaded onto your system.
  • Use a personal firewall to prevent unauthorized access to your computer.
  • Use an up to date operating system (such as Microsoft Windows XP) and Internet browsing software.
  • Learn more about software and browser requirements to effectively protect your computer.

While signed on to Citibank Online

Remember to always type into your browser when signing on to Citibank Online.

Before submitting information through a website, look for the "padlock" icon on your browser's status bar or that the website address starts with "https://" and not just "http://"- when such security details are present, your information is in a secured session.

If you notice a discrepancy in the date and time of your last sign in, contact CitiPhone immediately on
(84 28) 3521 1111 (84 28) 3521 1111. This information is found at the top of the "My Home" page after you login to Citibank Online.

Always exit Citibank Online by clicking on the "sign-off" option, do not just close your browser.

Email Security

Citibank will never

  • Send emails containing links, so please do not to click on any email which links to Citibank Online
  • Send emails to verify your personal and/or account information, including your ATM PIN or account details. Do not reply if you receive an email requesting such information.Send emails requesting you to login or apply for a product via a link in an email
  • Send emails advising you to contact a specific phone number to verify your card or account details. Remember the CitiPhone number (84 28) 3521 1111 (84 28) 3521 1111.

How to spot a spoof email

  • There may be a sense of urgency, example: Your account will be closed or temporarily suspended or you will be charged a fee if you do not respond.
  • Your advised to contact a phone number to verify your card or account details.
  • It contains embedded links that look legitimate because they contain all or part of a genuine company's name. These links may take you to spoof sites that ask you to enter, confirm or update sensitive personal information.
  • There may be obvious spelling errors. These errors enable spoof emails to avoid the spam filters that internet service providers use.

Please report l suspicious emails by forwarding them as an attachment to email for further investigation and action.

Protect your personal and account data

  • Regularly change your online passwords
  • Change your Citibank ATM PIN on a regular basis, and never disclose it to anyone, including Citibank representatives
  • Do not select an easily identifiable ATM PIN like 1111, 1234 or dates of birth.
  • Be careful when using public or shared computers, and check they use up to date anti-virus software and firewalls.
  • Learn more about recommended browsers. If you suspect your personal or account data has been compromised, contact CitiPhone immediately at (84 28) 3521 1111 (84 28) 3521 1111.

Citibank is committed to providing a secure banking environment for our customers. Citibank uses the latest technology and systems to deliver a range of security initiatives as part of an ongoing program to enhance the security of our online banking website.

Citibank Online

The Citibank Online website is constantly monitored by dedicated personnel 24 hours a day who review the website to identify opportunities to enhance the site's security and to maintain all the internet banking services available for our customers.

Immediately upon signing in to Citibank Online, the "My Home" page details the date and time of your last sign in. Contact CitiPhone immediately at (84 28) 3521 1111 (84 28) 3521 1111 if you notice a discrepancy in the date and time of your last sign in.

All communication sent from your computer to our secure systems is encrypted to ensure the confidentiality of all data sent and received.

Credit Card Deactivation

Our card deactivation feature allows you to immediately block your credit card in the event that you misplace it or it is stolen.

Citi Mobile® Token

Citi Mobile ® Token improves your online banking security by providing a secure two-factor authentication. This works by combining 'something that you know' and 'something that you have' (passcode and mobile phone) to ensure that you are the only person that can access your account.

Citi Mobile® Token allows you to generate a One-Time PIN, without your mobile phone requiring an internet connection or network coverage, providing convenient online banking anywhere, anytime.

Two-Way SMS Alert

Our Two-Way SMS Alert service has been designed to help you keep your credit card purchases safe. It ensures a quick and easy two-way communication with Citi in the event of any suspicious activity being detected when making a purchase.

If we notice any suspicious activity on your account, we will send the transaction information to you via an SMS from Citibank If you receive a message from us, all you need to do is reply 1 or 2:

  • Reply 1 to 6058 to confirm a genuine transaction
  • Reply 2 to 6058 confirm a fraud transaction

We will not ask you for any further information. Standard SMS charges from your telecommunication provider apply.

One Time PIN

The Citi One-Time PIN (OTP) adds to the security of your account when you are transacting online. All major transactions, including adding a payee will require an OTP to be completed.

You can receive an OTP as an SMS or generate one using the Mobile OTP function on the Citi Mobile® App. You will need to ensure your mobile number is up-to-date. Updating your contact details is easy at Citibank Online.

Online Authorization Code

A security feature unique to Citibank is the Online Authorization Code which provides added protection when performing third party funds transfers.

To benefit from the above services, please ensure you have provided us with your current mobile phone number. Updating your contact details is easy at Citibank Online. Visit to watch our demonstration video.

Citibank customers are able to contact CitiPhone 24 hours a day, seven days a week for assistance with any queries, so if you believe your account has been compromised in any way, please call (84 28) 3521 1111 (84 28) 3521 1111.


If you receive a suspicious email that appears to have been sent by Citibank, contact CitiPhone immediately at
(84 28) 3521 1111 (84 28) 3521 1111. Forward all suspicious emails as an attachment to email for further investigation and action.

You can verify that you are communicating with a genuine financial institution by examining the website certificate during a secure session. This will verify the identity of the specific website you are accessing as well as validate that the site is secure and genuine. It also ensures that no other website can assume the identity of the original secure site. Please refer to your internet browser's documentation for instructions on how to view a certificate. Always ensure that you are using a secure website when submitting credit card or other sensitive information. To make sure you are on a secure web server, check the beginning of the website address in your browser's address bar - it should read https://, rather than just http://.

Report the theft of information to Citibank by contacting CitiPhone as quickly as possible at (84 28) 3521 1111 (84 28) 3521 1111.

Web browsers use standard security protocols like Secure Socket Layer (SSL), and Secure Hyper Text Transfer Protocol (S-HTTP) to enable private information to be transmitted safely over the Internet. When you visit a website with the SSL protocol, a secure connection is created between your computer and the website server you are visiting. Once this connection is established, you can transmit any amount of information to the web server safely. In contrast, the S-HTTP is designed to transmit individual messages securely.

For most web browsers such as Microsoft Internet Explorer and Netscape Navigator, a secure, encrypted session will be indicated by a closed padlock or an unbroken key icon that appears in the lower left or right hand corner of the browser window. You should also check the address bar of your browser. If the website address starts with "https://" rather than the standard "http://" then the session is secure.

Some phishing attacks use viruses and/or Trojans to install programs called "key loggers" onto your computer. These programs capture and send out any information that you type to the phisher, including account numbers, usernames and passwords. In this case, you should:

  • Install and/or update anti-virus and personal firewall software.
  • Update all virus definitions and perform a full scan.
  • Confirm every connection your firewall allows.

Digital certificates are issued by extensively audited and controlled certification authorities to authenticate a website or elements of websites. The certificate identifies the originator of the site and verifies that it has not been tampered with. When your web browser is presented with a certificate, it will check to see if a legitimate certification authority issued the certificate. If there is a match, your session will continue. Otherwise, your browser will issue a warning, and your safest action is to cancel your activity.

If a secure session is established and the information is encrypted during transmission, then others will not be able to view your information. However, you should be aware that some web browsers will store information on your computer even after you are finished conducting your online activities; this is called caching. Therefore, you should close your browser once you are finished using the Internet, particularly if you visit secure sites to conduct financial transactions, check account balances or view any other information that you regard as private and confidential.

Email sent over the Internet is generally not secure unless it is encrypted. In reality, most email programs currently do not have this capability. As most email transmissions are not secure, you should never send any personal or financial information, such as your credit card number, over email.


Minimum System Requirements

To continue to protect your data to the highest standard, from early 2018 to access Citibank Online and Citi Mobile App via your smartphone, tablet and desktop please ensure that your browser and operating systems meet the minimum requirements found here (link). You will need to update or upgrade your browser / operating system in order to continue to use Citibank Online and the Citi Mobile App.

How can I tell which browser version I am using?

Depending on the type of browser you are using, you can determine the version in your browser under:

  • About Internet Explorer
  • About Mozilla Firefox
  • About Google Chrome
  • About Safari

If you do not update your browser or operating systems, you will not be able to connect to Citibank Online or use Citi Mobile App and will be presented with the following error page for example:

Error Page

Minimum System Requirements


Chrome 30 / Win 7

Firefox 31.3.0 ESR / Win 7

IE 11 / Win 7

Opera 17 / Win 7

Firefox 27 / Win 8

IE 11 / Win 8.1

IE 11 / Win 10 Preview

Edge 12 / Win 10

Firefox 49 / XP SP3

Chrome 49 / XP SP3

Chrome 34 / OS X

Firefox 29 / OS X

Safari 7 / OS X 10.9

Safari 8 / OS X 10.10

Safari 10 / OS X 10.12


Android 4.4.2

IE 11 / Win Phone 8.1

Edge 13 / Win Phone 10

Safari 5 / iOS 5.1.1

You can download a new browser from:

Microsoft Internet Explorer™:

Google Chrome:

Mozilla Firefox:



  • Wide choice of deposits to secure your future.
  • Smooth, Safe, Sensible way to Citibank Online.