- Home
- |
- Citibank Online® Security
Online Security
We protect. We care. When you are with Citibank you are guaranteed in security. Find out how Citibank has endeavored to protect you.
One Time Password (OTP) is the key to your financial transactions. Do not share the OTP sent by bank with anyone for any purpose, even if the person claims to be Citibank.
Phishing/ Smishing/ Vishing scam
These scams are fraudulent practice of sending emails or SMS claiming to be from reputation companies (including Citibank, tax authorities, investigating agency…) to steal confidential information about your card and bank accounts.
How does scam work?
Scammer targeting people in financial need for business, expense but is in difficulty due to bad debt or not qualified for having loan at financial institutions. Exploiting their desperation, scammers impersonate banks/ financial institutions in Vietnam to establish website, fake Facebook account, advertise in groups for attractive offer such as lending with low interest, bad debt, no collateral required, no underwriting required. When customers approach, scammer requests to provide personal information such as full name, citizen ID, portrait photo, install lending application to apply for loan. After that, using reason such as loan cannot be disbursed due to wrong beneficiary information, wrong Citizen ID information, scammers will request customer to deposit money to guarantee for loan, income proof with promising that money will be returned afterwards. However, as soon as scammers receive the transferred money, they disappear.
Online advertisement offers cash advance from credit card with little or free of charge, asking customers to fill in forms or download applications with their banking credentials. Scammers talk customers into providing OTP or perform unauthorized transactions.
Intentionally transferring a small amount to a customer account, then contacting the customer via phone or via SMS under bank name to inform them about the mistaken transaction, requesting the customer to access a malicious link to take over personal information.
Impersonating Bank to inform customers of abnormal activities and guide customers to access phishing links.
Scammer may contact you with other offers like service upgrade, lucky draw winning, overseas remittance, free gifts, police investigation without an indictable offence, etc
Tips to protect yourself
Protect your personal information
Do not share confidential details like card number, card expiry date, CVV, OTP, Internet password (IPIN) with anyone when you receive any unsolicited calls, SMS, IVR or email. Citibank will never ask for such details.
Click wisely
Never access net banking or make payments using your Credit/ Debit Card from unknown links. We only has 01 official website www.citibank.com.vn and 1 Citibank Vietnam Facebook http://www.facebook.com/CitiVietnam .
Be aware of your banking activities
Stay on top of your account activities by enabling a Plus notification on Citi Mobile App for transaction alerts. Inform the Bank immediately if you observe any abnormal activity in your account.
Stay updated with Citi
Safeguard yourself by ensuring your mobile number, email and mailing address are up to date. You can now easily update your details via Citi Mobile App or Citibank Online to make sure that you never miss any important notification.
Lock card
In case you suspect fraudulent transactions, or you lose your credit card, you can quickly and easily lock your card on Citi Mobile App, or call Citibank Hotline for prompt actions.
Don’t fall victim to fraudulent mobile application
Install antivirus software to your mobile.
Ensure you only install software downloaded from official stores likes App Store (for iOS)/ Google play (for Android).
Do not install software with accessibility.
Do not install unknown software from 3rd party website.
There are mobile applications like Test Fairy, AWS Device farm where developers test and enhance their mobile applications before release, this application allows tested software installed to mobile. These developers sometimes invite testers through email or public link. Taking advantage of these initiatives, fraudster scam user to download Test Fairy, AWS Device Farm from App store (for iOS)/ Google Play (for Android). From that, fraudsters continue scam customers into downloading malicious applications to their mobiles. These applications allow fraudsters to access customer’s mobile device and obtain confidential information for immediate or later misuse.
Protect Yourself from Fraud
Here are few types of fraud and the preventive steps that you can take to prevent yourself from becoming a victim.
Phishing
Phishing emails, also known as hoax or spoof emails, are fraudulent emails that appear to be sent from a trusted source but are in fact, designed to trick you into revealing valuable data such as your User ID, password, card details and One-Time Pin (OTP).
Be aware of websites imitating Citi
- Check web-link URL is citibank.com.vn
- Always type citibank.com.vn within the internet browser address bar.
- If ever in doubt, don't enter any information within the website & report to Citi's fraud reporting service.
SMiShing
SMiShing messages appear to be from a legitimate company and typically contain a link that takes you to a spoof website, or it may ask you to call a phone number. Even if you don't enter any information, clicking the link can lead to other problems, such as installing malicious software or dangerous viruses to your phone.
HOW TO RECOGNISE SMS FRAUD
You may receive an SMS from a fraudster posing as Citibank, requesting you to share personal information, such as account or card details.
In most cases you will be directed to a fraudulent lookalike website that requests you to enter your:
- Card details
- Name & Address
- User ID & Password
- One-Time PIN (OTP)
Fraudsters can utilise your details to make immediate purchases or fund transfers.
We're constantly updating and improving our wide variety of security measures, providing you the confidence you need when using Citi Mobile® or Citibank Online®.
Web Security
-
Our 256-bit SSL (Secure Sockets Layer) encryption engine provides industry standard levels of security, ensuring your information can't be accessed by anyone else.
- The green address bar on Citi websites indicates that the site has undergone extensive vetting by our security teams and has been granted a security certificate known as an Extended Validation SSL Certificate.
- For safety, we’ll suspend your online access if three failed login attempts are made. We’ll also block access to cash machines if the wrong PIN is entered three times.
- You are recommended to use supported and updated browsers to ensure your internet banking is secured at all times.
- Every time you sign in to Citibank Online®, the date and time of your last visit are shown. If you didn't sign in then, this will indicate an unauthorised account access has occurred.
2-way SMS Notification
- Our 2-Way SMS service alerts you of any suspicious transactions on your account. It is important that you respond to us immediately:
- You should reply to the SMS with "1" if the transaction is authorised by you or "2" if the transaction is not authorised by you.
- Please note
- You will receive the SMS from the number 6058 ("Short Code") if your registered mobile is a Vietnam number and ("Long Code") +61 42630 6058 if your registered number is not a Vietnam number*.
- We will not ask for any additional information to be provided other than "1" or "2".
- If you are overseas or holding onto an overseas mobile number, please send your reply to Long Code +61 42630 6058.
- Please contact us if you have any issues.
- You can stay on top of your account activities with customized Citi Alerts, where you can get SMS or email notifications whenever there is a specific transaction on your account.
Citi Mobile® Token
- Citi Mobile® Token is a feature within the Citi Mobile® App that authenticates transactions as an alternative to other authentication methods such as Online Security Device, or One-Time PIN (OTP) via SMS.
-
The benefits of Citi Mobile® Token are:
SECURE
Protected by a 6-digit Unlock Code chosen by you and restricted to one device of your choice.
INSTANT
Enter your unique Unlock Code to instantly authenticate your transactions initiated in Citi Mobile® App on your Citi Mobile® Token enabled device. No more waiting for an OTP via SMS, or worrying about misplacing your Online Security device.
EASY
Authenticates all online transactions such as payments and transfers, adding new payee and updating your contact details. It also generates OTP for online purchases.
- With the Citi Mobile® Token, you can instantly authenticate all transactions initiated in the Citi Mobile® App. You can also instantly generate OTP with your unique Unlock Code to authenticate transactions on Citibank Online® or for online purchases.
- After enrolling to Citi Mobile® Token, you should not share or reveal your Unlock Code to anyone, including Citibank.
Misplaced your card? Lock your card on the Citi Mobile® App
- If you’ve misplaced your card, you can temporarily lock your card at Citi Mobile® App so that no one else can use it. You can unlock your card just as easily when you need to.
- While your card is locked, you will not be able to use it for point-of-sale transactions. However, any recurring payment instructions that you may have established on your card will not be affected.
- To terminate your card and request for a replacement if your card is lost or stolen, please call our Citiphone hotline.
If you receive a suspicious email that appears to have been sent by Citibank, contact CitiPhone immediately at
(84 28) 3521 1111 (84 28) 3521 1111. Forward all suspicious emails as an attachment to email spoof@citicorp.com for further investigation and action.
You can verify that you are communicating with a genuine financial institution by examining the website certificate during a secure session. This will verify the identity of the specific website you are accessing as well as validate that the site is secure and genuine. It also ensures that no other website can assume the identity of the original secure site. Please refer to your internet browser's documentation for instructions on how to view a certificate. Always ensure that you are using a secure website when submitting credit card or other sensitive information. To make sure you are on a secure web server, check the beginning of the website address in your browser's address bar - it should read https://, rather than just http://.
Report the theft of information to Citibank by contacting CitiPhone as quickly as possible at (84 28) 3521 1111 (84 28) 3521 1111.
Web browsers use standard security protocols like Secure Socket Layer (SSL), and Secure Hyper Text Transfer Protocol (S-HTTP) to enable private information to be transmitted safely over the Internet. When you visit a website with the SSL protocol, a secure connection is created between your computer and the website server you are visiting. Once this connection is established, you can transmit any amount of information to the web server safely. In contrast, the S-HTTP is designed to transmit individual messages securely.
For most web browsers such as Microsoft Internet Explorer and Netscape Navigator, a secure, encrypted session will be indicated by a closed padlock or an unbroken key icon that appears in the lower left or right hand corner of the browser window. You should also check the address bar of your browser. If the website address starts with "https://" rather than the standard "http://" then the session is secure.
Some phishing attacks use viruses and/or Trojans to install programs called "key loggers" onto your computer. These programs capture and send out any information that you type to the phisher, including account numbers, usernames and passwords. In this case, you should:
- Install and/or update anti-virus and personal firewall software.
- Update all virus definitions and perform a full scan.
- Confirm every connection your firewall allows.
Digital certificates are issued by extensively audited and controlled certification authorities to authenticate a website or elements of websites. The certificate identifies the originator of the site and verifies that it has not been tampered with. When your web browser is presented with a certificate, it will check to see if a legitimate certification authority issued the certificate. If there is a match, your session will continue. Otherwise, your browser will issue a warning, and your safest action is to cancel your activity.
If a secure session is established and the information is encrypted during transmission, then others will not be able to view your information. However, you should be aware that some web browsers will store information on your computer even after you are finished conducting your online activities; this is called caching. Therefore, you should close your browser once you are finished using the Internet, particularly if you visit secure sites to conduct financial transactions, check account balances or view any other information that you regard as private and confidential.
Email sent over the Internet is generally not secure unless it is encrypted. In reality, most email programs currently do not have this capability. As most email transmissions are not secure, you should never send any personal or financial information, such as your credit card number, over email.
To continue to protect your data to the highest standard, from early 2018 to access Citibank Online® and Citi Mobile® App via your smartphone, tablet and desktop please ensure that your browser and operating systems meet the minimum requirements found here (link). You will need to update or upgrade your browser / operating system in order to continue to use Citibank Online® and the Citi Mobile® App.
How can I tell which browser version I am using?
Depending on the type of browser you are using, you can determine the version in your browser under:
- About Internet Explorer
- About Mozilla Firefox
- About Google Chrome
- About Safari
If you do not update your browser or operating systems, you will not be able to connect to Citibank Online® or use Citi Mobile® App and will be presented with the following error page for example:
Minimum System Requirements
| Desktop | |
|---|---|
Chrome 30 / Win 7 |
Firefox 31.3.0 ESR / Win 7 |
IE 11 / Win 7 |
Opera 17 / Win 7 |
Firefox 27 / Win 8 |
IE 11 / Win 8.1 |
IE 11 / Win 10 Preview |
Edge 12 / Win 10 |
Firefox 49 / XP SP3 |
Chrome 49 / XP SP3 |
Chrome 34 / OS X |
Firefox 29 / OS X |
Safari 7 / OS X 10.9 |
Safari 8 / OS X 10.10 |
Safari 10 / OS X 10.12 |
|
| Phones | |
|---|---|
Android 4.4.2 |
IE 11 / Win Phone 8.1 |
Edge 13 / Win Phone 10 |
Safari 5 / iOS 5.1.1 |
You can download a new browser from:
Microsoft Internet Explorer™: http://www.microsoft.com/windows/ie/downloads/default.mspx
Google Chrome: http://www.google.com/chrome
Mozilla Firefox: http://www.mozilla.org/products/firefox
Safari: http://www.apple.com/safari/download
Opera: http://www.opera.com/computer/windows
