Online Security - How to stay safe online?

You are here:

India Home>Products & Services>Online Banking>Online Security

Internet Banking

Overview
Citibank Bill Pay
Statement on E-mail
CitiAlert
Prepaid Recharge
Online Tax Remittance

Mobile Services

Overview
Mobile Banking
Interbank Mobile
Payment Service
SMS Banking

Online Security

Overview
How does Citi protect you?
How to stay safe online?
Important updates
Trends in online fraud

Other Online Services

Online Credit Card payment
Online Personal Loan EMI Payment
Online Home Loan EMI
Payment

How to stay safe online? Bank online with complete peace of mind by following simple safe banking tips!

We, at Citibank value the safety of your information as our priority and hereby provide you with tips and simple practical measures to stay safe online.

123 of 3

Showing

Do not select the option "auto save" on your browsers for storing your user name and password when you login to Citibank Online
Make sure your computer has the latest version of the anti-virus software. Download the updates of this software on a regular basis to protect your computer against new viruses
Get your computer updated with the latest versions of the browsers and operating system
Install a personal firewall and the latest anti-virus software on your computer. This will prevent unauthorized access to your system, particularly when they are linked through broadband connections, digital subscriber lines or cable modems. Update the anti-virus and firewall products with the latest versions on a regular basis
If you are using a shared computer, you should clear your browser's cache and history after each session so that your account information is removed
If you are using a Windows OS, ensure that File & Print sharing is disabled when you are online
Use an Internet browser that supports 128-bit encryption
Disable AutoComplete on your browser to prevent the browser from storing the password

Personal Firewall

Firewall acts as a gatekeeper. It controls the information that goes to and fro from your computer
Firewalls prevent unauthorized access to your computer. They also protect your sensitive information from being transferred to unauthorized sources
Installing a personal firewall is important, especially if you are using a broadband connection

Browsers

Although Internet browsers have built-in security, some of the small Internet files that get downloaded to your computer whenever you are online may pose a security risk

Enhance your security by taking the following actions:

Clear your browser's cache and history after each session so that your account information is removed, especially if you are using a shared computer
Use an Internet browser that supports 128-bit encryption
If you use Internet Explorer, configure the browser not to remember passwords (Disable AutoComplete)

Computer viruses can cause serious damage to your computer's performance. The following measures minimise the risk of your computer getting affected.

Install anti-virus software on your computer
Configure the anti-virus software to automatically notify you when new updates are available for download
Perform a complete scan of your computer at least once a week
Configure the anti-virus software to scan all in-coming and out-going emails

Anti-virus software does not provide protection against spying or Trojan horse programs. In addition to having a personal firewall installed, ad/spyware scanner software is recommended to protect you against spying software
Install Anti-Spyware software on your computer. This software does a full system scan to detect any ad/spyware on a regular basis
Get this software updated regularly on your computer

Keep your IPIN a secret

The security of your information is governed by a Unique Secure IPIN (Internet Password)
To select your IPIN online, you will have to verify your personal information and create an Online Authorization Code (OAC) that will be sent to your Mobile phone/email address registered with Citibank
You will then have to reconfirm the details and select your IPIN
Create a strong IPIN
Protect your IPIN. With your password, anyone can access your account pretending to be you. Be especially suspicious if someone claiming to be with Citibank asks for it

Keep the following in mind while creating your IPIN

The IPIN should be a minimum of 8 characters
The IPIN should be alphanumeric
The IPIN should not contain leading or trailing white spaces
In the IPIN, consecutive characters should not be the same
Do not create passwords that are similar to your real name, a commonly used nickname, or your online screen name
Use a phrase or a series of letters and/or numbers that you can easily remember but that would be hard for others to guess
IPIN Should not contain first three and/or last two characters of your User ID in the same sequence.
Ensure the IPIN contains only the following special characters ~!@#$*{}[]_.;:
Please ensure you do not choose IPINs like abcd123, qwerty123 etc.

Tips to secure your IPIN

Do not disclose it to anyone (including Citibank employees)
Do not write the IPIN on your Citibank ATM/Debit Card or Credit Card
Do not hand over your Citibank ATM/Debit Card or Credit Card to anyone
Use a different password for each of your accounts
Do not store your passwords near your computer or on your desk where others might easily find them
Change your IPIN after your first login and change it at least once in a month
Change your IPIN after you access Citibank Online Internet Banking using shared PCs
Destroy the IPIN mailer after memorising it
If you get an email that looks like it's from your Internet Service Provider or someone else with whom you have an account asking to confirm your password, don't respond until you've checked with the company directly

Online

Change your Citibank Online Password often
Do not send sensitive personal or financial information unless it is encrypted on a secure website
Act quickly if you suspect fraud
Keep your Internet Password (IPIN) confidential
Use a secure alphanumeric password that cannot be easily guessed. Do not use commonly used passwords like your vehicle registration number, birthdays, etc.
Log off from Citibank Online after you complete your transactions every time and then close your browser
Clear your browser cache regularly so that your browser does not store data
Avoid accessing Citibank Online from a public/shared computer
Login to Citibank Online regularly to monitor your transactions
Always remember to log off Internet Banking and close your browser when you have finished your online banking
Never fill an email with input fields that ask you for sensitive data such as User ID, Passwords, IPIN, ATM PIN and account number information
Look for the padlock symbol on the bottom bar of the browser to ensure that the site is running on secure mode before you enter sensitive information
Beware of pop-up windows that ask for your account number and PIN (Personal Identification Number). Citibank Login pages are always on a web page and never in a pop-up window
If you suspect a website is fraudulent, leave the site. Do not follow any of the instructions it may present to you
Add or bookmark the URL - www.citibank.com/india to your favourites to access information and carryout transactions on your Citibank Account

Offline

Do not carry your chequebook around with you unnecessarily
Do not leave bill payments or other cheques in your mailbox
Report lost or stolen cheques and chequebooks immediately to your financial institution
Tear or shred any old cheques or account statements before throwing them away

Signing up for paper statements will ensure that no one else gets your account statements but you
You can save time in retrieving your statements as well as have an archive to locate any of your earlier statements right at your desktop. It also helps in reducing clutter and avoids paper trail

One of the best ways to protect yourself against fraud is to monitor your account online. Here are some tips to help you monitor your accounts.

How to monitor your accounts?

Review your account information - Login to your Online Citibank Account at least once a week to scrutinize your account information. If you notice any changes to your account that were not made by you, contact us immediately on our 24x7 CitiPhone
Look over your transactions - Review your bank and credit card unbilled transactions regularly to make sure that these transactions have been made only by you. If you spot a problem, call 24x7 CitiPhone and inform us
Set up Account Alerts - Get SMS and email alerts that keep you posted on your account activity
Check your credit report regularly - Make sure all the accounts listed are ones you've created, so you can minimize the damage to your credit score. For a copy of your credit report, contact credit reporting agencies like CIBIL
Consider using electronic alternatives to paying by cheque when making purchases or paying bills. This substantially reduces, or even eliminates, the number of people that see the personal and account information that is printed on your cheques

Connect with Citi

Citi India has a presence in several social networking sites that help us keep in touch with our customers and clients, including the following:

Facebook - Visit us on Facebook and join the conversation at www.facebook.com/citiindia
LinkedIn - The Citi India LinkedIn page showcases our employee network, current careers, products and services

How to protect yourself from social networking fraud?

With more and more people joining social networks, there has been increased danger of social engineering, a form of identity theft where thieves gather personal information from available sections of social networking sites.
By taking the following precautions, you can guard yourself against social networking fraud.

Before joining a social networking site or community, research it online to make sure it's legitimate
Do not use the same username and password to log into social networking sites that you use to access your Citi accounts
Never share personal information such as: User IDs, PINs and account numbers on social media sites
Create a screen name that doesn't reveal too much about you
Be careful while clicking links. Even if the message appears to come from a friend, contact the sender directly to make sure it's authentic
Post only information you are comfortable with others seeing, and regard information posted on social media sites as public and permanent
Use privacy settings to limit access to your information
Never include any information that can help thieves steal your identity, such as your address, phone number or even employment information

Did you know?

Citi will never ask you for account access information on Social Media sites. If Customer Service needs more information, they will send you a link to the Citibank website where you can enter in your information
Citi will never send you a LinkedIn or Facebook message asking for account information

You need to be aware of and take precautions regarding security issues with smartphones. You could still be at risk if not properly protected. Below are some methods by which you can stay protected while enjoying the benefits of mobile advancements.

Use a PIN/Keylock code

The reasons for doing so are obvious - if a phone is lost, stolen or simply left unattended, anyone that picks it up will have unrestricted access. This could involve data being stolen, phone calls being made or unwanted services being registered for, and could result in considerable financial cost.

Many new phones offer a "pattern lock" - a personalised shape or pattern that is drawn on the screen to grant access, and this is often faster and of lesser hassle than entering a password. Alternatively a PIN code offers a numeric alternative to a standard password and can also save time. Obviously a password that is easy to guess is less secure - so avoid "1234", "password" and other common phrases.

A screen lock is useful but won't stop someone from removing your SIM card and using it on another phone. To prevent this from happening, set up a SIM card lock in the form of a PIN number that will need to be entered when a phone is turned on in order to connect to a network.

With both of these security measures in place, you can at least be safe in the knowledge that if a phone is stolen it will be of very little use to the average thief.

Protect sensitive data

Simply preventing someone from being able to turn a phone on isn't sufficient anymore, as it's far too easy to retrieve data by simply plugging it into a computer or removing a microSD card. Protecting sensitive data that may be saved to internal storage is therefore a must, and there are a number of solutions available. Most smartphone platforms offer software that can encrypt files or folders on a device with industry-standard protection, which means a code must be entered before a file can be viewed or copied. This also goes for information such as passwords, login details, account numbers and other information that may be saved for access to online banks or merchants. Ensuring that this sort of information isn't easily accessible is important, and it would be wise to install such protection and use it as common practice.

Watch your wireless

Most smartphones now have the option of connecting to wireless networks - be it a router in the office or home, or a wireless hotspot on the move.

The first thing to remember is to always switch off a wireless connection when it's not in use. Apart from helping you save on battery power, it ensures that malicious parties can't connect to a device without your knowledge. It's also worth taking a browse through a phone's network security settings as it might be configured to automatically connect to a network when in range.

Wireless hotspots and unknown networks are by far the biggest risk when it comes to utilising this connectivity - assuming of course, that any more commonly accessed wireless router in the home or office is sufficiently protected by a pass code.

A relatively common threat that pervades unknown wireless networks and hotspots is called the "evil twin" attack. Here a malicious party might be offering access to a wireless connection that looks very much like a legitimate hotspot from a large company. If a user were to inadvertently connect to this "hotspot", they may find requests for passwords, login details and other information that can then be recorded and used to access their accounts at a later stage. Any requests for information that don't seem entirely legitimate and typical should be ignored.

Bluetooth

Unlike wireless networking, Bluetooth isn't seen as a potentially risky venture for most mobile users, and the relatively short-range (around 10m) at which it is accessible does mean that it's inherently safer. However, attacks still happen, and it's important to be aware of the pitfalls of leaving this technology switched on when not in use. Hackers have found ways to remotely access a phone (provided they are within range) and use it to make calls, access data, listen in on conversations and browse the internet.

To prevent this from happening it's a good idea to set default Bluetooth configuration to "non-discoverable" mode by default. This means that users around you who are searching for potential targets won't see your device pop up on their list.

It goes without saying that any unknown requests that come via a Bluetooth connection, such as a request to "pair" with a device or respond to a message from an unknown source should be ignored or declined.

Caution with applications

When downloading the Citi Mobile app to your mobile device, be sure to go to a trusted source such as the App Store on the iPhone^® and iPod touch^® or Android Market. You can alternately SMS <MBANK> to 52484 and click on the download URL in the response SMS and install the application. Do not download the app from any other third party source.

Apple and the Apple logo are trademarks of Apple Inc., registered in the U.S. and other countries. iPhone^® is a trademark of Apple Inc. Android™ is a trademark of Google Inc.

Download anti-malware protection for your mobile phone or tablet device
Do not root or jailbreak your mobile device to get around limitations set by your carrier or device manufacturer.
It may remove any protection built into the device to defend against mobile threats
Beware of everything you download onto your smartphone, especially applications. Only use reputed application from the market. Look at the developer's name, check out reviews and star ratings. Always check the permissions an application requests and ensure that the requests match the features the application provides

It's also important to exercise caution with respected applications such as popular web browsers, as it's often far too easy to simply accept qualification messages that pop up when you're online. Agreeing to save user details and passwords when logging into websites for future access may be convenient, but makes it very easy for those accessing an unprotected phone to do the same. This is particularly important when it comes to online banks and merchants, as these sites often have bank account details saved automatically under your username and would make it easy for others to make unwanted purchases or transactions.

In addition users should pay attention to any potential security warnings that may be displayed when viewing websites, particularly if accessing them through unknown wireless networks, and not just dismiss these without thought. Web pages that involve the entry of sensitive data such as a username, password or account details should always use encrypted protocols to protect this information. This can be confirmed by the presence of an "s" at the end of "http" at the start of a webpage URL (https://) or a visible padlock icon on the status bar of a browser to confirm that the connection is encrypted. It's a good idea to get into the habit of looking for these when using any websites that have requested for personal details.

Rooting your phone

One increasingly popular practice among Android users is "rooting" a phone. This essentially involves modifying the file system to allow user's access to read-only files and parts of the operating system that the manufacturer or service provider don't want you to change. Some of the advantages of rooting a phone include the ability to change or remove read-only applications that you don't want to use, change the boot screen, back up the entire system, run specialised applications and install custom user interfaces and alternative versions of the OS. Rooting is usually only done by "experts", who should therefore be aware of the potential dangers, but if someone offers to root a phone for you while citing the benefits, it's important to be aware of the security risks as well.

Since rooting allows a user's access to system-level resources, it also opens up for potential infection by malware. Part of the reason why this critical data is inaccessible is to protect it from such threats, and while you may benefit from more flexibility in the short term, writers of malicious code can also benefit from full access to your device if it becomes infected.

Take a back-up of your data

Discovering that a phone has been lost or stolen is bad enough, but even when discounting the potential damage that could be done by sensitive data getting into the wrong hands, important documents, contacts, messages, appointments and other information could take a long time to replace. Ensuring that regular back-ups are made is therefore essential, and there are a number of ways to go about it. Most modern phones now allow users to "synchronise" information with a computer or website for productivity or backup purposes. This can include emails and contacts with Microsoft Outlook, photos uploaded to online storage or proprietary software supplied by the phone manufacturer to simply back-up key data in the event of loss.

Security software

Security software can help you avoid many of the potential dangers associated with smartphones and modern suites are tailor-made to address issues that are unique to handhelds. As well as offering more standard malware, spam and firewall protection this software can help you control your phone from afar. If your phone has GPS capabilities, it can show you the location of a device if it is lost or stolen.

Furthermore, it's possible to lock a device remotely, requiring password access on the handset or a specific unlock request to enable it. If a phone has simply been misplaced in the home, an audible alert request can be sent to the device to signal its location, and it's even possible to erase sensitive data remotely if you're sure it has found its way into the wrong hands.

Feedback | Careers | Press Room

citigroup.com

Schedule of Fees & ChargesBase RateKey Policies & CommitmentsPrivacySecuritySite Map