FAQ - Online Security and Fraud Awareness

Funds Transfer

How does Citi protect your information when you bank online?

Here are key ways in which Citi safeguards your information when using Citibank online:

  • 256-bit Encryption: Your information is protected by 256-bit encryption – a technology which helps prevent hackers from intercepting your data, when you access your accounts and perform transactions.
  • Additional authentication: A one-time password (OTP) is sent to your registered email or mobile number for performing sensitive transactions like adding payees, updating contact details, and updating KYC / PAN / Passport details.
  • Extended Validation (EV) SSL Certificate: The green address bar on Citibank sites helps you visually validate that the site you are transacting with has undergone an extensive, external security audit.
  • Secure Firewalls: The servers for Citibank sites are protected by state of the art firewalls to help prevent unauthorized access to our network.
  • Session Timeouts: If you're signed on and not using Citibank Online for several minutes, your session will "time-out". To resume your online banking activity, you need to re-enter your User ID and Password.

In case you suspect a suspicious transaction OR have received an alert for a transaction you did not make, please contact CitiPhone at 1800 267 2425 immediately.

Wallet Recharge

Four Tips for safe online browsing.

  1. Use a personal firewall: - Many Internet service providers offer this feature. A personal firewall protects your home computer against unauthorized access.
  2. Beware of malware infection by download: Malware is malicious software installed on your computer which has a harmful intent that can, for example, capture your login password, and other personal data. These may get downloaded while visiting a malicious or vulnerable website, viewing an email message or by clicking on a deceptive pop-up window. The best way to protect yourself is to exercise caution before installing programs on your computer or opening email attachments. Here are some precautions that are important to take:
    • Only install applications and software from well-known companies you trust.
    • Install anti-virus, anti-spyware and malware detection software.
    • Make sure your computer is cleansed from viruses/spyware and has up-to-date anti-virus and anti-spyware software installed.
    • Keep your operating system and browser up-to-date with the latest security updates and patches.
  3. Use a pop-up blocker: Set your browser preferences to block pop-ups - aside from being annoying, these pop-ups can contain inappropriate content or have malicious intentions.
  4. Don’t auto save your User ID and Password on your browser when logging in to Citibank Online.

How do I protect and secure my IPIN?

You can follow these tips to protect and secure your IPIN:

  • Destroy the hard copy of the IPIN after memorizing it.
  • Don't disclose it to anyone (including Citibank employees).
  • Don’t write the IPIN on your Citibank ATM/Debit Card or Credit Card.
  • Don’t store your passwords near your computer or on your desk where others might easily find them.
  • Change your IPIN after you access Citibank Online using shared PCs.
  • Use a different password for each of your accounts.
  • Don’t hand over your Citibank ATM/Debit Card or Credit Card to anyone.
  • If you get an email that looks like it's from your Internet Service Provider or someone else with whom you have an account asking to confirm your password, don't respond until you've checked with the company directly

In case

  • You suspect a suspicious transaction OR
  • You have received an alert for a transaction you did not make OR
  • You have lost your Citibank Bank Debit / Credit Card OR
  • Your Citibank Bank ATM / Debit Card is stuck in the card slot of an ATM OR
  • You used an ATM to withdraw cash and the money is not dispensed.

Please contact CitiPhone at 1800 267 2425 immediately.


How do I safely use One Time Password (OTP)?

After you finish entering your Card details at the merchant website, you will be directed to our secured Citibank Payment gateway, where you may be required to enter an OTP (One Time Password) sent to your mobile phone to authenticate and complete your transaction. Some of the things to be followed to safely use OTP are:

  • Since the Bank sends One Time Password to your mobile phone, in case your telecom service provider confirms release of your duplicate SIM card to an unauthorized person, please check your account on Citibank Online or call CitiPhone. This may help you prevent unauthorized access / misuse of your account.
  • If you receive an OAC (Online Authorization Code) or an alert about changes to your account that you did not request, please contact us urgently.
  • Please note that Citibank or its employees will never contact you asking for your Bank account details / Card number/Card expiry date/CVV/One Time Password (OTP) /Internet Password. Do not share these details with anyone over phone or e-mail as this could lead to fraud.

How do I block my lost or stolen card? How do I reissue my card in this case?

Please inform us immediately through one of the 3 channels listed below:

  • Citi Mobile app:
    1. Login on the app using your user id and password (Citi Mobile App is available on both android & iOS platforms. SMS ‘MBANK’ to 52484 or +91 9880752484 and we will send you a link to download the app),
    2. From Menu open the drop down on Service Request and select ‘Report Lost/Stolen’ and
    3. Select the card and reason. You can also reissue the card.
  • Citibank Online:
    1. Login using your user id and password (Click here to login),
    2. Select ‘Report Lost/Stolen Card’ from “Your Queries” section on top right and
    3. Select the card and reason. You can also reissue the card.
  • CitiPhone:
    1. Call us at 1800 267 2425. We have dedicated helpline number for registering cases for lost or stolen card. You can also ask the officer to reissue the card.

Four Things to keep in mind to bank safely away from home.

  1. Only use wireless networks you trust: Networks in Internet Cafés, hotels and libraries are usually not secure and are easy to tamper with. Even if they provide you with a password, that does not guarantee a secure connection. You should avoid using public computers for online banking.
  2. Disable AutoComplete on your browser to prevent the browser from storing the password.
  3. Sign out when you are finished: If you use a public computer, remember to "sign-out" when you have completed your banking, clear the browser cookies, clear the cached files from the browser, and close the browser window.
  4. Avoid using a public or shared computer for personal transactions - Anyone who uses the computer after you and visits the same websites can sign on to your accounts. After you sign off, select the option to "Remove a user", if that option is available. Also, make sure to clear the Internet history and any cookies stored. You can use the Citi Mobile app to transact securely away from home or on the go. Citi Mobile App is available on both android & iOS platforms. You can SMS ‘MBANK’ to 52484 or +91 9880752484 and we will send you a link to download the app.

I have received a mail from Citibank asking for personal information like card number, IPIN, OTP, TPIN, etc. Should I provide my details?

NO, you should not provide any detail. Citibank will never send you an e-mail with any input fields asking for personal, account related or other sensitive information like your Citibank Card number, CVV, Card Expiry, Internet Password (IPIN), APIN, TPIN or expiration date, etc.

Citigroup frequently sends e-mails to provide you with information and updates about our services. If we request information from you in these e-mails, make sure that the URL provided in the e-mail leads to genuine Citibank URLs.

In case if you have shared any such information and/or observe an unknown transaction in your account, please call CitiPhone immediately at 1800 267 2425.


What are the various types of typical fraudulent emails?

There can be many types of fraudulent emails, some of the most common ones are:

  • Urgent or time-sensitive E-mails that ask you to provide, update or confirm sensitive data like your Citibank Card number, IPIN, APIN, TPIN or expiration date, etc.
  • Fake security and maintenance upgrades such as “Your account has been randomly selected for maintenance” OR “Please provide your account details to re-activate your account following the introduction of a new security system”.
  • False bills and charges such as “Your domain name registration is due for renewal; please enter the following information exactly as it appears on your Credit Card statement.” or “You have won a free gift (or prize)”.

In case you have received a fraudulent email, please call CitiPhone immediately at 1860 210 2484 (Locally) /
+91 022 4955 2484 (in case you’re calling from outside India).


How can I identify fake websites?

Fake websites also known as phony or spoofed websites may look very similar to those of a legitimate bank or trusted company. Some of the things which you may look for in these websites are:

  1. Presence of padlock sign on right hand side of the URL. If absent, then the site maybe unsafe.
  2. Such sites will not begin with HTTPS in the URL bar.
  3. They usually lure customers through "spam" E-mail. Avoid clicking on links provided in any suspicious looking E-mail.
  4. Inspect a URL carefully for the presence of an "@" symbol, for example billing@citibank.com. This is a common sign of fraudulent websites. Even if the URL contains the phrase "Citibank" it does not ensure that it is Citibank's website.
  5. Be very suspicious of websites that display an IP Address, or numerical address (e.g.,, in your web browser's address bar instead of a domain name (e.g., www.citibank.com/india)
  6. For more safety, save or "bookmark" frequently visited and trusted websites to your list of favorites, then access those sites through your saved links

What should I do if I receive call asking for my personal details like Internet Password (IPIN), OTP, Card Number, etc.?

In such a case, firstly do not comply with any of the caller’s request. Also, do not use a contact number provided by the caller. If you use a Voice over Internet Protocol (VoIP) phone service, the scammer can record your information even if you use your telephone keypad or keyboard to type in your details, while on the line.

Please be aware that Citibank or its employees will never contact you asking for your Card Number/Card expiry date/CVV/OTP/Internet Password. In case of further doubt, call the institution directly to check the legitimacy of the request.

In case if you have shared any such information and/or observe an unknown transaction in your account, please contact CitiPhone at 1800 267 2425 immediately.

For more, visit Citi Help, the one-stop destination for all your queries.