How To Stay Safe Online?

How To Stay Safe Online?

Bank online with complete peace of mind by following simple safe banking tips!

How to stay safe online?

We, at Citibank value the safety of your information as our priority and hereby provide you with tips and simple practical measures to stay safe online.

Protect Your Computer


Protect Your Account Information


Safe Online Banking Practices

Protect Your Computer
Useful Tips
  • Do not select the option "auto save" on your browsers for storing your user name and password when you login to Citibank Online
  • Make sure your computer has the latest version of the anti-virus software. Download the updates of this software on a regular basis to protect your computer against new viruses
  • Get your computer updated with the latest versions of the browsers and operating system
  • Install a personal firewall and the latest anti-virus software on your computer. This will prevent unauthorized access to your system, particularly when they are linked through broadband connections, digital subscriber lines or cable modems. Update the anti-virus and firewall products with the latest versions on a regular basis
  • If you are using a shared computer, you should clear your browser's cache and history after each session so that your account information is removed
  • If you are using a Windows OS, ensure that File & Print sharing is disabled when you are online
  • Use an Internet browser that supports 128-bit encryption
  • Disable AutoComplete on your browser to prevent the browser from storing the password
Firewall & Browsers

Click on    to expand and on    to minimize the details.

  • Firewall acts as a gatekeeper. It controls the information that goes to and fro from your computer
  • Firewalls prevent unauthorized access to your computer. They also protect your sensitive information from being transferred to unauthorized sources
  • Installing a personal firewall is important, especially if you are using a broadband connection
  • Although Internet browsers have built-in security, some of the small Internet files that get downloaded to your computer whenever you are online may pose a security risk

Enhance your security by taking the following actions:

  • Clear your browser's cache and history after each session so that your account information is removed, especially if you are using a shared computer
  • Use an Internet browser that supports 128-bit encryption
  • If you use Internet Explorer, configure the browser not to remember passwords (Disable AutoComplete)
Anti-virus Protection

Computer viruses can cause serious damage to your computer's performance. The following measures minimize the risk of your computer getting affected.

  • Install anti-virus software on your computer
  • Configure the anti-virus software to automatically notify you when new updates are available for download
  • Perform a complete scan of your computer at least once a week
  • Configure the anti-virus software to scan all in-coming and out-going emails
Anti-spyware Protection
  • Anti-virus software does not provide protection against spying or Trojan horse programs. In addition to having a personal firewall installed, ad/spyware scanner software is recommended to protect you against spying software
  • Install Anti-Spyware software on your computer. This software does a full system scan to detect any ad/spyware on a regular basis
  • Get this software updated regularly on your computer
Protect Your Account Information
Unique Internet Password

Click on    to expand and on    to minimize the details.

  • The security of your information is governed by a Unique Secure IPIN (Internet Password)
  • To select your IPIN online, you will have to verify your personal information and create an OTP(One Time Password) that will be sent to your Mobile phone/email address registered with Citibank
  • You will then have to reconfirm the details and select your IPIN
  • Create a strong IPIN
  • Protect your IPIN. With your password, anyone can access your account pretending to be you. Be especially suspicious if someone claiming to be with Citibank asks for it
  • The IPIN should be a minimum of 8 characters
  • The IPIN should be alphanumeric
  • The IPIN should not contain leading or trailing white spaces
  • In the IPIN, consecutive characters should not be the same
  • Do not create passwords that are similar to your real name, a commonly used nickname, or your online screen name
  • Use a phrase or a series of letters and/or numbers that you can easily remember but that would be hard for others to guess
  • IPIN Should not contain first three and/or last two characters of your User ID in the same sequence.
  • Ensure the IPIN contains only the following special characters ~!@#$*{}[]_.;:
  • Please ensure you do not choose IPINs like abcd123, qwerty123 etc.
  • Do not disclose it to anyone (including Citibank employees)
  • Do not write the IPIN on your Citibank ATM/Debit Card or Credit Card
  • Do not hand over your Citibank ATM/Debit Card or Credit Card to anyone
  • Use a different password for each of your accounts
  • Do not store your passwords near your computer or on your desk where others might easily find them
  • Change your IPIN after your first login and change it at least once in a month
  • Change your IPIN after you access Citibank Online Internet Banking using shared PCs
  • Destroy the IPIN mailer after memorising it
  • If you get an email that looks like it's from your Internet Service Provider or someone else with whom you have an account asking to confirm your password, don't respond until you've checked with the company directly
Online / Offline Safe Banking Etiquettes

Click on    to expand and on    to minimize the details.

  • Change your Citibank Online Password often
  • Do not send sensitive personal or financial information unless it is encrypted on a secure website
  • Act quickly if you suspect fraud
  • Keep your Internet Password (IPIN) confidential
  • Use a secure alphanumeric password that cannot be easily guessed. Do not use commonly used passwords like your vehicle registration number, birthdays, etc.
  • Log off from Citibank Online after you complete your transactions every time and then close your browser
  • Clear your browser cache regularly so that your browser does not store data
  • Avoid accessing Citibank Online from a public/shared computer
  • Login to Citibank Online regularly to monitor your transactions
  • Always remember to log off Internet Banking and close your browser when you have finished your online banking
  • Never fill an email with input fields that ask you for sensitive data such as User ID, Passwords, IPIN, ATM PIN and account number information
  • Look for the padlock symbol on the bottom bar of the browser to ensure that the site is running on secure mode before you enter sensitive information
  • Beware of pop-up windows that ask for your account number and PIN (Personal Identification Number). Citibank Login pages are always on a web page and never in a pop-up window
  • If you suspect a website is fraudulent, leave the site. Do not follow any of the instructions it may present to you
  • Add or bookmark the URL - to your favorites to access information and carryout transactions on your Citibank Account
  • Do not carry your cheque book around with you unnecessarily
  • Do not leave bill payments or other cheques in your mailbox
  • Report lost or stolen cheque and cheque book immediately to your financial institution
  • Tear or shred any old cheque or account statements before throwing them away
Paperless Statements
  • Signing up for paperless statements will ensure that no one else gets your account statements but you
  • You can save time in retrieving your statements as well as have an archive to locate any of your earlier statements right at your desktop. It also helps in reducing clutter and avoids paper trail
Safe Online Banking Practices
Monitoring Your Accounts Online

One of the best ways to protect yourself against fraud is to monitor your account online. Here are some tips to help you monitor your accounts.

  • Review your account information - Login to your Online Citibank Account at least once a week to scrutinize your account information. If you notice any changes to your account that were not made by you, contact us immediately on our 24x7 CitiPhone
  • Look over your transactions - Review your bank and Credit Card unbilled transactions regularly to make sure that these transactions have been made only by you. If you spot a problem, call 24x7 CitiPhone and inform us
  • Set up Account Alerts - Get SMS and email alerts that keep you posted on your account activity
  • Check your credit report regularly - Make sure all the accounts listed are ones you've created, so you can minimize the damage to your credit score. For a copy of your credit report, contact credit reporting agencies like CIBIL
  • Consider using electronic alternatives to paying by cheque when making purchases or paying bills. This substantially reduces, or even eliminates, the number of people that see the personal and account information that is printed on your checks
Safe Social Networking

Citi India has a presence in several social networking sites that help us keep in touch with our customers and clients, including the following:

  • Facebook - Visit us on Facebook and join the conversation at
  • LinkedIn - The Citi India LinkedIn page showcases our employee network, current careers, products and services

With more and more people joining social networks, there has been increased danger of social engineering, a form of identity theft where thieves gather personal information from available sections of social networking sites.
By taking the following precautions, you can guard yourself against social networking fraud.

  • Before joining a social networking site or community, research it online to make sure it's legitimate
  • Do not use the same username and password to log into social networking sites that you use to access your Citi accounts
  • Never share personal information such as: User IDs, PINs and account numbers on social media sites
  • Create a screen name that doesn't reveal too much about you
  • Be careful while clicking links. Even if the message appears to come from a friend, contact the sender directly to make sure it's authentic
  • Post only information you are comfortable with others seeing, and regard information posted on social media sites as public and permanent
  • Use privacy settings to limit access to your information
  • Never include any information that can help thieves steal your identity, such as your address, phone number or even employment information
  • Citi will never ask you for account access information on Social Media sites. If Customer Service needs more information, they will send you a link to the Citibank website where you can enter in your information
  • Citi will never send you a LinkedIn or Facebook message asking for account information
Keeping Your Smartphone Safe

You need to be aware of and take precautions regarding security issues with smartphones. You could still be at risk if not properly protected. Below are some methods by which you can stay protected while enjoying the benefits of mobile advancements.

The reasons for doing so are obvious - if a phone is lost, stolen or simply left unattended, anyone that picks it up will have unrestricted access. This could involve data being stolen, phone calls being made or unwanted services being registered for, and could result in considerable financial cost.

Many new phones offer a "pattern lock" - a personalized shape or pattern that is drawn on the screen to grant access, and this is often faster and of lesser hassle than entering a password. Alternatively a PIN code offers a numeric alternative to a standard password and can also save time. Obviously a password that is easy to guess is less secure - so avoid "1234", "password" and other common phrases.

A screen lock is useful but won't stop someone from removing your SIM card and using it on another phone. To prevent this from happening, set up a SIM card lock in the form of a PIN number that will need to be entered when a phone is turned on in order to connect to a network.

With both of these security measures in place, you can at least be safe in the knowledge that if a phone is stolen it will be of very little use to the average thief.

Simply preventing someone from being able to turn a phone on isn't sufficient anymore, as it's far too easy to retrieve data by simply plugging it into a computer or removing a microSD card. Protecting sensitive data that may be saved to internal storage is therefore a must, and there are a number of solutions available. Most smartphone platforms offer software that can encrypt files or folders on a device with industry-standard protection, which means a code must be entered before a file can be viewed or copied. This also goes for information such as passwords, login details, account numbers and other information that may be saved for access to online banks or merchants. Ensuring that this sort of information isn't easily accessible is important, and it would be wise to install such protection and use it as common practice.

Most smartphones now have the option of connecting to wireless networks - be it a router in the office or home, or a wireless hotspot on the move.

The first thing to remember is to always switch off a wireless connection when it's not in use. Apart from helping you save on battery power, it ensures that malicious parties can't connect to a device without your knowledge. It's also worth taking a browse through a phone's network security settings as it might be configured to automatically connect to a network when in range.

Wireless hotspots and unknown networks are by far the biggest risk when it comes to utilising this connectivity - assuming of course, that any more commonly accessed wireless router in the home or office is sufficiently protected by a pass code.

A relatively common threat that pervades unknown wireless networks and hotspots is called the "evil twin" attack. Here a malicious party might be offering access to a wireless connection that looks very much like a legitimate hotspot from a large company. If a user were to inadvertently connect to this "hotspot", they may find requests for passwords, login details and other information that can then be recorded and used to access their accounts at a later stage. Any requests for information that don't seem entirely legitimate and typical should be ignored.

Unlike wireless networking, Bluetooth isn't seen as a potentially risky venture for most mobile users, and the relatively short-range (around 10m) at which it is accessible does mean that it's inherently safer. However, attacks still happen, and it's important to be aware of the pitfalls of leaving this technology switched on when not in use. Hackers have found ways to remotely access a phone (provided they are within range) and use it to make calls, access data, listen in on conversations and browse the internet.

To prevent this from happening it's a good idea to set default Bluetooth configuration to "non-discoverable" mode by default. This means that users around you who are searching for potential targets won't see your device pop up on their list.

It goes without saying that any unknown requests that come via a Bluetooth connection, such as a request to "pair" with a device or respond to a message from an unknown source should be ignored or declined.

When downloading the Citi Mobile app to your mobile device, be sure to go to a trusted source such as the App Store on the iPhone® and iPod touch® or Android Market. You can alternately SMS <MBANK> to 52484 and click on the download URL in the response SMS and install the application. Do not download the app from any other third party source.

Apple and the Apple logo are trademarks of Apple Inc., registered in the U.S. and other countries. iPhone® is a trademark of Apple Inc. Android™ is a trademark of Google Inc.

  • Download anti-malware protection for your mobile phone or tablet device
  • Do not root or jailbreak your mobile device to get around limitations set by your carrier or device manufacturer.
    It may remove any protection built into the device to defend against mobile threats
  • Beware of everything you download onto your smartphone, especially applications. Only use reputed application from the market. Look at the developer's name, check out reviews and star ratings. Always check the permissions an application requests and ensure that the requests match the features the application provides

It's also important to exercise caution with respected applications such as popular web browsers, as it's often far too easy to simply accept qualification messages that pop up when you're online. Agreeing to save user details and passwords when logging into websites for future access may be convenient, but makes it very easy for those accessing an unprotected phone to do the same. This is particularly important when it comes to online banks and merchants, as these sites often have bank account details saved automatically under your username and would make it easy for others to make unwanted purchases or transactions.

In addition users should pay attention to any potential security warnings that may be displayed when viewing websites, particularly if accessing them through unknown wireless networks, and not just dismiss these without thought. Web pages that involve the entry of sensitive data such as a username, password or account details should always use encrypted protocols to protect this information. This can be confirmed by the presence of an "s" at the end of "http" at the start of a webpage URL (https://) or a visible padlock icon on the status bar of a browser to confirm that the connection is encrypted. It's a good idea to get into the habit of looking for these when using any websites that have requested for personal details.

One increasingly popular practice among Android users is "rooting" a phone. This essentially involves modifying the file system to allow user's access to read-only files and parts of the operating system that the manufacturer or service provider don't want you to change. Some of the advantages of rooting a phone include the ability to change or remove read-only applications that you don't want to use, change the boot screen, back up the entire system, run specialised applications and install custom user interfaces and alternative versions of the OS. Rooting is usually only done by "experts", who should therefore be aware of the potential dangers, but if someone offers to root a phone for you while citing the benefits, it's important to be aware of the security risks as well.

Since rooting allows a user's access to system-level resources, it also opens up for potential infection by malware. Part of the reason why this critical data is inaccessible is to protect it from such threats, and while you may benefit from more flexibility in the short term, writers of malicious code can also benefit from full access to your device if it becomes infected.

Discovering that a phone has been lost or stolen is bad enough, but even when discounting the potential damage that could be done by sensitive data getting into the wrong hands, important documents, contacts, messages, appointments and other information could take a long time to replace. Ensuring that regular back-ups are made is therefore essential, and there are a number of ways to go about it. Most modern phones now allow users to "synchronise" information with a computer or website for productivity or backup purposes. This can include emails and contacts with Microsoft Outlook, photos uploaded to online storage or proprietary software supplied by the phone manufacturer to simply back-up key data in the event of loss.

Security software can help you avoid many of the potential dangers associated with smartphones and modern suites are tailor-made to address issues that are unique to handhelds. As well as offering more standard malware, spam and firewall protection this software can help you control your phone from afar. If your phone has GPS capabilities, it can show you the location of a device if it is lost or stolen.

Furthermore, it's possible to lock a device remotely, requiring password access on the handset or a specific unlock request to enable it. If a phone has simply been misplaced in the home, an audible alert request can be sent to the device to signal its location, and it's even possible to erase sensitive data remotely if you're sure it has found its way into the wrong hands.