Citibank Online safety usage

We have gone to extraordinary lengths to ensure that your Citibank® Online experience is safe, and your accounts and personal data are secure. Our security features are built on the latest technologies and processes.

Citibank® Online currently supports the following security levels:

  • Level 1: Strong Encryption

    All data exchanged between Citibank and your computer are encrypted using TLS* 1.0, 1.1, 1.2, and AES** 128 GCM, to make sure your data are not compromised during their transmission.

  • Level 2: Citibank® Online Sign-on Password

    You yourself choose your user ID and password at the time of registration for Citibank® Online, which guarantees full data confidentiality. Choose a combination of letters and numbers easy for you to remember but hard to guess. We advise against using your own name, names of your family members, dates of birth or other personal information, or using the same password for different websites. Do not write down your password or share it with anyone else, even Citibank staff.

    If you suspect that someone knows your Citibank® Online user ID and password, change them immediately. It’s not that hard to do.
  • Level 3: One-Time Passwords

    Most of Citibank® Online key functions are additionally protected by a one-time password texted to your mobile phone number. The entering of one-time password gives us added assurance that it’s you who is initiating the transaction.

    Some transactions require you to enter your one-time password only once during the session,
    • Card activation in Citibank´┐Ż Online.
    • Changing your user ID and password in Citibank´┐Ż Online.
    • View account summary.
    • View card/account details (transactions, payment details, etc.).
    • Global view of accounts (registration and cancellation).
    • Mask account numbers.
    • View payee list.
    • View standing orders.
    • My Favorite Transfers.
    • My Messages.
    • Write to Us.
    • Get Confirmation Document (accounts/time deposits/cards/loans).
    • Citibank Alerting Service and alert setting.
    • View statement.
    • Change contact details.
    • Change card linkage.
    • Equity, bond and structured note portfolio.
    • Mutual fund portfolio and account summary.
    • Loan in one click/Credit card in one click.
    • View promo code for reward point redemption.
    • Card re-issue and blocking.
    • Dispute credit card transaction.
    while other transactions require you to do it every time you attempt to initiate them.
    • Remind user ID, recover password.
    • Registration, card activation at
    • Add and manage payees.
    • One-time payments (without adding payees).
    • Foreign currency transfers.
    • Loan/credit card online form; checking application status and signing the individual terms of credit agreement.
    • Change PIN.
    If you enter your one-time password or Citibank® Online sign-on password incorrectly three times in a row, you will be automatically locked out. Only you yourself can recover access to the system by clicking «Forgot your password?».
  • 1. Date and time of last login

    Every time you sign on to Citibank® Online, you see the date and time of your last login shown under the main menu. Please pay attention to this information, as it will help you find out if someone else has been trying to access your account.

    By the way, if someone tries to access your account and enters a wrong password, we will immediately notify you of a failed sign-on attempt by text message and will also show this information on your Citibank® Online page under the main menu. If it weren’t you who made this sign-on attempt, make sure to call CitiPhone and change your user ID and password.

  • 2. Masking account numbers

    All account and card numbers in Citibank® Online are automatically masked at every login, enabling you to see the name of the account and the last four digits of the account number only (e.g., «Current xxxxxxxxxxxx 4467»).
    If you need to view the full account number (e.g., to find out payment details), you can unmask your account numbers for the current session. At your next login, the account and card numbers will be masked again.

  • 3. Signing off

    Do not just close your browser window after you have completed your session. Make sure to click the «Sign Off» button in the top right-hand corner.

  • 4. Automatic time-out

    If you are inactive for five minutes, the system will automatically log you out for security reasons. To continue working in Citibank® Online, you will need to sign on again.

If you suddenly notice that your SIM card isn’t working, contact your service provider to find out the reason, as soon as possible. If it turns out that someone else has obtained a duplicate SIM card without your knowledge, call CitiPhone immediately!
Security Tips

If you suddenly notice that your SIM card isn’t working, contact your service provider to find out the reason, as soon as possible. If it turns out that someone else has obtained a duplicate SIM card without your knowledge, call CitiPhone immediately!

  • Check that the website is genuine before signing on to Citibank® Online:
    • The address should match Citibank’s official website address;
    • Look for a padlock symbol (usually on a green background) to the right or left of the address bar (depending on your browser type);
    • Your browser should not display any invalid certificate or untrusted connection messages.
  • Don't use search engines.

    Some websites may appear to be legitimate but actually are counterfeits. Take a few extra seconds and type in the URL yourself.

  • Don’t sign on to Citibank® Online at public internet access points.

    Don’t sign on to Citibank® Online at public internet access points (e.g., cyber cafes) or Wi-Fi hotspots, but if you do, change your user ID and password as soon as possible. This is important because public computers may be infected with malware that can intercept your password without your knowledge.

  • Install a reliable antivirus program and keep it up-to-date to protect your PC.

    If you also do online banking on your smartphone, don’t forget to install an antivirus on your smartphone too. If possible, install a personal firewall to block any unauthorized connection attempts. A firewall is especially important if you have a high-speed internet connection.

  • Never use the password autosave feature of your browser.

    Some browsers offer to save your login credentials. We advise against doing this, or anyone who has access to your computer will be able to sign on to Citibank® Online by simply selecting the login credentials saved by the browser. The autosave function can be disabled in your browser settings. We would also recommend that you clear your browser cache and Downloads folder from time to time, and do not use virtual keyboards.

  • Use the TLS 1.2 protocol to access Citibank Online or Citi Mobile.

    For enhanced security, all the devices you use to access Citibank Online and the web-based version of Citi Mobile at must support the TLS 1.2 protocol as of November 5, 2017. If the device you are using to access Citibank Online or Citi Mobile supports a protocol lower than TLS 1.2, an error page will be displayed.

    Please make sure that your browser and operating system meet the minimum requirements listed below.

    For laptops and desktop PCs
    Web BrowserOperating System
    Google Chrome 30Windows 7
    Firefox 31.3.0 ESRWindows 7
    Opera 17Windows 7
    Firefox 27Windows 8
    Internet Explorer 11Windows 10 Preview
    Edge 12Windows 10
    Firefox 49XP SP3
    Google Chrome 49XP SP3
    Google Chrome 34OS X
    Firefox 29OS X
    Safari 7OS X 10.9
    Safari 8OS X 10.10
    Safari 10OS X 10.12

    For mobile devices
    Web BrowserOperating System
    Android 4.4.2
    Edge 13Windows Phone 10
    Safari 5iOS 5.1.1

    Otherwise, please update your browser and/or operating system.

    How to check your browser version

    Please do the following depending on what browser you use:

    Internet Explorer

    • Open your browser.
    • Press the «Tools» button in the upper right-hand corner of the screen.
    • Choose «About Internet Explorer».

    Mozilla Firefox

    • Open your browser.
    • Press .
    • Press .
    • Choose «About Firefox».

    Google Chrome

    • Open your browser.
    • Press in the upper right-hand corner of the screen.
    • Choose «Help».
    • Choose «About Google Chrome».


    • Open your browser.
    • Press «Safari»
    • Choose «About Safari».
Remember! We take every effort to make sure that Citibank Online meets all the latest security standards, but we still urge you to take simple precautions to safeguard yourself.
  • Citibank will never ask for your current PIN or TPIN for transaction purposes in Citibank® Online! You only enter your PIN when you activate your card or change your PIN. Your TPIN is only used for identification and authorization purposes when you call CitiPhone. Your PIN is only required for ATM transactions and POS purchases.

  • To sign on to Citibank® Online, you only need to enter your user ID and password. Please note that Citibank® Online will only ask for your bank card number, its valid thru date, and your date of birth, for the following purposes:

    • Registration for Citibank® Online (setting up your user ID and password);
    • User ID reminder;
    • Password resetting;
    • Card activation.

Learn more about your bank account and credit card security

* Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network. The primary goal of the TLS protocol is to provide privacy and data integrity between two communicating computer applications. When secured by TLS, connections between a client (e.g., a web browser) and a server have one or more of the following properties:

  • The connection is private because symmetric cryptography is used to encrypt the data transmitted. The keys for this symmetric encryption are generated uniquely for each connection at the start of the session;
  • The connection is reliable because each message transmitted includes a message integrity check using a message authentication code to prevent undetected loss or alteration of the data during transmission.

** Advanced Encryption Standard (AES) is a symmetric-key block cipher algorithm.