Card and Account Security

We are committed to protecting your account and card 24/7. That is why it is important for you to have a two-way communication with the bank and keep your contact details updated at all times.

Report a Security Issue

Security Tips

  • To check a suspicious transaction, Citibank will send you a text message from the number 9278, and you will need to reply by texting “1” or “2”. If you are roaming internationally or using a foreign number, text your reply to +44 7860 041394. Your reply text to 9278 will be free; your reply text to +44 7860 041394 will be charged at your mobile provider’s rates.

    In order for this service to work, your phone must allow incoming texts from short numbers.

  • If you receive a suspicious e-mail purporting to be from Citibank or Citigroup Inc., forward it to or call CitiPhone®.

    Do not send personal and/or confidential information in an e-mail or text message.

Educational videos for you

If you fall victim to fraud

  • Call CitiPhone

  • Write to us

  • Contact your nearest Citibank branch

The official e-mail address of our Security Team is:

  • A suspicious call purporting to be from Citibank?

    question img

    End the call and contact CitiPhone yourself.

    Fraudsters are known to make phone calls appearing to be from your bank to trick you into sharing confidential information.

    Never give an unsolicited caller your security word or card number. This information is only required for authentication purposes when you call CitiPhone yourself.

    Never tell anyone your:

    • — PIN or three-digit code on the back of your card,
    • — TPIN,
    • — SMS OTP,
    • — Citibank Online / Citi Mobile® user ID and password.

    A suspicious call? Stop! Do not worry!

    Did you call the bank yourself or is it an incoming call (even if you were transferred to IVR)?

    Answer yourself the question: Who initiated the call?

    If it was not you, hang up. You can call the bank yourself and check.

    Call CitiPhone at the numbers provided on Citibank’s official website only.

  • Got a suspicious e-mail purporting to be from Citibank or Citigroup Inc.?

    question img

    Forward it to

    Do not send personal and/or confidential information in an e-mail or text message.

    Phishing is a play on the word “fishing”. Phishers send out e-mails to a great number of people hoping that some of them will bite the hook. Phishing e-mails often look like legitimate e-mails.

    Signs of phishing e-mails:

    • Require your urgent response.
    • Contain links to fake webpages that require your personal information.
    • May contain typos or spelling errors allowing to bypass spam filters.

    Fraudsters count on you letting your guard down. Never act in a hurry — think first. Fraudsters are crafty and have many ways to scam you. Stay sharp!

  • Got an SMS message purporting to be from Citibank?

    question img

    Remember: All our SMS messages come from the numbers 9278, 2582, +44 7860 041394, Citibank® or CitiAlert**.

    In order for this service to work, your phone must allow incoming texts from short numbers.

    Fraudsters use SMS messages to lure people into sharing their personal information or initiating financial transactions in favor of third parties under various pretexts. Their SMS messages often look like genuine messages from your bank.

    Phishing SMS messages may contain:

    • a request to provide, update or confirm your personal information (security word, PIN, TPIN, etc.);
    • a link to a personal data entry form;
    • a request to sign on to Citi Mobile®/Citibank Online using the link in the message.

    Never act in a hurry — think first.

    Remember: All our SMS messages come from the numbers 9278, 2582, +44 7860 041394, Citibank or CitiAlert..

  • Safe ATM use

    atm img

    Before using an ATM, make sure that the ATM does not have any unusual or non-standard devices placed on the keypad (e.g., a misaligned PIN pad) or fitted over the card reader slot or in the housing above the keypad.

    When entering your PIN, use your free hand, purse or wallet to shield the keypad.

  • Safe card use

    atm img

    After you have received your new card, sign the signature strip on the back of the card.

    Create a strong password for Citibank® Online/Citi Mobile® and PIN/TPIN, and keep them a secret. Choose a combination that will be hard to guess.

    Never write your PIN on the card or keep it next to the card in your wallet, because if the wallet is stolen, the criminals will have all the information they need to make a withdrawal.

    Do not tell anyone the three-digit CVV/CVC number on the back of your card.

    Do not accept advice or help from strangers when using your card, and never give your card to anyone, whether a friend or a stranger.

    Change your PIN at least once every 30-60 days.

    Let the bank know of your planned large purchases or foreign travel plans through Citibank Online (Service Center — Write to Us — Send Request — Notification of Foreign Travel).

    Do not keep more cash than you need for immediate purposes in the primary current account linked to your card. For surplus cash, use savings accounts, time deposits or investment products.

    Check your account balances from time to time by using:

    • account statements,
    • ATMs,
    • Citibank Online,
    • CitiPhone®,
    • or by subscribing to Citibank Alerting Service* and getting instant transaction alerts on your mobile phone.

Educational videos for you

  • quesstion banner

    Got an SMS message purporting to be from Citibank?

    Remember: All our SMS messages come from the numbers 9278, 2582, +44 7860 041394, Citibank® or CitiAlert***.

    Show more >
  • quesstion banner

    Got a suspicious e-mail purporting to be from Citibank or Citigroup Inc.?

    Forward it to

    Show more >
  • quesstion banner

    A suspicious call purporting to be from Citibank?

    End the call and contact CitiPhone yourself.

    Show more >

Citi Mobile®

Your security is our priority.
All data are securely transmitted through an encrypted SSL channel.

  • 055-mobile-b1-circle

    Access the Citi Mobile app using Touch ID/Face ID®

  • 162-card-pin-refresh-b1-circle

    Set up and change your PIN on your own.
    Do not share it with others.

  • If you forgot your user ID and password, you can recover them yourself.

  • Your most important transactions, such as funds transfers, are password-protected to make sure that no one but you can initiate them.

  • Our systems will detect and warn you if your smartphone has a malware infection or a potentially malicious program.

  • You can choose the most convenient method for your one-time passwords (OTP). Receive your OTP in SMS messages or use your Citi Mobile® Token to set up a permanent lock code to authenticate your Citi Mobile transactions and/or generate one-time codes to authenticate your Citibank Online transactions.

    Find out more >

Citibank Online

We have gone to extraordinary lengths to ensure that your Citibank Online experience is safe, and your accounts and personal data are secure. Our security features are built on the latest technologies and processes.

Citibank Online currently supports the following security levels:

  • Level 1: Strong Encryption

    All data exchanged between Citibank and your computer are encrypted using TLS* 1.0, 1.1, 1.2, and AES** 128 GCM, to make sure your data are not compromised during their transmission.

  • Level 2: Citibank Online Sign-on Password

    You yourself choose your user ID and password at the time of registration for Citibank® Online, which guarantees full data confidentiality. Choose a combination of letters and numbers easy for you to remember but hard to guess. We advise against using your own name, names of your family members, dates of birth or other personal information, or using the same password for different websites. Do not write down your password or share it with anyone else, even Citibank staff.

    If you suspect that someone knows your Citibank® Online user ID and password, change them immediately. It’s not that hard to do.

  • Level 3: One-Time Passwords

    Most of Citibank Online key functions are additionally protected with a one-time password texted to your mobile phone number. The entering of one-time password gives us added assurance that it is you who is initiating the transaction.

    Some transactions require you to enter your one-time password only once during the session, while other transactions require you to do it every time you attempt to initiate them.

    If you enter your one-time password or Citibank Online sign-on password incorrectly three times in a row, you will be automatically locked out. Only you yourself can recover access to the system by clicking “Forgot your password?”.

  •  instruction image

    1. Date and time of last login

    Every time you sign on to Citibank Online, you see the date and time of your last login shown under the main menu. Please pay attention to this information, as it will help you find out if someone else has been trying to access your account.

    By the way, if someone tries to access your account and enters a wrong password, we will immediately notify you of a failed sign-on attempt by text message and will also show this information on your Citibank Online page under the main menu. If it was not you who made this sign-on attempt, make sure to call CitiPhone® and change your user ID and password.

  •  instruction image

    2. Masking account numbers

    All account and card numbers in Citibank® Online are automatically masked at every login, enabling you to see the name of the account and the last four digits of the account number only (e.g., «Current xxxxxxxxxxxx 4467»).

    If you need to view the full account number (e.g., to find out payment details), you can unmask your account numbers for the current session. At your next login, the account and card numbers will be masked again.

  •  instruction image

    3. Signing off

    Do not just close your browser window after you have completed your session. Make sure to click the “Sign Off” button in the top right-hand corner.

  • 4. Automatic time-out

    If you are inactive for five minutes, the system will automatically log you out for security reasons. To continue working in Citibank Online, you will need to sign on again.

Security Tips

Our specialists are making every effort to ensure that Citibank Online meets the latest security standards. Still, we urge you to take simple security precautions.

  • Check that the website is genuine before signing on to Citibank Online:

    • The address should match Citibank’s official website address;
    • Look for a padlock symbol (usually on a green background) to the right or left of the address bar (depending on your browser type);
    • Your browser should not display any invalid certificate or untrusted connection messages.
  • Do not use search engines.

    Some websites may appear to be legitimate but actually are counterfeits. Take a few extra seconds and type in the URL yourself.

  • Do not sign on to Citibank Online at public internet access points.

    Do not sign on to Citibank Online at public internet access points (e.g., cyber cafes) or Wi-Fi hotspots, but if you do, change your user ID and password as soon as possible. This is important because public computers may be infected with malware that can intercept your password without your knowledge.

  • Install a reliable antivirus program and keep it up-to-date to protect your PC.

    If you also do online banking on your smartphone, do not forget to install an antivirus on your smartphone too. If possible, install a personal firewall to block any unauthorized connection attempts.

  • Do not use the password autosave feature of your browser.

    Some browsers offer to save your login credentials. We advise against doing this, or anyone who has access to your computer will be able to sign on to Citibank Online by simply selecting the login credentials saved by the browser. The autosave function can be disabled in your browser settings. We would also recommend that you clear your browser cache and Downloads folder from time to time, and do not use virtual keyboards.

  • Use TLS 1.2* compatible devices to access Citibank Online.

    For enhanced security, all the devices you use to access Citibank Online must support the TLS 1.2 protocol as of November 5, 2017. If the device you are using to access Citibank Online supports a protocol lower than TLS 1.2, an error page will be displayed.

    Please make sure that your browser and operating system meet the minimum requirements listed below.

    For laptops and desktop PCs
    Web Browser
    Operating System
    Google Chrome 30
    Windows 7
    Firefox 31.3.0 ESR
    Windows 7
    Opera 17
    Windows 7
    Firefox 27
    Windows 7
    Internet Explorer 11
    Windows 10 Preview
    Edge 12
    Windows 10
    Firefox 49
    XP SP3
    Google Chrome 34
    OS X
    Firefox 29
    OS X
    Safari 7
    OS X 10.9
    Safari 8
    OS X 10.10
    Safari 10
    OS X 10.12
    For mobile devices
    Web Browser
    Operating System
    Google Chrome 30
    Android 4.4.2
    Edge 13
    Windows Phone 10
    Safari 5
    iOS 5.1.1

    How to check your browser version

    Please do the following depending on what browser you use:

    • Internet Explorer
      1. Open your browser.
      2. Press the «Tools» button in the upper right-hand corner of the screen.
      3. Choose «About Internet Explorer»
    • Mozilla Firefox
      1. Open your browser.
      2. Press .
      3. Press .
      4. Choose «About Firefox».
    • Google Chrome
      1. Open your browser.
      2. Press in the upper right-hand corner of the screen.
      3. Choose «Help».
      4. Choose «About Google Chrome».
    • Safari
      1. Open your browser.
      2. Press «Safari».
      3. Choose «About Safari».


We take every effort to make sure that Citibank Online meets all the latest security standards, but we still urge you to take simple precautions to safeguard yourself.

Learn more about your bank account and card security >

Citibank will never ask for your current PIN or TPIN for transaction purposes in Citibank Online! You only enter your PIN when you activate your card or change your PIN.

Your TPIN is only used for identification and authorization purposes when you call CitiPhone. Your PIN is only required for ATM transactions and POS purchases.

To sign on to Citibank Online, you only need to enter your user ID and password.

Please note that Citibank Online will only ask for your bank card number, its valid thru date, and your date of birth, for the following purposes:

  • Registration for Citibank Online (setting up your user ID and password);
  • User ID reminder;
  • Password resetting;
  • Card activation.

Educational videos for you

* Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network.

The primary goal of the TLS protocol is to provide privacy and data integrity between two communicating computer applications.

When secured by TLS, connections between a client (e.g., a web browser) and a server have one or more of the following properties:

The connection is private because symmetric cryptography is used to encrypt the data transmitted. The keys for this symmetric encryption are generated uniquely for each connection at the start of the session.

The identity of the communicating parties can be authenticated using public-key cryptography.

The connection is reliable because each message transmitted includes a message integrity check using a message authentication code to prevent undetected loss or alteration of the data during transmission.

** Advanced Encryption Standard (AES) is a symmetric-key block cipher algorithm (block size 128 bits, key size 128/192/256 bits).