Protect yourself from becoming a victim of fraud
Your personal details are precious and should always be kept safe and secure. At Citi we continually update our security to ensure you and you details are protected.
Below we outline a few steps that you should take to protect yourself from becoming a victim of fraud.
Passwords and personal information
Never give your password or security code details to anyone, except when asked to provide individual letters from your security code when talking to Citi on the phone. We will never ask you for your full security code. Ensure that when you are sent your security code you memorise it then destroy the notification.
Logging out of Citi Online
Never leave your computer unattended when logged in to Citi Online our online banking platform. Always log out
Dispose of receipts and statements carefully
Your personal and card details can be obtained from receipts or statements. To protect your identity you should tear up or shred any sales or cash machine receipts, letters or statements before throwing them awayCarefully tear up or shred any sales receipts, cash machine receipts or statements before throwing them away.
Keep your cards in a safe place
Your cards should always be kept in a safe place and never let anyone else use your card. It’s also important to remember to not let retailers take your card out of sight, whatever excuse they may give you.
Protect your PIN
Always keep your Citi Personal Identification Number (PIN) secret and secure.
Don’t let anyone else use your card or your PIN
When you are sent your PIN memorise it then destroy the notification.
Shield your PIN when authorising purchases or making cash withdrawals from an ATM.
Never enter your PIN into websites or order forms, or disclose it to anyone else either in person or over the phone.
You should change your PIN regularly.
Be alert at cash machines
When using your card at a cash machine you can follow the steps below to keep you card secure.
Shield your PIN when you enter it
Immediately report any signs of tampering or if the machine does not return your card.
Don’t allow yourself to be distracted.
Banking online safely
Occasionally clients have reported receiving fraudulent emails that appear to be from Citi, but which are, in fact, sent by imposters. Be very suspicious of any business or person who asks for your password, social security number, or other highly sensitive information.
Citi will NEVER ask clients to provide sensitive information in this way. You should not reply to such emails.
For more information on fraudulent emails visit the Fraudulent Email page.
With the internet becoming the predominant channel for shopping, along with more communication being sent via email, it’s important to recognise and protect against phishing.
Phishing is a term given to emails that attempt to fraudulently obtain your security details. The emails usually look genuine but may contain spelling mistakes and grammatical errors. Phishing emails unlike our Citi emails may not be personally addressed.
Phishing emails will often refer to security problems or account re-activation and will include a link to a website. It’s important that you do not follow the links in the email.
Citi will never send you an email asking you for confidential or personal security information. If we have a security problem we will either contact you directly or request that you contact us.
If you receive what you think is a phishing email please forward it to firstname.lastname@example.org and delete the mail from your inbox.
Remember never click on the links in the email or provide any of your details. In some cases by following the link you may have downloaded a malicious program that captures your keystrokes onto your computer.
Citi Online security
Always enter the Citi Online web address directly into your browser and don’t follow any links, this will ensure that you access the legitimate site. The web address for Citi Online is: https://www.online.citi.eu
When accessing the logon screen of Citi Online ensure that the website address starts with https://. Some browsers will also indicate this with a padlock symbol in the address bar.
Antivirus and antispyware
Make sure your computer is protected against viruses and spyware by installing protective software.
It’s also important to update any antivirus software you have by downloading the latest versions on a regular basis. If the software you use supports auto updates then we recommend that you set this to automatically check for updates every time you connect to the internet.
Make sure that your computer's operating system and browser software is updated with the latest security patches.
We recommend you use a firewall to reduce the likelihood of unauthorised access to your computer from the internet. If you do use a firewall ensure that it is updated regularly.
If you use a wireless network to access the internet ensure that this is encrypted/secure. If the wireless network is not secure other people may be able to access your internet and your internet sessions.
Public or shared computers
If you access Citi Online from a computer that is not your own then you must ensure that the computer you use has antivirus software, firewall and the latest software updates installed.
We would recommend you don’t use a publicly available computer, for example in an internet café, to access your accounts.
Phone and smartphone security
Mobile phones, especially smart phones and phones with Bluetooth, are at risk from a number of electronic attacks as well as traditional risks like theft.
Why protect your mobile phone?
Besides the usual risks with mobile phones for example:
- Theft or loss.
- Disclosure of private contacts.
- Fraudulent use of you account.
The new generation of smart phones and phones with wireless connection and access to the internet have further risks associated with them:
- Smart phone viruses.
- Phishing by phone.
- The fraudulent use of your data connection over a Bluetooth link.
- Accessing usernames and passwords that have been stored in your device when using the internet.
Internet on your smart phone
An increasing number of mobile phones can access the internet in the same way as your home computer or laptop. In the same way that you should protect your home computer you should be protecting your smart phone.
For example, if you use your smart phone to login to a web site this information could be stored on the devise. The information stored can include usernames and passwords. If your mobile phone was then stolen the thief may be able to access this information.
Be password smart
To help keep your passwords safe on your smart phone, follow the steps below:
- Use the PIN or pass code function to secure your handset. Don’t rely on the default factory settings; create a combination that won’t be easily guessed by other.
- Set your device to automatically lock if you haven’t used it for a few minutes.
- Make sure any application you use does not store your log-in details or allow automatic log-in.
- Never store reminders of logins or passwords in your contacts or texts.
When using your smart phone to browse the internet don’t save usernames and passwords if given the option, in particular those used to access online banking, or sites containing confidential personal information.
When using your smart phone online or downloading applications follow the tips below to help keep your details safe:
- If your phone allows you to run an application downloaded from the internet, make sure you understand the risks of doing so and are not led into a trap of downloading hoax or illegal software that could contain a virus.
- Use the same care when using your smart phone in public as you would a public computer.
- Avoid using online banking in public areas; you do not know who may be watching you enter your security details. This is known as shoulder surfing.
- Check for regular updates on your service provider’s website to see if there any security or software updates for your smart phone.
Always remember that if you are using the internet via an un-secure WI-FI connection you need to understand the risks. These threats could be the theft of your data or the criminal ability to re-direct you to a website that will capture your details or download a virus to your phone. If you are using WI-FI in a public place make sure it is secure.
Protect personal details
Think twice about any personal information you store on your phone. 59% of smart phone owners admit that they store their home telephone number as 'Home' in their mobile device. Determined fraudsters may call the number, purporting to be someone else, and use the conversation to find out more details about you.
Think carefully about what information you share online and how it could be misused. Your smart phone holds a great deal of personal information in a single place, making life very easy for fraudsters. So, it’s not just about what you put on your social networking profile, but also that it’s probably easy to work out who you bank with, where you’ve recently made transactions, the names of your family and to glean other details from emails or other documents.
Synchronising your mobile with your computer
If you synchronise your mobile phone to your home or work computer there is a high chance that personal information that you thought you were leaving at home, you are carrying around in your pocket. Make sure you know what data is saved to your mobile and if you don’t need to be carrying it with you then change the settings of your synchronisation software to stop it from copying over.
Stay with reputable sites & applications
The small screen size on a mobile can make it more difficult to spot fraudulent websites so it’s critical to make the relevant checks; for example, keep an eye on the website address to make sure you are not being diverted onto other sites.
Mobile banking can be a very efficient way to manage your finances, but only use applications written and published by your bank. Avoid third party tools and make sure you follow the password advice above.
Protect against malicious software
Watch out for prompts or warnings asking if you want to allow software to install or run; if you don’t know what it is or what it relates to, don’t install it. Mobile handsets are relatively secure devices, but criminals get around this by trying to dupe users into downloading malicious software themselves.
If you are accessing a public wireless network, turn off your Bluetooth connection when you are not using it. This will minimise the risk of infections or interception. Overall, using your 3G network is a more secure option.
There is growing evidence that criminals are using SMS text messages in phishing scams. Be careful about clicking on embedded internet links in text messages.
Until recently mobile phone viruses affecting smart phones have not been a major threat, with viruses occurring on very few smart phones. However due to the growing demand for smart phones the risk is increasing for them to be targeted by fraudsters.
Most of the virus attacks on smart phones have so far not caused damage or very little damage to the smart phone or the users’ identity, having said this you still need to be mindful of the potential risks of mobile viruses and minimise the chance of becoming a victim.
- Be careful about downloading applications from untrusted sites.
- Companies do offer anti-virus software for your smart phone, for example F-Secure.
- Use your Bluetooth safely (see Bluetooth section for more information).
Bluetooth is a short-range wireless network that allows devices like smart phones, computers and headsets to communicate with one another. This method of communication is not inherently unsafe; it does need to be used properly to avoid risks.
- If your smart phone has Bluetooth capability, when you are not using it turn it off.
- If you use Bluetooth make sure that your device is not left in ‘discoverable’ mode.
- Create ‘Pairing’ or trusted links between your devices and your friends devices, but don’t do this in public in case someone is scanning when you make the connection.
- If possible restrict your Bluetooth to only allow 'paired' devices.
- If you lose your smart phone delete any pairing from all other Bluetooth devices.
- Remember it’s not 'just a phone'
Treat your smart phone like a wallet-it keep safe and on your person at all times
Think of your smart phone as a computer, all the same security rules apply. This includes checking the authenticity of websites, not clicking on links from people you don’t know and watching out for phishing scams asking for personal information.
If you decide to recycle, sell or trade in your smart phone, make sure you delete all your personal information first. Most smart phones have a 'reset to factory settings' option on the menu. And don’t forget to remove or wipe any memory cards too.