Online Security


How to protect yourself and your business.

Complementing the security measures used by the Citi Private Bank website and mobile application, there are measures you can take to ensure the security of your computerized personal information.

  • We recommend that you use anti-virus, anti-spyware and pop up blocker software.
  • Keep your operating system updated with the latest security updates and patches.
  • Review your internet security settings.
  • Be wary of emails from addresses or people you do not know.
  • Watch out for phishing email scams.
  • Avoid using public computers or network connections, especially when reviewing financial
  • Protect your laptop and other portable electronic devices.
  • Clear your browser's cache regularly.
  • Back up your personal data and store backups in a secure location.

Online browsing habits

  • Do not disclose personal, financial or credit card information on suspicious or little known websites.
  • Do not select the browser option for storing or retaining user name and password.
  • Check the authenticity of the financial institution's website by comparing the URL and the financial institution's name in its digital certificate, or by observing the indicators provided by an extended validation certificate.
  • Always check that the financial institution's website address changes from http:// to https:// and a security icon that looks like a lock or key appears when authentication and encryption is expected.
  • Check your bank account balance and transactions frequently and report any discrepancy.
  • Consider the use of encryption technology to protect highly sensitive data.
  • Log off the online banking session when not in use.
  • Do not install software or run programs of unknown origin.
  • Remove file and printer sharing on your computers, especially if they have internet access via cable modems, broadband connections or similar set-ups.
  • Delete junk or chain emails.
  • Print and maintain a hard copies of your trade documents for future reference.

Password and PIN Safety

  • Website passwords should be at least 6 digits or 6 alphanumeric characters, without repeating any digit or character more than once.
  • Website passwords should not be based on user-id, personal telephone number, birthday or other personal information.
  • Website passwords must be kept confidential and not be divulged to anyone.
  • Website passwords must be memorized and not be recorded anywhere.
  • Website passwords should be changed regularly. Avoid using the same password for different websites, applications or services, particularly when they relate to different entities.
  • Do not allow anyone to keep, use or tamper with your Security Token (one-time electronic PIN generator).
  • Do not reveal the PIN(s) generated by your Security Token/Phone/Mobile Token to anyone.
  • Do not reveal the unlock code of your Mobile Token.
  • If you have registered for enhanced security capabilities and in the event of mobile device loss or theft, please do the following:
    • Enable enhanced security capabilities on another device. The enhanced security capabilities registered on the previous device will automatically be de-registered.
    • Contact your Private Banker or Web Services and Support Team in Asia Pacific to lock your account. Contact details can be found on our client support page
  • Unlock code should be changed regularly. Deactivate the Mobile Token in the event of loss or theft of handset. 
  • Consider the use of encryption technology to protect highly sensitive data.
  • Delete junk or chain emails.

Staying Vigilant to Cybercriminals

We are currently living through an unprecedented global event, with countries across the world taking measures to control the spread of COVID-19. As people adjust to changes in their routines, fraudsters are using the pandemic as an opportunity to exploit anxious populations. There have been increasing reports of new COVID-19 themed email scams being used to target individuals and businesses. Examples of the malicious emails include:
  • Safety advice and tips for preventing the spread of the virus
  • Tax adjustments and/or refunds to help struggling businesses
  • Donation pages for charities, victims and vaccines
  • Advertisements for health products, such as face masks and hand sanitizer
  • Requests to send supplier payments to new bank accounts

It is during times like these that criminals venture to exploit individuals’ vulnerabilities and may pose as people or organizations you trust. This could include posing as Citi, Citi Private Bank, or even law enforcement officials attempting to contact you regarding your bank account.

Please remain alert and always follow these important rules:

  • Check the source and content of emails carefully before clicking links or opening attachments.
  • Never share personal, financial or login data in emails, SMS messages, or other messaging app communications, including via links from those sources.
  • Only log into your account by going directly to our website or Citi Private Bank In View, never via links

Next steps

Always contact your Private Banker immediately to verify any Citi Private Bank email or other message you find suspicious. Thank you for staying vigilant in these uncertain times and please let us know if you require further advice.


Read some of our perspectives into the key issues for you and your wealth

View all insights


Read some of our perspectives into the key issues for you and your wealth

View all insights
Contact us

To help put you in touch with the right Private Bank team, please answer the following questions.