Online Security.

Online Security.

At Citibank, we are constantly updating our security technology to protect your privacy and confidentiality. It is as important that you take the necessary measures to safeguard yourself.

Internet Security Notice

Internet Security Notice

Online Banking Security Tip

  • Always enter the Citibank International Personal Bank Singapore website address "" or "" directly into your browser address bar before you login to ensure that you are on the legitimate Citibank website.
  • Check that the bank's website address changes from http:// to https:// and a security icon that looks like a lock or key appears at the bottom of the webpage when authentication and encryption is expected.
    • If you do not see the "https://...", close your browser session immediately and call our 24-Hour CitiPhone Banking at
      +65 6224 5757.
    • Even if you see "https://..." and a warning is shown that the SSL Certificate does not belong to Citibank International Personal Bank, you must terminate the session immediately and contact our 24-Hour CitiPhone Banking at +65 6224 5757 to report the incident.
  • You can click on the lock icon at the bottom of the webpage to review the Secure Sockets Layer (SSL) certificate information. The certificate should be issued to or
  • Click log out when you have finished your banking session. Do not just close your browser window.
  • Update the bank when you change your contact details. This will enable us to contact you in a timely manner if we detect unusual transactions.

Notice on SpyEye Malware

It has come to our attention that variants of the SpyEye malware are targeting Singapore Internet Banking websites and we would like to remind our users to update their anti-virus software with the latest virus signatures. You should also do a full virus scan before using any online banking service if you suspect your computer is affected.

Learn more about security tips.

The SpyEye malware targets customer by copying bank's login page with modification on information request flow.

Please take note:

  • If at any time, the screens in the login or OTP flow look suspicious, please do not continue with the transaction
  • If you receive an Online Authorization Code (OAC) with a payee name that you did not set up, please do not continue with the transaction
  • You should not expect any screens that say "Security verification in progress" or "Please wait 10 minutes", interrupting your online banking login flow. Neither should you be prompted for an Online Authorization Code (OAC) immediately

Please familiarize yourself with our online banking processes.

Step 1:

Login to Citibank Online with your Citibank Username and Password.

You will be prompted to enter only your Username and Password. We do not request for the One-Time PIN (OTP) or Online Authorization Code (OAC) at this point. Citibank Online will prompt you for your OTP after login, when you click on any link to effect an online transaction.

Step 2:

You will be greeted by the homepage, upon clicking on a transaction or account summary, you will be prompted to enter the OTP generated by your Online Security Device (OSD). If you do not have an OSD, you can also request for an OTP via SMS. Please note that you will need to have a valid mobile phone number registered with the bank to enjoy this service.

If you receive any request that is suspicious in nature or suspect that there has been any unauthorized breach of your Citibank Account(s) Online, notify us immediately at +65 6224 5757+65 6224 5757.


MAS Notice 626

MAS Notice 626

Notification on Revised Monetary Authority of Singapore ("MAS") Notice 626 on Prevention of Money Laundering and Countering the Financing of Terrorism

We wish to inform you that the revised MAS Notice 626, "Prevention of Money Laundering and Countering the Financing of Terrorism" has come into effect. The new regulations are to help combat money laundering and terrorist financing. These new rules will require banks to include additional information on wire transfer payments. The rules will also require customers to provide details of the beneficial owner(s) of the customers' accounts.

If you are remitting / transferring monies exceeding S$ 2,000 overseas, effective July 1 2007, the revised MAS Notice 626 on Prevention of Money Laundering requires banks in Singapore to provide complete originator's information, i.e.:

  1. The name of the remitter.
  2. The remitter's account number.
  3. The remitter's address (or date and place of birth).

In addition, if you are receiving an inward wire transfer for credit into your account, the revised Notice also requires banks in Singapore to obtain the complete originator information from the remitting bank. There may be a delay in crediting such funds to your account if the remitting bank had not provided the complete originator information.


  • inAccount. The Global Online Account for global citizens.