- Home
- |
- Security and You
Online Security Tips.
Your online protection.
At Citibank, we constantly update our security technology to protect your privacy and confidentiality. It is important that you take the necessary measures to safeguard yourself.
Here are some of the security features and tips customers should be aware while ensuring a pleasant and secure online banking experience.
Safeguard yourself while banking online
When accessing Citibank Online, always look out for the padlock symbol for your browser to ensure that the website has a valid certificate marked to Citigroup Inc. [US].
|
Mobile Malware
New variants of mobile malware targeting Android smartphones continue to appear in the Asia-Pacific region. These malicious apps often target mobile banking apps, and may attempt to steal customer credentials and perform fraudulent transactions.
In some cases, the mobile malware will attempt to circumvent the additional layer of security provided by One Time PINs (OTPs) by intercepting text messages (SMSs) or generating a fake dialogue inside the mobile banking app in order to trick a user.
Citi recommends customers remain alert for malware threats and review our Online Security Tips. Specifically, Citi suggests that all mobile users consider:
- Only installing applications from trusted and official sources
- Installing a reputable mobile antivirus application
- Keeping mobile device software up-to-date
- Being aware of the heightened risks associated with 'rooted' or 'jailbroken' devices
- Not following any links or instructions provided from unknown or suspicious sources.
Customers who notice unusual behavior in their online banking session should immediately terminate the online banking session and contact Citi’s 24-hour Citiphone on (65) 6224 5757.
Security Alert: TINBA Malware
A new variant of the TINBA malware is targeting banks in Singapore. This malware, when installed on the victim’s PC, steals online banking credentials via fake messages and fake web pages that ask for personal information.
Citi recommends customers remain alert for malware threats and consider the following tips:
- Malware often arrives on your PC in an email attachment. You should never open an attachment from someone you don’t know or if an email looks suspicious.
- Malicious websites can install malware on your PC when you visit them. Never open links to webpages that you don’t recognize or that are sent from people you don’t know.
- Install anti-virus software and make sure it is kept up to date. Anti-virus software should be configured to check for updates at least once per day.
- Keep your PC operating system up to date.
Customers who notice unusual behavior in their online banking session should immediately terminate the online banking session and contact Citi’s 24-hour Citiphone on (65) 6224 5757.
Security alert: DYRE malware
Variants of the DYRE malware continue to target online banking customers worldwide.
DYRE, also known as Dryeza, is a malicious program used by cybercriminals to steal online banking credentials and perform fraudulent transactions. Dyre is usually spread by phishing emails containing attachments or hyperlinks that, once opened, can exploit your computer’s existing security flaws to install the malware. Once installed, DYRE can redirect websites through servers operated by criminals, allowing them to capture and alter data in real time.
Signs of a DYRE infection include:
- Repeated requests for User ID, Password and/or One-Time PIN (OTP)
- Changes in the appearance or procedures of online banking
- Delays and persistent "loading" screens.
Citi recommends customers remain alert for malware threats and review our Online Security Tips.
Customers who notice unusual behavior in their online banking session should immediately terminate the online banking session and contact Citi’s 24-hour Citiphone on (65) 6224 5757.
Security alert: POODLE
A security vulnerability known as "POODLE" (Padding Oracle On Downgraded Legacy Encryption) has been discovered on the SSL3 (Secure Sockets Layer v3) used by old versions of web browsers such as Internet Explorer 6 on Microsoft XP.
SSL is used to establish an encrypted link between a website and a web browser (such as Internet Explorer) to keep the customer's credentials and transactions secure.
In view of this vulnerability, we will not be supporting older versions of web browsers as of 11th January 2015.
We recommend customers to refer to the Supported Browsers and Roles and Responsibility for steps to ensure a safe and secure online banking experience.
Authenticity of Citibank Website
Only login by typing Citibank's Website 'http://www.ipb.citibank.com.sg' onto your web browser. Always ensure that you are on a secure website before submitting your information via your web browser. To ensure you are on a secure website,
- Check the beginning of the Web address in your browser's address field - it will be "https://" rather than "http://".
-
Secure websites will also contain a padlock icon on the status bar at the top of the browser. Double-click to view details of the security certificate, which is issued to Citibank.
To verify that the website is authentic, check for the following details:
- The certificate is issued to www.ipb.citibank.com.sg
- The certificate is issued by Verisign.
- The certificate has a valid date.
- Even if you see "https://..." and a warning is shown that the SSL Certificate does not belong to Citibank, you must terminate the session immediately and contact our 24-Hour CitiPhone Banking at (65) 6224 5757 to report the incident.
-
All data sent to and from Citibank is "scrambled" and "reassembled" between Citibank and your personal computer using 128-bit encryption, the highest level of encryption commercially available.
Right-click on the page > Select Properties
URL: https://www.ipb.citibank.com.sg/SGIPB/
JSO/signon/DisplayUsernameSignon.do?locale=en_SGConnection: TLS 1.0, RC4 with 128 bit encryption (High); RSA with 2048 bit exchange
-
When accessing Citibank Online, always check that the www.ipb.citibank.com.sg website has a valid certificate marked to Citigroup Inc. [US]. We recommend that you enter the bank's address (www.ipb.citibank.com.sg) in your browser URL field to access and login to your account.
One-Time PIN (OTP)
Whether you login from home, office or elsewhere, the One-Time PIN (OTP) when used with your User ID and Password, provides additional protection against unauthorized access of your online account information and from various forms of online fraud.
Time-Out Session with No Activity
To help protect you against unauthorized access, your Citibank Online session will be terminated after a period of inactivity and you will be asked to login again with your User ID and Password.
Strict Protection of Customer Information
Citibank has strict standards on security and confidentiality to safeguard our customers' personal information. Regular audits are conducted internally to uphold these standards. Our security features also ensures that Citibank will never compromise our customers' personal information including Password and PIN to others.
As an internet banking user, you have a role to play to ensure that you are protected while banking online. Here are some of the ways you could take to safeguard yourself:
Your Role and Responsibility
In September 2018, the Monetary Authority of Singapore (“MAS”) issued the e-Payment User Protection Guidelines (“Guidelines”), which essentially set out the expectations of MAS of any responsible financial institution that issues or operates a protected account. The Guidelines are effective 30 June 2019.
The Guidelines define:
(1) a “payment account” as:
any account held in the name of, or any account with a unique identifier of, one or more persons; or any personalized device or personalized facility, which is used by any person for the initiation, execution, or both of payment transactions and includes a bank account, debit card, credit card and charge card.
(2) a “payment transaction” to mean an act, initiated by the payer or payee, of placing, transferring or withdrawing money, irrespective of any underlying obligations between the payer or payee, where the act is initiated through electronic means and where money is received through electronic means, and includes: the placing, transferring or withdrawing of money for the purposes of making payment for goods or services; and the placing, transferring or withdrawing of money for any other purpose.
(3) a “protected account” as any payment account that: is held in the name of one or more persons, all of whom are either individuals or sole proprietors; is capable of having a balance of more than S$500 (or its equivalent amount expressed in any other currency) at any one time, or is a credit facility; and is capable of being used for electronic payment transactions.
(4) an “unauthorised transaction” (in relation to any protected account) as any payment transaction initiated by any person without the actual or imputed knowledge and implied or express consent of an account user of the protected account.
In accordance with the Guidelines, Citibank would like to inform customers and account users of protected accounts about (a) their duties set out in section 3 of the Guidelines, and (b) Citibank’s duties set out in section 4 (excluding paragraph 4.3) of the Guidelines. You should note that except for paragraph 4.4 (which relates to the sending of transaction notifications i.e. Citi Alerts), section 4 of the Guidelines do not apply to Citibank in respect of any credit card, charge card or and debit card issued by Citibank. Please carefully review the Guidelines.
We would like to draw your attention to para 3.3 of the Guidelines which provides that it is the customer/account user’s responsibility to enable transaction notifications (i.e. Citi Alerts) on any device (used to receive transaction notifications from Citibank). Customers/Account users are required to opt to receive transaction notifications for all outgoing transactions of (any amount) made from your protected account, and to monitor the transaction notifications sent to you or the designated account contact. (For this reason, Citibank will assume that you will monitor such transaction notifications without further reminders or repeat notifications.)
If you had previously chosen your threshold for receiving such alerts, the existing threshold will continue to apply. Otherwise, the default threshold set by the Bank will apply. If you wish to select threshold amounts for outgoing transaction alerts, simply login to Citibank Online with your User ID and Password and select 'Manage Alerts' found on the right menu under ‘Useful Links’. You will be able to amend your alerts preferences as well as your preferred mode of notification. Please ensure that your contact information maintained with Citibank is accurate.
Some of your other duties are to protect the access codes you use to authenticate any payment transaction or your identity (e.g. your password or OTP) and to protect access to your protected account such as by ensuring you have strong passwords and keeping your software updated.
An account user would be responsible for actual loss arising from an unauthorised transaction if such account user’s recklessness was the primary cause of loss. Recklessness would include the situation where the account user deliberately did not comply with the duties set out in section 3 of the Guidelines, which includes the duty to enable transaction alerts. It is therefore important to understand that the preferences you set for transaction alerts (including how low or high your selected threshold amount is, and the types of transactions for which you elect to receive notifications) would affect how the liability framework in section 5 of the Guidelines would be applied and how any claim by you in relation to an unauthorised transaction would be resolved.
You are also required to report any unauthorized transactions as soon as possible after receiving a transaction alert and to provide information on such unauthorized transactions to Citibank within a reasonable time.
Liability Framework for Unauthorised Transactions under the Guidelines
The Guidelines set out in section 5, a liability framework relating to unauthorized transactions effected on a protected account. For the avoidance of doubt, the section 5 liability framework does not apply in respect of any Citibank credit card, charge card or debit card (this issue being addressed in the relevant cardmember agreements). Further, Customers should note that the Guidelines provide that “where any account user knew of and consent to a transaction (“authorised transaction”), such a transaction is not an unauthorised transaction, notwithstanding that the account holder may not have consent to the transaction.
The information set out below has been distilled from section 5. However, Customers are advised to read the Guidelines.
Scenario (1): Customer is liable for actual loss
The customer will be liable for the actual loss arising from an unauthorized transaction on a protected account if the customer/account user’s recklessness was the primary cause of the loss. Recklessness would include the situation where any account user deliberately did not comply with section 3 of the Guidelines.
Scenario (2): Account holder is not liable for any loss
The customer is not liable for any loss arising from an unauthorized transaction if the loss arises from any action or omission by Citibank and does not arise from any failure by any account user to comply with any duty in section 3 of the Guidelines.
Any action or omission by Citibank includes the following: fraud or negligence by Citibank, its employee, its agent or any outsourcing service provider contracted by Citibank to provide Citibank’s services through the protected account; non-compliance by Citibank or its employee with any requirement imposed by MAS on Citibank in respect of its provision of any financial service; and non-compliance by Citibank with any duty set out in section 4 of the Guidelines.
Scenario (3): Loss resulting from any action or omission of any independent third party
The customer is not liable for any loss arising from an unauthorized transaction that does not exceed S$1,000, if the loss arises from any action or omission by any third party not referred to in scenario (2) above, and does not arise from any failure by any account user to comply with any duty in section 3 of the Guidelines.
Note:
**Under the Citibank cardmember agreements, a cardmember’s liability for all unauthorized transactions on his/her Citibank credit card which are effected prior to such cardmember notifying Citibank shall be limited to S$100 provided that certain conditions are complied with, including inter alia, the following:- (a) the cardmember has exercised due care in preventing his/her card from being stolen and has immediately notified Citibank; (b) the cardmember assists in the investigations and recovery; and (c) Citibank is satisfied that such unauthorized card transactions are not due to the cardmember’s negligence or fraud.
Always make sure that you have entered your User ID and Password and other confidential information in the legitimate Citibank Website by entering Citibank's Website address "http://www.ipb.citibank.com.sg", "www.citigold.com.sg" or "www.citibank.com.sg/commercial" directly onto your Web browser.
To ensure you are on a secure website,
- Check the beginning of the Web address in your browser's address field - it will be "https://" rather than "http://". Secure websites will also contain a padlock icon on the status bar at the top of the browser. Double-click to view details of the security certificate, which is issued to Citibank.
-
To verify that the website is authentic, check for the following details:
- The certificate is issued to http://www.ipb.citibank.com.sg
- The certificate is issued by Verisign.
- The certificate has a valid date.
-
All data sent to and from Citibank is "scrambled" and "reassembled" between Citibank and your personal computer using 128-bit encryption, the highest level of encryption commercially available.
Right-click on the page > Select Properties
URL: https://www.ipb.citibank.com.sg/SGIPB/JSO/signon/DisplayUsernameSignon.do?locale=en_SG
Connection: TLS 1.0, RC4 with 128 bit encryption (High); RSA with 2048 bit exchange
Do not save your online banking login details on the browsers by clearing your browser's cache and history after each session. Click here for steps to clear browsers' cache. Always remember to log out when you have completed your internet banking session.
Always update the bank whenever you have changed your contact details so that you can be contacted in a timely manner should we detect any unusual transactions.
Ensure that your computer has the latest anti-virus software as they help to guard against new viruses. Your computer's operating system and browser software should be updated with the latest security patches. All these will help prevent unauthorized access to your computer.
Keep your User ID and Password confidential
Internet banking users should never disclosed their User ID and Password and they should also ensure that no one is watching you while you enter your User ID and Password or any confidential information. Memorize your User ID and Password and do not record it anywhere. Under no circumstances should you reveal your User ID and Password to anyone even if they purport to be a staff of Citibank.
Do not use a shared computer or device that cannot be trusted for internet banking such as the computer at an Internet café. These devices may be installed with certain software that could capture your personal information prior to your approval.
Your Online Security Device (OSD) should be kept with you at all times and not be used or tampered with by anyone. The One-time PIN(OTP) generated with OSD or via an SMS should also not be compromised to anyone else.
Beware of Online Threats
Online threats are very common nowadays and it tricks you into surrendering your confidential information. It is important to know its mechanisms and take preventive measures to safeguard yourself. Here are some of the examples of online threats:
1.Fraudulent emails - It is a forged email that alludes you to provide sensitive confidential information either by requesting you to reply to the email or it includes links to a 'fake' website that attempts to retrieve your personal data by requesting you to login to the 'fake' website.
Preventive Methods:
- Do not disclose your personal, financial or credit card information to unknown or suspicious websites.
- Do not open email attachments from strangers and unknown sources or by installing software or run programs from unknown origins.
- Remember, under no circumstances will Citibank ever send you an email requesting for your confidential information. You should not respond to the email or reveal your User ID and Password to anyone.
2.Spyware - It is a software inserted onto your computer that collects information about you and your internet traffic. It is usually get stored onto your computer unknowingly when you download software, games, screensavers, etc from unknown Websites and it claims to improve your computer's performance. It can be used maliciously to gain access to your confidential personal data such as your Passwords, PINs and Internet browsing history.
Preventive Methods:
- If you have installed any software that claims to speed up your internet connection, or have additional third-party toolbars on your browsers, then you may be using software that has the ability to track your internet sessions. We recommend that you uninstall this software.
- Refrain from logging onto Citibank Online until the problem has been resolved.
Email Fraud
Every Internet user should know about spoofing (a.k.a. phishing or hoax) emails and letters that appear to be from a well-known company. Although they can be difficult to spot, the emails or letters generally will request you to access a link that leads you to a spoof Website or to call a phone number to get you to update and confirm your confidential information. To bait you, they may allude to an urgent or threatening condition concerning your account.
You should always remember that under no circumstances will Citibank ever send you an email or letter asking for your account specific confidential information. You should never respond to such emails, letters and reveal your User ID, Password or any other confidential information to anyone. Keep your User ID and Password private and do not share this with anyone, particularly on written correspondence such as email or letters.
Do not give your account number away over the phone unless you know the recipient or if you've initiated the call.
Credit and Debit Card Advisory
You may have read or heard about a security breach at CardSystems Solutions, Inc., a third-party processor of payments for credit and debit card transactions, including Visa and MasterCard.
When we become aware of a breach, we take appropriate steps, above and beyond our normal prevention and detection actions, on any of your accounts that may have been impacted. Our detection actions include the use of Citi's sophisticated Fraud Early Warning System to monitor accounts, and our prevention actions include notifying you who we think may be at risk due to suspicious activity.
There is a low risk of identity theft in this situation since the data compromised, as we understand it, included only name, account number, card verification codes and expiration date. You as cardholders will not be held liable for these proven unauthorized transactions.
Citibank suggests you to monitor their monthly statements to ensure all activities are authorized on their account, and if they notice something suspicious please contact us at our 24-hour CitiPhone Banking on the back of their card immediately. Protecting our customers' accounts and personal information is one of our highest priorities.
Citibank is committed to keeping your credit card, Ready Credit and banking accounts (“accounts”) safe and secure 24 hours a day, 7 days a week.
We are pleased to present a 2 Way SMS service that allows us to alert you of any suspicious transaction on your account. If you receive such an SMS from us, you should inform us if the transaction is authorised by you or not by following the relevant instructions in the SMS.
How it works:
- A suspicious transaction is detected on one of your accounts.
- Citibank sends an SMS to your registered mobile number alerting you to the transaction and requesting for your reply to the SMS. The SMS from Citibank will be sent from the number 72484 or +65 9657 2484.
- You should reply to the SMS with “1” if the transaction is authorised by you or “2” if the transaction is not authorised by you.
Please note:
- You will receive the SMS from the number 72484 if your registered mobile is a Singapore number and +65 9657 2484 if it is not a Singapore number.
- We will not ask for any additional information to be provided other than “1” or “2”.
- If you are overseas, please send your reply to +65 9657 2484.
- It is important that we have your updated mobile number so that you can receive these alerts relating to your accounts.
If your credit card, ATM card or debit card is lost or stolen or if the PIN is compromised, it is important that you report the loss or theft or disclosure to us immediately so that we can prevent further transactions to the relevant account. To report the loss or theft or disclosure to Citibank, please call +65 6224 5757.
|
Your banking security is our utmost priority - which is why we constantly update our technology to protect your money, personal information and privacy. To protect yourself from suspicious emails that you may potentially encounter, you should understand what they are, how to identify them and how to avoid them.
Phishing occurs when fraudsters pose as trusted organizations and frequently send out fraudulent emails/instant messages to random email addresses and phone users. They also collect details from public websites where people post personal information and use this information to create customized fraudulent communications that appear legitimate.
Phishing or hoax emails tend to:
- Claim to be from a well-known company
- Mention that something is urgent or threatening to your account
- Request you to access a link to update or confirm your confidential information
- Be aware that Citibank will NOT email you for any confidential information
- Do not respond to any suspicious emails from unknown sender
- Do not click on embedded hyperlinks or open attachments in emails or SMS messages from unknown or suspicious sources
- Never reveal your User ID, passwords/OTP or account information to anyone
- Change your passwords or PINs on all your potentially affected online accounts
- If you think you have received a phishing email purporting to have come from Citibank, forward the entire email as an attachment to 'spoof@citicorp.com'
Phishing occurs when fraudsters pose as trusted organizations and send out thousands of fraudulent emails to random email addresses.
These emails usually contain a link to a look-alike website to mislead customers into entering sensitive financial information such as their account number and PIN. This will enable the fraudsters to capture the customer's account information to access the customer's bank accounts. Here is an example of what a phishing email might look like:
- If you suspect you've been sent a fraudulent email, contact our 24-Hour CitiPhone Banking at (65) 6224 5757 immediately or send us a secure mail after you sign on to Citibank Online.
- Do not input any sensitive information that might help provide access to your accounts, even if the website appears legitimate.
- Remember, Citibank will never send emails to customers to verify confidential, personal or account information.
How to Recognize and Avoid Spear Phishing
Recent headline-making breaches at major companies have underscored the importance of protecting your information from cyber criminals. Cyber criminals use a variety of techniques to gain access to sensitive information or install malicious software. One of their most common techniques is “spear phishing".
PHISHING is the use of fraudulent emails to trick the recipient into revealing information or clicking on an infected link. SPEAR PHISHING is phishing that uses personalized or customized details to make the fraud seem even more legitimate to the targeted recipient. SMS PHISHING or SMISHING uses SMS to target recipients with phishing messages that contain hyperlinks.
How Spear Phishing Works
Cyber criminals collect details from various public websites where people post personal information, including blogs and social networking sites. Using this information, criminals create customized fraudulent communications that appear legitimate and send them to groups of people. These emails appear to come from a known person or organisation and usually contain embedded hyperlinks. If recipients click on these hyperlinks, they are either brought to a fraudulent website which looks like the company’s legitimate website where additional personal or account information is collected; or malicious code is downloaded onto their computer.
How to Recognize Spear Phishing
- The email or SMS may come from an unknown sender.
- There may be a sense of urgency, eg Your account will be closed or temporarily suspended or you will be charged a fee if you do not respond.
- There may be obvious spelling errors. These errors enable phishing emails to avoid the spam filters that internet service providers use.
- Use the “hover” test before clicking on any hyperlinks in emails: place your mouse pointer on the hyperlink without clicking. A small box will appear that displays the underlying destination to which you will be taken; if the two addresses do not agree, do NOT click the hyperlink.
How to Protect Yourself Against Spear Phishing
- Be suspicious of emails from unknown senders.
- Do not click on embedded hyperlinks or open attachments in emails from senders you do not know.
- Even if a message appears to be from Citibank, do not click on any links provided in the email. Instead, independently navigate to Citibank’s website or call Citiphone to determine if any action is needed.
- Do not provide personal information on unfamiliar websites or when posting information on social networking sites or discussion forums.
Customers should understand that Citibank will never send emails to customers to verify confidential, personal or account information. If you think you have received a phishing email purporting to have come from Citibank, forward the entire email as an attachment to spoof@citicorp.com and contact Citiphone immediately.
Pretext calling is defined as a deceptive means of obtaining personal information and unauthorised disclosure of customer financial information. Fraudsters may pretend as bank officers to obtain your account number or credit card number and other information required. Upon obtaining such information, the fraudsters may call your bank posing as you, using the information stolen to take over your identity in order to perform transactions using your account.
Another form of pretext calling is when fraudsters request victims to confirm transactions that were purportedly made on victims’ credit cards. When victims inform fraudsters that they do not have such credit cards, the victims are provided with a fake Bank Negara Malaysia telephone number in order to lodge a report. Upon calling, the fraudsters will request for victims’ personal information which will subsequently be used for fraudulent activities. Be aware that Citibank Singapore Ltd will never request for your personal or financial information through SMS or telephone calls and will never ask anyone to transfer money to any third party account.
- Monitor and pay attention to your regular credit card and bank statements to ensure your transactions are accurate.
- Do not share personal information, such as account numbers, passwords, National Registration Identity Card (NRIC) number and other personal information over the telephone, email, SMS or internet, unless you know who you are dealing with.
- Store your personal information in a safe place and shred your old credit card receipts, ATM receipts, old account statements, and any other correspondences prior to disposing them.
Pharming is a scamming practice in which a malicious code is installed on a personal computer or server, misdirecting users to fraudulent websites without their knowledge or consent. Pharming can be conducted either by changing the host file on a victim's computer by exploitation of a vulnerability in DNS server software.
- If you access websites which requires your personal information, ensure the website address has a https:// in its URL.
Keylogging is a form of online fraud where the keys inputted on a keyboard is captured, typically in a covert manner so that the person using the keyboard is unaware that their actions are being monitored.
- Using One-Time PIN (OTP) is keylogger safe as each PIN is invalidated as soon as it is used.
- Install anti-spyware applications which are able to detect and disable/cleanse keylogging softwares.
Keylogging on ATM has been known as overlaying a keyboard ATMs pinpad to capture people's PINs. The device is designed to look like an integrated part of the ATM so that bank customers are unaware of its presence
- Citibank only uses certified encrypting pin pad for all the ATMs
- If you notice any "unauthorized" devices or objects fixed to the ATM, do not use the ATM machine and report it immediately to our 24-Hour CitiPhone Banking.
- If you notice anything strange at the ATM, leave immediately. If you have already started a transaction, cancel it and leave immediately.
- Think before downloading applications. Review the privacy policy and understand what data (location, access to your social networks) an application can access on your device before you download it.
- If you did not expect any message or connection attempt to your mobile device, take precaution by declining the connection as this may be an attempt to send a malicious program to your mobile device. Always decline such attempts in connection when in doubt.
- Avoid downloading Citibank Mobile application from any site unless it is from Apple App Store and Google Play sites.
SMS spoofing uses the short message service (SMS) to set who the message appears to come from by replacing the originating mobile number (sender ID) with alphanumeric text. Spoofing has both legitimate uses (setting the company name from which the message is being sent, setting your own mobile number, or a product name) and illegitimate uses (such as impersonating another person, company or product).
- If you suspect any SMS spoofing, you should notify Citibank immediately by calling our 24-Hour CitiPhone Banking at (65) 6224 5757. Remember, Citibank will never request for your personal details via SMS.
- Be alert and watch out for any suspicious persons or activities around the ATM. Be alert of anyone loitering in close proximity to or even at a distance from the ATM location.
- Never lend your ATM card to anyone.
- If you notice any "unauthorized" devices or objects fixed to the ATM, do not use the ATM machine and report it immediately to our 24-Hour CitiPhone Banking.
- Do not accept any offers of assistance with the ATM from strangers. If you need help, use the phone located at the ATM machines to contact our 24-Hour CitiPhone Banking for help.
- If you withdraw cash, put it away immediately. Do not count it at the ATM machine.
- When leaving an ATM location make sure you are not being followed by anyone. Drive immediately to a police station, crowded area or well-lighted location if you are being followed.
- Apply ATM cards for accounts used regularly only.
- Do not apply for an ATM card if there is no requirement to access the account often.
- Keep minimal amount of money in the accounts that are linked to the ATM cards.
- Minimize the chances of falling victim to ATM card fraud.
- When choosing a PIN, don't use common numbers like the last six digits of your IC or your date of birth.
- Once you have chosen a PIN, memorize it, never write it down on anything that you carry with you, including the back of your card.
- Get used to using the same ATM for your transactions. When you are familiar with it you will be able to recognize changes to it.
- Be alert and vigilant when conducting transactions at any ATM, and be sure not to be distracted by strangers.
- Be mindful when entering your PIN in the presence of others near the ATM.
- If your card is withheld by the ATM, report it immediately to our 24-Hour CitiPhone Banking.
- Do not respond to any mobile phone text messages or emails requesting for personal information, especially your PIN and passwords to your banking account. This is because banks will never request for such information in this way. If you do receive such call or text message, take down the caller's details and call the bank directly to verify their identity with the bank's customer service centre.
- Minimize your loss if you do fall victim
- If your ATM card has been lost, stolen or otherwise compromised, immediately call the bank to cancel the card and get another with a new PIN. If you have reason to believe that an identity thief has tampered with your bank accounts, cheques or ATM card, close the account immediately.
- Check your bank statements regularly even after you have reported your ATM card missing. If you find any suspicious charges, notify the bank immediately.
Types of ATM Fraud:
ATM Card skimming
Instance where a skimming device is used to copy an ATM card's security information on its magnetic stripe in order to reproduce the customer's information on a counterfeit card.
ATM Card jamming
Instance where an ATM's card reader is tampered with the intention to trap a customer's card. The criminal removes the card once the customer has walked away from the ATM Machine.
ATM Card swapping
Instance where a customer's card is swapped with another card without their knowledge during an ATM transaction.
Shoulder surfing
Instance where an individual stands next to someone and observe as they enter a PIN number at an ATM machine.
Compromise of ATM PIN number
Instance where either the customer's ATM PIN is obtained via observation ie "shoulder surfing" or the ATM PIN is illegally recorded by a hidden camera.
Telephone Tapping
Telephone tapping is the unauthorized monitoring of telephone and Internet conversations and/or key tone by a third party. Phone Tapping is possible on a public switched telephone network and can be difficult to detect. To minimize the risk, consider disabling your mobile phone's Bluetooth connection to prevent any unauthorized access to signal sent from and to your phone.
Citi Email Addresses
Date: 14th April 2019
Description: Please note that the bank sends email notifications from the following Citibank email addresses.
| Sender Name | Citibank Email Addresses |
| Citibank IPB Singapore | alerts@info.ipb.citibank.com.sg |
| Citibank IPB Singapore | statements@info.ipb.citibank.com.sg |
| Citibank IPB Singapore | advices@info.ipb.citibank.com.sg |
| Citibank IPB Singapore | welcome@info.ipb.citibank.com.sg |
| Citibank IPB Singapore | marketing@info.ipb.citibank.com.sg |
| Citibank IPB Singapore | services@info.ipb.citibank.com.sg |
| Citibank IPB Singapore | customerservice@info.ipb.citibank.com.sg |
Supported Browsers
You are recommended to use supported and updated browsers to ensure that your internet banking is secure.
| Web Browsers / OS: | Windows | Mac OSX | iOS | Android | |||||||
| 8.1 | 8 | 7 | Vista | XP | 10.10 | 10.9 | 10.8 | 7.1.2 | 7 | 4.1.2 | |
| Internet Explorer 11 | X | X | |||||||||
| Internet Explorer 10 | X | X | |||||||||
| Internet Explorer 9 | X | X | |||||||||
| Internet Explorer 8 | X | X | X | ||||||||
| Chrome 35 | X | X | X | X | X | ||||||
| Chrome 32 | X | X | X | X | X | ||||||
| Chrome 31 | X | X | X | X | X | ||||||
| Firefox 33 | X | X | |||||||||
| Firefox 30 | X | X | X | ||||||||
| Firefox 28 | X | ||||||||||
| Firefox 26 | X | X | X | X | |||||||
| Firefox 25 | X | X | X | X | |||||||
| Safari 8.0 | X | ||||||||||
| Safari 7.0 | X | ||||||||||
| Opera 12 | X | X | |||||||||
| Opera 10 | X | X | X | X | |||||||
| Tablet Local Browser | X | X | X | X (Samsung Galaxy Note 10.1) |
|||||||
| X (Kindle Fire HD) |
|||||||||||
You can download a new browser from:
- Microsoft Internet Explorer™
http://www.microsoft.com/windows/ie/downloads/default.mspx - Google Chrome
http://www.google.com/chrome - Mozilla Firefox
http://www.mozilla.org/products/firefox - Safari
http://www.apple.com/safari/download - Opera
http://www.opera.com/computer/windows
NOTE: We do not recommend that you download beta versions, since they are experimental and may undergo significant changes before they're released. Please only download the above recommended versions.
If you are not ready to upgrade your browser, or you do not use one of these operating systems, you can still visit our site. However, should the browser be rejected, you will need to upgrade your browser from the recommended links above and they can be usually downloaded for free from the company's web site stated above.
How can I tell which browser version I am using?
For Windows Users:
- Microsoft® Internet Explorer™ - Menu > Help > About Internet Explorer
- Mozilla Firefox - Menu > Help > About Mozilla Firefox
- Google Chrome - Wrench icon, top right corner > About Google Chrome
For Mac Users:
- Safari - Safari > About Safari
Security Tips
- Remove file and printer sharing when your computer is connected to the Internet.
- Regularly backup critical data and encrypt these data with minimal 128-bit encryption.
- Delete junk or chain emails.
If you suspect that there has been any unauthorized breach of your accounts online, or that an online transaction has taken place that you did not initiate, it is important for you to inform us firsthand. Not only that, immediately notify the bank should you encounter any issues, difficulties or irregularities.
- Security incidents will be escalated to our technical support staff for evaluation. If any breach of security appears to have occurred, the bank will investigate it further
- Citibank will provide you an interim update of our investigations and the status of your case. Final resolution of any incident, though, will depend on the nature and complexity of the incident, as well as the details surrounding the case
- While we investigate, our officers may ask you to provide more details surrounding the incident to allow us to resolve your case as quickly and as efficiently as possible.
It is strongly advised that you check their accounts on a regular basis and monitor your monthly statements to ensure they are authorized activities on their account, and if they notice something suspicious to contact the customer service number on the back of their card immediately.
You are always encouraged to login to Internet banking from your browser by typing www.citibank.com.sg or www.citigold.com.sg into the address bar or add Citibank to your list of favourites. Do not follow links from an email, letters, etc.
Protecting our customers' accounts and personal information is one of our highest priorities. You can call contact our 24-Hour CitiPhone Banking at (65) 6224 5757 to report any irregularities.
It is important that you do your part to ensure banking online is done in a safe and secure manner. Citibank shall neither be liable for acting upon instructions nor obliged to investigate the authenticity or authority of persons effecting your instructions or verify the accuracy and completeness of your instructions. Such instructions shall be deemed irrevocable and binding on you upon receipt by Citibank notwithstanding any error, fraud, forgery, lack of clarity or misunderstanding in respect of the terms of such instructions.
