Best practices for protecting your privacy and information online

Complementing the security measures used by the Citi Private Bank website and mobile application, there are measures you can take to ensure the security of your computerized personal information.

  • We recommend that you use anti-virus, anti-spyware and pop up blocker software.
  • Keep your operating system updated with the latest security updates and patches.
  • Review your internet security settings.
  • Be wary of emails from addresses or people you do not know.
  • Watch out for phishing email scams.
  • Avoid using public computers or network connections, especially when reviewing financial
  • Protect your laptop and other portable electronic devices.
  • Clear your browser's cache regularly.
  • Back up your personal data and store backups in a secure location.

Online browsing habits

  • Do not disclose personal, financial or credit card information on suspicious or little known websites.
  • Do not select the browser option for storing or retaining user name and password.
  • Check the authenticity of the financial institution's website by comparing the URL and the financial institution's name in its digital certificate, or by observing the indicators provided by an extended validation certificate.
  • Always check that the financial institution's website address changes from http:// to https:// and a security icon that looks like a lock or key appears when authentication and encryption is expected.
  • Check your bank account balance and transactions frequently and report any discrepancy.
  • Consider the use of encryption technology to protect highly sensitive data.
  • Log off the online banking session when not in use.
  • Do not install software or run programs of unknown origin.
  • Remove file and printer sharing on your computers, especially if they have internet access via cable modems, broadband connections or similar set-ups.
  • Delete junk or chain emails.
  • Print and maintain a hard copies of your trade documents for future reference.

Password and PIN Safety

  • Website passwords should be at least 6 digits or 6 alphanumeric characters, without repeating any digit or character more than once.
  • Website passwords should not be based on user-id, personal telephone number, birthday or other personal information.
  • Website passwords must be kept confidential and not be divulged to anyone.
  • Website passwords must be memorized and not be recorded anywhere.
  • Website passwords should be changed regularly. Avoid using the same password for different websites, applications or services, particularly when they relate to different entities.
  • Do not allow anyone to keep, use or tamper with your Security Token (one-time electronic PIN generator).
  • Do not reveal the PIN(s) generated by your Security Token/Phone/Mobile Token to anyone.
  • Do not reveal the unlock code of your Mobile Token.
  • Unlock code should be changed regularly. Deactivate the Mobile Token in the event of loss or theft of handset. 
  • Consider the use of encryption technology to protect highly sensitive data.
  • Delete junk or chain emails.