To protect you and your wealth from fraud, please pay attention to these few simple precautions.
- Use antivirus and anti-spyware programs to prevent your computers from malware attacks. Schedule periodic scanning of systems.
- Citibank staff and the police will never ask for your Citibank Online user ID and password.
- Safely log on to Citibank Online Banking by entering the homepage of Citibank Hong Kong www.citibank.com.hk into your browser, or bookmark the authentic website address for future use. Do not use website address or links attached in any e-mail or found through Internet search engines to log on to Citibank Online Banking.
- Ensure that no one is watching you while you key in your Online Banking Password, Card Number (CIN), ATM Card/Credit Card Personal Identification Number (PIN), log on password, e-Statement password, or any other sensitive information.
- Always log off your online session. Do not just close your browser. Follow the logoff instructions to ensure your protection.
- Be aware of phony "look alike" websites which are designed to trick customers and collect their personal information. If you suspect a website is not what it purports to be, leave the site. Do not follow any of the instructions it may present to you.
- Do not use a shared computer or device that cannot be trusted for Online Banking.
- Make sure your personal computer has the most current anti-virus software. Anti-virus software needs frequent updates to guard against new viruses. To do so please use the "Tools" menu in your browser and select the option to delete temporary files.
- Install a personal firewall to help prevent unauthorized access to your personal computer, especially if you connect through a broadband connection, network router, cable or DSL modem.
- Clear your browser's cache and history after each session to ensure your account information is removed, especially if you are using a shared computer.
- Use the latest recommended Internet browser version, or one that supports 128-bit encryption. De-activate the "Auto Complete" function to prevent any Password, CIN and PIN from being stored.
- Always ensure your operating system and browser has the latest security patches applied.
- Ensure the file sharing feature is disabled in your operating system while online, particularly if you are linked to the Internet through a cable, DSL modem, or network router.
Be cautious of your wireless connections security:
- Set a personal and unique password for your wireless network.
- Disable broadcasting your network name (SSID-Service Set Identifier).
- Use encryption to protect your wireless network.
- Use only registered machines for your wireless network.
- Do not install software or run programs from an unknown origin.
- Check your accounts on a regular basis and contact us immediately should you encounter any difficulties or irregularities.
- Beware suspicious pop-up windows or any other doubtful channels. Customers should always connect to the Citibank website through typing the authentic website address in the address bar of the browser or by bookmarking the genuine website and using that for subsequent access.
- Citibank will never send you an e-mail asking for your account number, Online Banking Password, ATM Card/Credit Card Personal Identification Number (PIN), account balance and identity card/passport number or other sensitive information.
- Be alert for fraudulent e-mails. These may appear to come from a trusted business or friend, but actually are designed to mislead you into opening a fraudulent website and disclosing sensitive information.
- Be suspicious of any e-mail that contains an embedded hyperlink or a request to enter personal information. Do not reply, click on the hyperlinks or input any sensitive information.
- If you've received suspicious e-mails purporting to be from Citibank, please notify us right away.
- Email attachments from unspecified or suspicious sources may be a virus or worm. Do not open any attachment unless you are sure it is safe.
- Do not send sensitive personal or financial information unless it is encrypted on a secure website. Regular e-mails are not encrypted.
- If you have provided sensitive information to a suspicious website, you should report it to the police immediately. If the website is purporting to be a Citibank site, please notify us right away.
- If we request information from you, we will always direct you back to a Citibank site using links. These links are to provide you with convenience. However, you can also reach our sites using any of our published URLs.
- If you use a link in an e-mail you have received from us, you can check the authenticity of the website you are accessing by checking the website SSL certificate information, such as company name, URL, certificate issuer, validation date, and encryption types, etc., to confirm that is the website you intend to access.
- Install the latest security patches and software updates on your mobile phone/mobile device. Do not download program/apps from unsecured sources.
- Read permission requests carefully when an app is installed. Stop the installation if they seem unusual or unnecessary to you.
- Don’t root or jailbreak your device.
- Use only known, trusted Wi-Fi networks.
- Pay attention to suspicious hyperlinks in SMS and other messaging channels. It may redirect user to a malicious website that is designed to exploit the mobile phone system.
- Ensure that no one is watching you while you key in your User ID, Password, or any other sensitive information.
- Always log off your online session. Do not just close your mobile phone browser. Follow the logoff instructions to ensure your protection.
- Set up a password for your mobile phone. This will help you prevent unauthorized use of your mobile phone and access to your personal information in case it is lost or stolen.
- Remove temporary files and the cache stored in the memory of your mobile phone regularly since they may contain sensitive information such as your account number.
- Delete sensitive SMS messages if they are no longer required and clear the browsing history regularly.
- Do not leave your mobile phone unattended.
- Avoid sharing your mobile phone with others.
- Do not keep sensitive information such as your account numbers, PIN and logon passwords in your mobile phone.
To ensure your ATM banking sessions are secure, here are some simple security tips you should follow:
- Beware of any foreign object/device attached to the ATM that appears unusual. The attached foreign object/ device may be a skimming device to compromise magnetic strip data & PIN.
- Insert your ATM card into the card reader and remove it. Do not leave the card in the slot.
- Do not allow anyone to see your PIN when you are keying it in. Ensure no one is looking over your shoulder.
- Never disclose your PIN or lend your ATM card to anyone.
- Change your ATM card/credit card PIN upon receiving it.
- Do not use the same ATM card/credit card PINs for accessing other services.
- Memorize your ATM card & credit card PIN and destroy any written or printed record.
- Do not write down or record your PIN without disguising it.
- Never use ATM card & credit card PIN that can be easily guessed such as ID number, birthday or telephone number.
- Change your ATM card & credit card PIN regularly.
- Do not allow anyone to use your ATM card and your PIN.
- Never disclose your PIN to anyone, not even someone claiming to be a Citibank staff or the police.
- If your PIN is lost or has been identified by another person, please contact your bank to report the case immediately.
To prevent credit card fraud from happening, here are some measures you can take to protect yourself:
- Sign on the back of your Credit Card the moment you receive it.
- Keep an eye on your card when making transactions, to avoid any unauthorized person from gaining your Credit Card.
- Dispose of all personal documents properly.
- Check your account balances regularly.
- Review your monthly statements and report discrepancies immediately.
- Inform your bank in advance of any address change.
- Patronize only reputable websites when making purchases.
- Beware of unsolicited e-mails asking for personal information.
- Never lend your Credit Card to anyone.
- Purchase solutions such as Card Protection Plan, or the free Citi Alerts service to protect yourself.
- Inform the bank in advance of your travel plans to help the bank validate Credit Card purchases incurred overseas.
- Update your latest and valid personal details with the bank, such as mobile phone number to ensure correct correspondence for charge confirmation when suspicious transactions appear.
- Be wary of leaving your wallet inside your jacket which is hanging on the back of your chair at restaurants, to prevent any unauthorized person from gaining your Credit Card or other personal belongings.
- Do not carry too many Credit Cards, when visiting places with a locker service, such as the changing rooms of swimming pools, playgrounds or health/fitness centers.
- Citibank will send “2way Transaction Confirmation SMS” to you in the event of suspicious transactions. Please be careful to verify the transaction details within SMS. For example: Last 4 digit of Banking Account /Credit Card Number, Date, Time, Amount, Merchant Name (if any), and reply the Bank’s SMS as soon as possible with your registered phone. Step to reply:
- If the transaction is genuine, reply 1 and you can continue to use the banking account/credit card.
- If the transaction is unauthorized, reply 2 and the banking account/credit card will be blocked from further transaction.
You can also contact us at (852) 2860 0333 (press 2-*2#-5).
- To protect your interests and avoid unauthorized transactions, your banking account or credit card will be temporarily suspended in the event of the following:
- Suspicious behavior/transactions detected
- Failure to receive a reply from you regarding suspicious transactions
- Your confirmation of an unauthorized transaction
- This SMS is available for Citibank credit card and/or banking account holders and sent from (852) 6115 1702. SMS charge may apply.
- In the “2way Transaction Confirmation SMS” process, Citibank will not require you to disclose any account numbers, online banking passwords, ATM/Credit card PIN, account information and other sensitive information or install any program/apps.
If you have received suspicious calls purporting to be from Citibank, please notify us immediately by calling our 24-hour CitiPhone Banking at (852) 2860 0333, then press 2*2#0# to verify the caller’s identity.
Citibank will send SMS to you in the event of suspicious transactions. We will also send you one-time SMS OAC (Online Authorization Code) as a safety measure for your Online Banking transactions.
Watch out for notifications sent by your telecommunication provider about activation of the SMS/Voice Call forwarding function of your mobile device. Check with your service provider and report any suspicious notifications if you haven't authorized the activation.
You may request your telecommunication provider to suspend the remote SMS/Voice Call forwarding function of your mobile device to avoid any unauthorized activation.
Confirm the identity of the purported business partners by means of telephone or other-than-e-mail channel before making payment and/or remittance to prevent fraud from e-mail scams.
Pay attention to the Police's appeal at below section:
Police Appeal - Beware of Email Scam
"Verify Suspicious E-mails to Uncover Online Swindlers"
Email scams have been reported where fraudsters hacked into the victim's e-mail account and extracted their business correspondence with business partners. The fraudster then sent an e-mail to the victim using the same or similar e-mail account as the victim's business partner claiming that the payment bank account had been changed in a bid to persuade the victim to deposit payment for goods into the fraudster's designated bank account. Police appeal that if you receive any suspicious e-mails, you should confirm the identity of the purported business partners or the authenticity of the requests by means of a telephone call before payment / remittance so as to avoid being deceived.
By enrolling in the Citi Alerts Service, you will receive real-time SMS alerts after making transactions, enabling you to detect any suspicious activity in your banking and credit card accounts. Real-time Citi Alerts include:
- ATM Card Transaction Alert
- Online Payments and Transfers Alert
- Credit Card Transaction Alert.
Citi Alerts Service is free of charge and covers a wide range of banking, investment and credit card services. Click here to learn more about Citi Alerts Service.
Please update your latest mailing address, mobile phone number and e-mail address with Citibank to allow verification in the event of suspicious transactions. For security reasons, you are required to update your information by submitting the Change of Contact Details Form to us by post or visiting one of our branches.
Click here to download Change of Contact Details Form.
Remember to change your Online Banking password regularly and keep your password secure. Make your password hard to guess and never write it down.
View Demo on how to change Online Banking password.
For safety reason, Citibank requires you to key in a One-Time Password during "Create Your Online User ID and Password" and "Reset Password / Unblock User ID" procedure as part of the authentication process.
Upon successful logon to Citibank Online with your registered User ID and Password, you will be asked to key in the One-Time Password to proceed with certain online services.
Your attention please: The One-Time Password is not required when logging on Citibank Online or Citibank Mobile.
If you come across Citibank Online/Citibank Mobile/Citibank® for iPad app which requires input of the One-Time Password, please do not proceed and report to our 24-hour CitiPhone Banking (852) 2860 0380(852) 2860 0380 immediately.