Digital Security & Fraud Prevention

Protect your wealth against fraud

Protect your wealth against fraud

To protect you and your wealth from fraud, please pay attention to these few simple precautions.

Top Security Tips
  • Citibank staff will never ask for your account number, Citibank user ID or password, ATM Card/Credit Card Personal Identification Number (PIN), account balance and identity card/passport number or other sensitive information. Keep your password and PIN secret and do not disclose them to anyone including Citibank staff.
  • Never provide the One Time Password (OTP) that is sent to your mobile phone to anyone, including people claiming to be from Citibank.
  • Always secure your security credentials, such as One-Time Password (OTP), PIN, User ID and Password, card number, CVV codes, account numbers, unlock code and other personal information. Ensure no one is watching while you key in or listening while providing sensitive information for verification. Citibank will never email you asking for the above sensitive information. Never reply to any emails that ask you submit sensitive information.
  • When accessing Citibank Online, always check that the citibank website has a valid certificate marked to Citigroup Inc (US). We recommend that you enter the bank's address (e.g. in your browser URL field to access and login to your account.
  • Always log off your online session. Do not just close your browser. Follow the logoff instructions to ensure your protection.
  • Do not use a shared computer or mobile phone/ mobile device that cannot be trusted for Online and Mobile Banking.
  • Be alert to phony "look alike" websites, or fraudulent e-mails and SMS that contain an embedded hyperlink. These may appear to come from a trusted business or friend, but are actually designed to mislead you into opening a fraudulent website and exploiting the computer or mobile phone system. Do not reply, click on the hyperlinks or input any sensitive information. To ensure safe and secure online banking access, strongly recommended to type in the URL begins with https directly in the address bar.
  • Never disclose your personal data or bank account details to unsolicited callers or pre-recorded voice message phone calls requesting such information. If you have received suspicious calls purporting to be from Citibank, please notify us immediately by calling our dedicated hotline at (852) 2860 0370 to verify the caller’s identity.
  • Stay vigilant -- always check every SMS alerts from Citibank and verify all your banking and credit card transactions on a regular basis for any unauthorized transactions. Contact us immediately should you encounter any difficulties, unauthorized transactions or irregularities.
  • Update your latest and valid personal details with the bank, such as mobile phone number to ensure correct correspondence for charge confirmation when suspicious transactions appear.
  • If you have lost your HKID or Passport, kindly approach Police and Immigration to report loss and contact us to report the case immediately.
  • If you suspect that your statement or account details have been stolen or compromised, please contact us immediately to report the case.
  • Never disclose your banking details, including your login credentials, any security tokens and passwords, to any unauthorized third party apps. Citibank has not authorized any apps to access our system or shared any client data with them.
  • Take reasonable security precautions to protect the authentication factors being used in the activation of your contactless mobile payment apps. For example, if your contactless mobile payment is no longer needed, you should turn off the contactless mobile payment functionality (such as the payment app and Near-field communication (NFC) function) to reduce the risk of electronic pick-pocketing.

Click here to learn more about digital security tips published by the Hong Kong Monetary Authority.

The Hong Kong Monetary Authority has prepared below webpages and video to provide smart tips against fraudulent bank websites, phishing emails, bogus phone calls and SMS messages. Please click below link to learn more:

Online Banking
  • Ensure your operating system and browser has the latest antivirus programs and security patches applied. Schedule periodic scanning of systems.
  • Change your Online Banking password regularly, keep it confidential and hard to guess.
  • Safely log on to Citibank Online Banking by entering the homepage of Citibank Hong Kong into your browser, or bookmark the authentic website address for future use. Beware suspicious pop-up windows and do not use website address or links attached in any e-mail or found through Internet search engines to log on to Citibank Online Banking.
  • Install a personal firewall to help prevent unauthorized access to your personal computer, especially if you connect through a broadband connection, network router, cable or DSL modem.
  • Clear your browser's cache and history after each session to ensure your account information is removed, especially if you are using a shared computer.
  • Use the latest recommended Internet browser version, or one that supports 128-bit encryption. De-activate the "Auto Complete" function to prevent any Password, CIN and PIN from being stored. All data sent to and from Citibank is "scrambled" and "re-assembled" between Citibank and your personal computer to protect your personal and financial information. The highest level of encryption generally available today (128-bit) means there are two to the power of 128 possible combinations of "keys", but only one that will "unlock" the information.
  • Ensure the file sharing feature is disabled in your operating system while online, particularly if you are linked to the Internet through a cable, DSL modem, or network router.
  • Be cautious of your wireless connections security:

    • Set a personal and unique password for your wireless network.
    • Disable broadcasting your network name (SSID-Service Set Identifier).
    • Use encryption to protect your wireless network.
    • Use only registered machines for your wireless network.
  • Do not install software or run programs from an unknown origin.
  • Citibank will terminate your secure Citibank Online session after 15 minutes of inactivity. This prevents the unauthorized use of your session by anyone else.

Click here to learn more about the latest online banking fraud cases published by the Hong Kong Police.

  • Install the latest security patches and software updates on your mobile phone/mobile device. Do not download program/apps from unsecured sources.
  • Read permission requests carefully when an app is installed. Stop the installation if they seem unusual or unnecessary to you.
  • Don’t root or jailbreak your device.
  • Use only known, trusted Wi-Fi networks.
  • Set up a password for your mobile phone. This will help you prevent unauthorized use of your mobile phone and access to your personal information in case it is lost or stolen.
  • Remove temporary files and the cache stored in the memory of your mobile phone regularly since they may contain sensitive information such as your account number.
  • Clear browsing history regularly.
  • Do not leave your mobile phone unattended.
  • Do not keep sensitive information such as your account numbers, PIN and logon passwords in your mobile phone.
  • If you have enabled Citi Mobile® Token but your phone is lost or stolen, you are strongly recommended to

    • Disable Citi Mobile® Token
      • Sign on Citibank Online
      • Go to Services > My Profile > Disable Citi Mobile® Token
    • And change your Citibank Online password immediately.
  • If you are opening or downloading your e-statement through a mobile,

    • Please do not open or download your e-statement through a shared mobile.
    • Recommend to save your e-statement PDF in the preferred location in your mobile. If you are uncertain about the security level of your mobile, you are also recommended to remove the saved e-statement after viewing it.
    • Please ensure proper log off after you have finished viewing e-statement and using Citi® Mobile. As such your personal data and financial information can be safeguarded.
  • When opening your banking account online using facial recognition technology, please ensure the environment is safe and private for capturing HKID images and selfie photos before proceeding.

To ensure your ATM banking sessions are secure, here are some simple security tips you should follow:

  • Beware of any foreign object/device attached to the ATM that appears unusual. The attached foreign object/ device may be a skimming device to compromise magnetic strip data & PIN.
  • Insert your ATM card into the card reader and remove it. Do not leave the card in the slot.
  • Do not allow anyone to see your PIN when you are keying it in. Ensure no one is looking over your shoulder.
  • Change your ATM card/credit card PIN upon receiving it.
  • Do not use the same ATM card/credit card PINs for accessing other services..
  • Never use ATM card & credit card PIN that can be easily guessed such as ID number, birthday or telephone number.
  • Change your ATM card & credit card PIN regularly.
  • If your ATM Card or PIN is lost or PIN has been identified by another person, please contact us to report the case immediately.
  • To disable Cardless Withdrawal, please download Daily Payment & Transfer Limit Decrease Request Form on Citibank Online-> Form Center, and set the withdrawal limit to HKD 0.
  • Click here to learn more about ATM security tips published by the Hong Kong Monetary Authority.


At Citi, we take protecting your account seriously. Citi Fraud Early Warning will immediately alert you of any suspicious activity on your account by 2way SMS text messaging. You can confirm the transaction as genuine, and then can use your card again right away. If the transaction is not yours, we will reach out to you to stop future use of the card, identify any transactions that are fraud, and if needed, re-issue a new card. Please update your latest and valid personal details with the bank, such as mobile, home and work phone numbers to ensure correct correspondence for charge confirmation with suspicious transactions appear. Thanks for being a Citi card member and remember we are here to keep your card protected. Your Security is our Priority.

  • Citibank will send “2way Transaction Confirmation SMS” to you in the event of suspicious transactions, and allow you to confirm by replying to our SMS, protecting your interests. You can also contact us at (+852) 2860 0325 (Credit Card Service) | (+852) 2860 0330 (Banking Service ).
    To protect your interests and avoid unauthorized transactions, your banking account or credit card will be temporarily suspended in the event of the following:
    • Suspicious behavior/transactions detected
    • Failure to receive a reply from you regarding suspicious transactions
    • Your confirmation of an unauthorized transaction

    This SMS is available for Citibank credit card and/or banking account holders and sent from (852) 6115 1702. SMS charge may apply. In the “2way Transaction Confirmation SMS” process, Citibank will not require you to disclose any account numbers, online banking passwords, ATM/Credit card PIN, account information and other sensitive information or install any program/apps.

  • Citibank will send SMS to you in the event of suspicious transactions. We will also send you one-time SMS OAC (Online Authorization Code) as a safety measure for your Online Banking transactions. Watch out for notifications sent by your telecommunication provider about activation of the SMS/Voice Call forwarding function of your mobile device. Check with your service provider and report any suspicious notifications if you haven't authorized the activation.
  • Enroll and receive real-time Citi Alerts SMS to receive real-time SMS alerts after making transactions, enabling you to detect any suspicious activity in your banking and credit card accounts. Real-time Citi Alerts include:
    • ATM Card Transaction Alert
    • Online Payments and Transfers Alert
    • Credit Card Transaction Alert.

    Citi Alerts Service is free of charge and covers a wide range of banking, investment and credit card services.
    Click here to learn more about Citi Alerts Service.

  • Delete sensitive SMS messages if they are no longer required.
  • Be cautious of fake SMS pretend to be Citibank and request for transaction or personal information. If you suspect falling victim of any fraudulent SMS, please contact our CitiPhone Banking Hotline or your branch/relationship manager.
  • If you have enrolled in the WhatsApp service to communicate with your relationship manager, please note that the number below is the only Official Citi Business Account in Whatsapp. A green badge will also be displayed in WhatsApp to indicate this is an official business account verified by WhatsApp.
  • Authorized Whatsapp Sender Number:
  • +852 5704 0954

Please take note of the following safe and secured SMS sender ID from Citibank (Until Jan 27, 2024):

Authorize SMS sender ID

Please take note of the following safe and secured SMS sender ID from Citibank (Effective from Jan 28, 2024):

Authorize SMS sender ID
  • Email attachments from unspecified or suspicious sources may be a virus or worm. Do not open any attachment unless you are sure it is safe.
  • Do not send sensitive personal or financial information unless it is encrypted on a secure website. Regular emails are not encrypted.
  • We will not send emails asking for your personal information, your Citibank Online User ID and password or embedded hyperlinks that provide direct access to Citibank login page or mobile banking account without prior notification or necessary precautions to make before accessing hyperlink. To ensure safe and secure online banking access, strongly recommended to type in the URL begins with https directly in the address bar.
  • If you use a link in an email you have received from us, you can check the authenticity of the website you are accessing by checking the website SSL certificate information, such as company name, URL, certificate issuer, validation date, and encryption types, etc., to confirm that is the website you intend to access. You are advised not to click on any questionable hyperlinks embedded in emails or third party links, or open suspicious attachments.
  • Be cautious that fake emails could be sent by someone you know or pretend to be Citibank and request for transaction or personal information. If you suspect falling victim of any phishing email scam, please contact our CitiPhone Banking Hotline or your branch/relationship manager and report to the police immediately.

Please take note of the following safe and secured email address from Citibank:

Authorize Email address
Credit Card

To prevent credit card fraud from happening, here are some measures you can take to protect yourself:

  • Sign on the back of your Credit Card the moment you receive it.
  • Keep an eye on your card when making transactions, to avoid any unauthorized person from gaining your Credit Card.
  • Review your monthly statements and report discrepancies immediately.
  • Inform your bank in advance of any address change.
  • Patronize only reputable websites when making purchases.
  • Enroll in the free Citi Alerts service to protect yourself.
  • Inform the bank in advance of your travel plans to help the bank validate Credit Card purchases incurred overseas.
Investment Services

Enhanced security measures for your online investment trading accounts

To comply with the latest Securities and Futures Commission (SFC) guidelines and offer you a safer and more secure environment for online investment trading services, effective July 22 2018, you will receive an email and/or SMS notification when accessing designated investment services or placing/executing relevant trades*, including i) Securities Trading Account and ii) Mutual Funds Account.

* If you currently unsubscribe the designated investment trade notification(s), you will be subscribed again automatically when the above measures are implemented. You are able to unsubscribe the alerts via Citibank Online subsequently given that you have acknowledged the risks involved in not receiving such notifications.

i. Accessing designated investment trading services via Citibank Online or Citi Mobile® According to SFC requirements, we must send the notification to you whenever your online investment account is accessed via Citibank Online or Citi Mobile®, as this is crucial to protect you from hacking risks associated with internet trading.
ii. Placing or executing a designated investment trade via Citibank Online or Citi Mobile® You are able to unsubscribe the alerts via Citibank Online given that you have acknowledged the risks involved in not receiving such notifications.

After July 22 2018, you can go to the respective pages below to manage your subscriptions for the notifications of placing or executing an online investment trade:

Designated investment services Where can I manage my subscriptions via Citibank Online?
Gold Manager Account For FX Spot Trading and Order Watching On Gold (XAU):
Log on to Citibank Online > Wealth Management > Currency exchange/trading > FX Alerts

For Payment and Transfer on Gold Transactions:

Log on to Citibank Online > Services > My Profile > Citi Alerts> Manage Alerts >Edit Alerts > Investment Alerts
Securities Trading Account Log on to Citibank Online > Wealth Management > Stock Trading > My Toolbox > Stock Alerts
Mutual Funds Account Log on to Citibank Online > Wealth Management > Mutual Fund > Alert
Citi Social Media
  • Please take note of the following authorized CITI SOCIAL MEDIA:
    Facebook Citi Hong Kong
    Instagram citihongkong
    YouTube Citi Hong Kong
  • Citi Mobile® App makes banking more convenient
  • Overseas ATM withdrawal service. Activation in advance.