Online Banking Security

Home|Ways to Bank with Us|Online Banking Security

Safeguard your
online banking account.

Safeguard your online banking account.

At Citibank, we constantly update our security technology to protect your privacy and confidentiality. It is important that you take the necessary measures to safeguard yourself.

Here are some of the security features and tips customers should be aware while ensuring a pleasant and secure online banking experience.


Enable firewalls

Beware of phishing e-mails

Enable firewalls that keep unwanted connections from accessing your data, install anti-virus software and malware protection ensure your operating system and Internet browser are up-to-date.

Do not reply to e-mails where you are asked to provide your personal data or passwords. Inform us immediately of all cases of this sort.

Do not disclose your confidential data

Secured and strong passwords

Do not disclose your card numbers, usernames or passwords to anybody. They should always be memorized and not recorded/written down anywhere. If you need to write them down, make this information encrypted, preventing others from accessing it.

Do not store your passwords in files stored on your computer. Use strong passwords (e.g. never use your birthday date for your password) and change them regularly.

Card number and PIN

Card information security

Do not keep your PIN or CitiPhone PIN together with your card number.

Do not reveal the information stated on your credit card such as its expiry date and the 3 digits at the back of your credit card.

Suspicious links and attachments

Suspicion of loss or interception of the sign-in data

Never open any suspicious links or attachments sent to you via e-mail, SMS or MMS.

If you suspect or know that your sign-in data have been lost or intercepted, please contact the Bank immediately via CitiPhone Banking at (021) 252-9999 from mobile to block access to your account.


Authenticity of Citibank Website

Only login by typing Citibank's Website '' onto your web browser. Always ensure that you are on a secure website before submitting your information via your web browser. To ensure you are on a secure website:

  1. Check the beginning of the Web address in your browser's address field - it will be "https://" rather than "http://".
  2. Secure websites will also contain a padlock icon on the status bar at the top of the browser. Double-click to view details of the security certificate, which is issued to Citibank.
    To verify that the website is authentic, check for the following details:
    • The certificate is issued to
    • The certificate is issued by Symantec.
    • The certificate has a valid date.
  3. Even if you see "https://..." and a warning is shown that the SSL Certificate does not belong to Citibank, you must terminate the session immediately and contact our CitiPhone Banking at (021) 252-9999 from mobile to report the incident.
  4. All data sent to and from Citibank is "scrambled" and "reassembled" between Citibank and your personal computer using 128-bit encryption, one of the highest level of encryption commercially available.

When you login to Citibank Online

  • Remember that in order to log on to the system you will be asked to enter only your user name and password – if you are asked to provide other information on the login screen, please contact us immediately at (021) 252-9999 from mobile.
  • Make sure that nobody sees your user name or password when you are logging on to the system.
  • One-Time PIN (OTP) - When you perform certain actions, such as activating your card, making fund transfer, viewing your E-Statement, Citibank Online will ask you to enter an OTP. The OTP will be sent via SMS to your primary mobile number registered on our records or you can also register for Mobile OTP on Citi Mobile App, allowing you to complete your request.
  • Transaction Activation Code (TAC) - is an additional security feature to make third party fund transfer. TAC is a 6 digit code to activate Fund Recipient that is just added in Citibank Online. You only need to activate fund recipient once.
  • Do not bank online on public Wi-Fi networks (net cafe, library, etc.).
  • Never leave your computer unattended while you are logged in to Citibank Online.
  • When you have finished your online banking session, always remember to properly log out before you close the browser window.


Protect your passwords, PINs and account information

  • Change your PINs and passwords as often as you can.
  • Do not share even One-Time PINs to anyone.
  • Make sure that your password is not based on your personal information. Use combination of at least six characters and cases, without repeating any digit or character more than once.
  • Use separate passwords for online banking websites and non-banking websites.
  • Do not save your sign-on information when logging on through public computers and ensure that no one is watching you while you key in your username and password.
  • Clear your browser's cache and history after each session.
  • Always log off properly by clicking the "Logout" button at the top of the screen. Do not just close your browser.
  • Deactivate the "auto complete" function of your browser and never select the auto save option on browsers so that your usernames and passwords are not saved when logging in.
  • Create a back-up of all critical files so you may refer to these in case your account or your identity has been compromised.

Use software protection

  • Install anti-virus, anti-spyware and malware detection software, and update these regularly. The best defense against computer attacks is preventative software so make sure you regularly scan your computer for viruses before logging on to any website.
  • Install a personal firewall to help prevent unauthorized access to your home computer.
  • Do not install software or run programs of unknown origin. While software can claim to improve your computer's performance, it could also be spyware which collects your information without your consent.

Beware of scam or phishing emails

  • Do not provide sensitive information via email as scam or phishing emails are usually disguised as a personal email from a friend.
  • Do not open emails or attachments from senders you do not recognize.
  • Be careful in clicking links sent through emails.
  • Make sure to double check URLs if they are correct.
  • When receiving an email from Citi®, the sender's email address should be Citibank Indonesia .

Text wisely and safely

  • SMiShing messages appear to be from a legitimate company and contains link that takes you to a spoof website or even asks to call a phone number.
  • Clicking links from these text messages can lead to other problems such as installing dangerous viruses on your phone.
  • Avoid selecting links in unsolicited text messages. Instead, go directly to
  • Do not respond to unknown numbers. If you miss a call on your mobile device or receive a text message from an unknown number, it's safer to ignore the call or delete the message.
  • Set up blocking features. Check with your network to see if they offer the option to block certain types of text messages.

Protect yourself against SIM Swap

What is SIM Swap?

SIM Swap is the process of replacing your existing mobile SIM with a new SIM to facilitate fraudster to get access to your financial account.

How does a fraudster do SIM Swap?

  • Fraudster collects victim's personal banking information.
  • Fraudster approaches victim's mobile operator with victim's fake identity proofs & obtains a duplicate SIM card.
  • Mobile operator deactivates the original SIM card post successful verification & issues a replacement SIM.
  • Fraudster generates the One Time Password (OTP) which comes on the new SIM & carries out account transactions without victim's knowledge.

Tips to safeguard yourself against SIM Swap

  • If your mobile stops working for unusual reasons, check with your mobile operator immediately
  • Never disclose Internet banking password/ATM PIN/Telephone PIN to anyone.
  • Do not disclose your mobile number on social media platforms.
  • Register for both SMS as well as e-mail alerts to stay informed about transactions on your account
  • Never respond to unknown mails or calls asking your account details and registered mobile number