Your Security is Our Goal
The following describes the security measures we take to protect your information on the Internet:
Basic encryption involves the transmission of data from one party to another. The sender encodes the data by scrambling it, then sends it on. The receiver must decode the data with the correct "decoder" in order to read and use it.
The effectiveness (or level of security) for encryption is measured in terms of how long the key is the longer the key, the longer it would take for someone without the correct "decoder" to break the code. This is measured in bits, e.g. 40-bit encryption, the level of encryption used with many ordinary browsers, versus the level of encryption recommended to use Account Online. For a 40-bit key, there are 240 possible combinations. For a 128-bit key, there are 2128 possible combinations.
Sometimes we use persistent cookies which remain on the hard drive of your personal computer. We use persistent cookies for a number of purposes including to store your preferences for certain kinds of information, to provide you with access to certain web sites for which you have previously registered, to retrieve information you have provided us previously, etc. You can set your browser to disable cookies or prevent them, or you can delete cookies which have already been set by instructing your browser accordingly. To access some information on our website, you'll have to set your browser to enable cookies. The persistent cookies used on Citi's credit card websites are available only to Citibank or to certain agents of Citibank who are performing services or hosting specific web sites on our behalf.
We may also use transient cookies, which are not stored on your hard drive and are not available to anyone other than Citibank. Transient cookies contain information that identifies you and allows you to navigate on our site from one page to another without requiring you to log in again on each page. When you leave our site, or when your session expires, the transient cookies expire.
Identify the browser you are currently using:
The best way to verify a Citi Cards email is to look for the Email Security Zone header at the top of the email. Every Citi Cards email includes your name, the last 4 digits of your card number, and the last logged in date if you have logged into the website. "Last Logged In" is the last date you logged into the website prior to the date of the email from us; it is virtually impossible to steal. We update the last logged in date on Monday through Friday as of the prior weekday only; therefore, if you logged in on a Saturday, Sunday or holiday, the date shown will be from the closest weekday prior to the email delivery date. The Email Security Zone will always be in the upper right header of the email and looks like this:
If the date doesn't seem correct, double-check the last 4 digits to verify that you're referring to the correct account or check to see if an authorized user logged in to the account. If the date is still not correct send the email to firstname.lastname@example.org and indicate that the last logged in information is wrong.
Please note that Citi Cards will never ask you for your PIN number, and will never include your full account number, password or social security number in an email--only the last four digits. If you receive an email claiming to be from Citi Cards that includes or asks for your full account number, password or social security number, do not respond to it. Instead, forward it to email@example.com.
How to Protect Yourself Online