Key rules of secure CitiDirect® use
Irrespective of the multi-level security scheme implemented by the Bank, a User should always be aware of threats on the Internet and adhere to the following rules:
- Do not share access to the CitiDirect mobile application with anyone
- Enter the address of CitiDirect login page (https://portal.citidirect.com/) manually in your web browser address bar, or add it to your “Bookmarks” (“Favourites”). Never search for the login page in the web browser search’s engine, because among search results there might be false login pages created by fraudsters.
- Before you start logging in make sure you are on the correct, secure page of the portal. Your browser must show a locked padlock in the address bar, which means that the connection is encrypted. The site address must start with "https."
- The CitiDirect site is secured with a certificate issued by Symantec. Before you log in to the service check if the certificate is valid and verify its issuer.
- Never ignore any error alerts displayed by your browser, and especially certificate error alerts. If you notice a certificate error or that the certificate is not consistent with the above data immediately notify the Bank.
- Do not use your online banking service via any public Wi-Fi spot (e.g. at an internet café or a library).
- Do not leave the CitiDirect window open when you leave your computer unattended, even for a moment, and log out after you have finished your work.
- Use a firewall, which helps protect computers from network attacks, use anti-virus software and update regularly your anti-virus software and operating system.
- Update your browser and Java plugins on a regular basis to have the versions, which are currently recommended by Citi Handlowy.
- Beware of malicious software sent in e-mail messages. Do not open any attachments, do not click on any links in messages from senders you don’t know. Even if an attachment is from a person you know scan it first with your anti-virus software.
- Do not reply to any e-mail messages or phones asking you to provide your personal data, PIN code, SafeWord card number or one-time password.
- Do not make your SafeWord card available to anyone, do not disclose your PIN code and do not write it down anywhere. Also, do not disclose the number of your SafeWord card to any unauthorized person. Your SafeWord card, as generator of dynamic one-time passwords, makes CitiDirect resistant to password interception attempts. Have it always on you or keep it safe. Memorize your PIN code and don’t write it down anywhere and don’t disclose it to a third party. Any operations in CitiDirect are recorded. Every operation made with your card will be considered your operation.
- If your SafeWord card is lost or damaged you should immediately contact CitiService to block access to CitiDirect.
- If you suspect the PIN code of your SafeWord card has been compromised, change the PIN immediately.
How can I check that the certificate is valid?
  Notice: Citi Handlowy will never ask for your system passwords, SafeWord card PINs or any other information generated by SafeWord cards.
How can I change the PIN code for my SafeWord card?
  Notice: Please report any suspicious situations to CitiService.
If you notice any unusual activity on your account, receive a phone call from someone you suspect of impersonating our employee or observe any event which may threaten data security please immediately call CitiService (22) 690 19 81 or send a message to: citiservice.polska@citi.com.