Security Mechanisms in CitiDirect®
CitiDirect has the following 6-level security system:
User Identification and Verification
Each SafeWord card is assigned to a particular User. The card generates dynamic, one-time passwords, which significantly reduce the risk of unauthorized access to CitiDirect, for example as a result of password theft or cracking. In addition, the SafeWord card is protected with a 4-digit PIN code, known only to its holder. Card holders may change their PIN codes at any time.
How can I change the PIN code for my SafeWord card?
- Turn on your SafeWord card with the ON button.
- Enter your current 4-digit PIN code.
- Press the "Pin" button on the SafeWord card keyboard
- When you see the "NEW PIN" message, enter your new 4-digit PIN code.
- When you see "AGAIN," re-enter your 4-digit PIN code– the same as in the previous step.
- The card will confirm that your PIN code has been successfully changed by displaying "SUCCESS" on the screen.
User Entitlement Levels
Multi-level Transaction Authorization
The Bank offers as many as 9 authorization levels. If a higher authorization level is required when making payments in CitiDirect, the security level can be significantly improved.
We recommend our Clients to define at least 1 transaction authorization level.
The Bank also offers other risk mitigating functionalities, like blocking manual submission of payment orders by Users, requiring authorization of created payment templates or defining payment limits. In order to configure such additional security mechanisms, please contact your Relationship Manager.
Encrypted Session and Digital Security Certificate
TLS also protects data integrity. One of its elements is the Message Authentication Code (MAC), which checks if no unauthorized data modification occurred during transmission.
Our electronic banking system https://portal.citidirect.com is secured with a Symantec Class 3 EV SSL CA – G3 digital certificate. This is the digital signature of a site which confirms that the User is in a service owned by Citi Handlowy. The certificate ensures that all confidential transactions executed via CitiDirect are encrypted.
Before you log in to the service, check if the certificate is valid and verify its issuer.
Automatic Session Expiration
- the last login date – concerns Users who have logged into the system or
- the date of creating the user in the system – concerns Users who have never logged into the system.
In order to maintain access to the CitiDirect system on a given SafeWord card, we advice to log into the system at least once every 3 months. A blocked SafeWord card should be replaced with a new one if a User intends to use the CitiDirect system in the future. This intention should be expressed in a separate application.
If your SafeWord card is lost or damaged User should immediately contact CitiService (call (22) 690 19 81 or 801 24 84 24) to block access to CitiDirect.