Citibank Direct Access

Citibank's Global Customer Privacy Promise.

What are Cookies?

How does Direct Access protect customer information and account data?

What is encryption?

How is encryption used?

How does encryption work?

How secure is encryption?

What level of encryption protection does Direct Access 6.1 support?

Citibank considers customer confidentiality one of our very highest priorities and we employ every appropriate measure to safeguard it. This simple fact remains whether our customers interact with us in a branch, over a telephone, at an ATM or via Direct Access.

Below you will find a description of the security measures used with Direct Access as well as a summary of data encryption, one of the most effective methods used to protect electronic information.

Citibank's Global Customer Privacy Promise.
While information is the cornerstone of our ability to provide superior service, our most important asset is our customer's trust. Keeping customer information secure, and using it only as our customers would want us to, is a top priority for all of us at Citibank. Here then, is our promise:

We will safeguard, according to the strictest standards of security and confidentiality, any information our customers share with us.
We will limit the collection and use of customer information to the minimum we require to deliver superior service to our customers, which includes advising our customers about our products, services and other opportunities, and to administer our business.
Only authorized Citibank employees, who are trained in the proper handling of customer information, will have access to that information. Employees who violate our privacy promise will be subject to our normal disciplinary process.
We will not reveal customer information to any other organization unless we have previously informed the customer in disclosures or agreements, been authorized by the customer, or are required by law.
We will always maintain full control and privacy of our customer information. In accordance with that control, and as an advocate for our customers, we may facilitate relevant offers from reputable companies. These companies are not permitted to retain any customer information unless the customer has specifically expressed interest in their products or services.
We will tell customers in plain language in all our agreements and at least once annually, how they may remove their names from marketing lists. At any time, customers can contact us to remove their names from marketing solicitations.
Whenever we hire other organizations to provide support services, we will require them to conform to our privacy standards and to allow us to audit them for compliance.
We will exchange information about our customers only with reputable credit reporting or verification sources.
We will attempt to keep our customer files complete, up-to-date and accurate. At a customer's request, we will supply account information (except when we're prohibited by law). We will tell our customers how and where to notify us about errors, and we will promptly make corrections.
We will provide customers with local access to their information in Citibank processing centers, wherever located.

We will continuously assess ourselves to ensure that customer privacy is respected. We will conduct our business in a manner that fulfills our promise in the many nations in which we do business.

Return to top

What are Cookies?
In order to provide better service, we will occasionally use a 'cookie'. A cookie is a small piece of information which a Web site stores on your Web browser on your PC and can later be retrieved. The cookie cannot be read by a Web site other than the one that set the cookie. We use cookies for a number of administrative purposes, for example, to store your preferences for certain kinds of information or to store a password so that you do not have to input it every time you visit our site. Most cookies last only through a single session, or visit. None will contain information that will enable anyone to contact you via telephone, e-mail, or 'snail mail'. You can set up your Web browser to inform you when cookies are set or to prevent cookies from being set.

Return to top

How does Direct Access protect customer information and account data?
With Direct Access, customer information and account data is protected by two independent security protocols: data encryption and a verifiable Personal Identification Number (PIN).

When customers use Direct Access, they are first prompted to enter their PIN*. The Citibank computer will not send any account information to the customer's computer unless the PIN associated with the customer's Citicard^® number has been correctly entered.

All information that passes between Citibank and the customer's computer is put through data encryption -- a sophisticated encoding system. Data encrypted information can only be accessed and used by the correct "decoder".

Return to top

What is encryption?
Encryption technology allows secure transmittal of information along the Internet by encoding the transmitted data using a mathematical formula that scrambles the data. Without a corresponding "decoder," the transmission would look like nonsense text and would be unusable.

Return to top

How is encryption used?
Encryption technology can be used for a host of applications, including electronic commerce (sending credit card numbers for orders or transmitting account information), e-mail messages, and sensitive documents.

Return to top

How does encryption work?
Basic encryption involves the transmission of data from one party to another. The sender encodes the data by scrambling it, then sends it on. The receiver must decode the data with the correct "decoder" in order to read and use it.

Return to top

How secure is encryption?
The effectiveness (or level of security) for encryption is measured in terms of how long the key is -- the longer the key, the longer it would take for someone without the correct "decoder" to break the code. This is measured in bits (e.g., 40-bit encryption, the level of encryption used with many ordinary browsers, versus 128-bit encryption, the level of encryption required to use Direct Access).

For a 40-bit key there are 2⁴⁰ possible different combinations. For a 128-bit key (the level of encryption that Citibank requires) there are 2¹²⁸ possible different combinations.

According to Netscape, 128-bit encryption is 309,485,009,821,345,068,724,781,056 times more powerful than 40-bit encryption.

Return to top

What level of encryption protection does Direct Access 6.1 support?
All transmission of customer information through Direct Access is encrypted using 128-bit encryption technology which currently is the strongest generally available. Your browser is probably 40-bit if you haven't specifically downloaded 128-bit.

According to Netscape, 128-bit encryption is 309,485,009,821,345,068,724,781,056 times more powerful than 40-bit encryption.

Return to top

*Citibank customers use the same PIN that they use at Citicard Banking Centers^® and other ATMs. If you suspect that someone knows your PIN, you can change it very easily using Direct Access. You can also change your PIN by visiting your nearest Citibank branch or by calling 1-800-446-5331.