Warning about COVID-19 Scams:
Be aware that fraudsters are sending text messages and emails claiming to be the NHS, offering the opportunity to sign up for the COVID-19 vaccine. The text or email will ask the recipient to click on a link which will take them to an online form which requests personal and financial details:
- Do not click on links shared via text message and email or input any personal or financial information.
- The NHS will never ask you for your bank account information, card details, PIN or banking password.
- The NHS will never ask you to prove your identity by sending copies of personal documents such as your passport.
If you believe you have been a victim of this scam then please contact us immediately on 0800 00 55 00.
Warning about Investment Scams
We have become aware of attempts to impersonate Citibank UK Limited and Citigold Wealth Management through emails, cold calls and fake websites purporting to represent Citi and to offer our products. These fraudsters are sophisticated and in some instances are replicating our genuine product and service documentation.
Recently, fraudsters have been offering consumers fake high interest, fixed rate COVID vaccine bonds referencing legitimate Pharmaceutical companies (e.g. Pfizer), whilst using Citibank UK Limited’s firm reference number, address and logo.
Here are some ways in which to identify Investment Scams:
- If you have been approached by an email, call or text message offering an investment opportunity.
- If you found a website which is selling Citi investment products and offering you low risk investment for a high return.
- A fake site, a caller or someone behind an email may ask you to pay or transfer money by online payments or wire transfer.
- Fraudsters may try to rush or pressurise you into making decisions. A legitimate company would never force you taking a rushed decision regarding your investments & wealth.
- The offer seems too good to be true; High return with low risk. Don’t proceed until you are comfortable the offer is legitimate.
If you’re suspicious about an investment or opportunity then please contact us immediately via www.citibank.co.uk or 0800 00 55 00.
Please visit this website to learn more about Investment Scams and how they operate: https://www.youtube.com/watch?v=V54GH_GgiMY
In order to protect yourself, please remember:
- We would never cold call or email you to offer an investment opportunity out of the blue.
- In order to make investment with Citibank UK Limited, you need to have an account with us. We would always open an account face to face, not over the phone or via email.
- We would only email you using @citi.com domain and we do not use any variations of this.
- We would never promise a low risk investment for a high return.
- If you have any doubt, call us immediately on 0800 00 55 00.
Please also take FCA’s quick Scam Smart Test: https://www.fca.org.uk/scamsmart/scam-or-smart-game
New Citi security alerts
We will continue to alert you by SMS if we identify suspicious debit card purchases, however you may now also receive an email or an automated call.
our number has changed. We will only ever ask you to reply to alerts sent from:
+44 7860 065 121 (outside UK)
+448082800912 (outside UK)
Payment Services Directive 2 (PSD2)
Payment Services Directive 2 (PSD2)
Further changes resulting from the European Union’s Payment Services Directive 2 (PSD2) are coming into effect on 14 March 2020. These changes are designed to better protect you when you make payments and access your transaction details. Please be aware that additional changes will come into effect later in 2020 and in 2021 and we will write to you in advance detailing those changes.
What does it mean for Citi clients?
This means there will be extra levels of security when you take certain actions related to making payments and accessing your information.
What changes should I expect?
Some of your transactions may require additional levels of security
The new Strong Customer Authentication (SCA) requirements will have an impact on the way you transact on your account. They will require a higher level of authentication (authorisation by you) for certain types of transactions, e.g. where you are paying someone you have never paid before. This includes the introduction of two-factor authentication and generation of an authentication code for certain transactions. A factor can be one of the following options:
Knowledge: Something only you know (e.g. your Citi Unlock Code)
Possession: Something only you have (e.g. your Mobile phone)
Inherence: Something unique to you (e.g. your Fingerprint)
Two different factors will be required to make certain types of transaction e.g. When you are using the Citi Mobile © UK App, your two factor authentication will be Knowledge (your Citi Unlock Code) AND Possession (the presence of the app on your Mobile Phone).
An authentication code will be generated based on this two-factor authentication.
Changes to the way you transact on your account
Citi Mobile® Token – Push Notification on your mobile phone
If you have enabled Citi Mobile® Token with Push Notifications (a pop –up notification on your phone), you won’t need to enter an authentication code for your transactions, instead, you will be asked to authenticate yourself within the app, and an authentication code will be generated and verified automatically. You will be asked to opt in for this feature when you open your Citi Mobile® UK App.
If you have not enabled Citi Mobile® Token with Push Notifications, you will be asked to authenticate manually by generating a code using Citi Mobile® Token or using an SMS One-Time Password (an “SMS OTP”).
If you receive an SMS OTP, this will include the payee nickname and transaction amount in order to provide greater clarity on which transactions the OTP is being used to verify.
You will no longer be able to complete a transaction with just your signature.
As Citi Debit Cards have chip functionality, you will no longer be able to complete a transaction using your signature where the payment machine is chip-enabled. Instead, you must authenticate using your PIN.
Extra levels of security for your contactless payments
Occasionally you will be asked to put your card into a payment machine and provide your PIN, rather than using the contactless option. This is an extra level of security to ensure it is you that is using your card. We may ask you for your pin on the sixth contactless payment. There are some types of payments that are not included in this change (e.g. unattended terminals).
To better improve your contactless payment experience, we will be issuing new cards to a number of clients over the coming months. We will notify you if this is relevant to your card.
Changes to the way you access your account online
Additional security measures for accessing transactions.
Every 90 days we will ask you to authenticate yourself using either the Citi Mobile® Token or SMS OTP when logging in to Citi Online or your Citi Mobile® UK App
Within these 90 days, we will be able to provide you access to your balance and transactional information up to 90 days old without continuing to ask for verification. If you want to access transactional information older than 90 days, we will ask you to authenticate yourself using either the Citi Mobile® Token or SMS OTP.
Depending on the actions you are taking on your account we may ask you to authenticate yourself at other times.
Third party payment service provider (TPP) and their permissions when accessing your account
A TPP can allow you to view your accounts with us and other banks in one place as well as allowing you to make payments directly from your account. TPPs can only access your account information and make payments from your account with your permission. If you allow a TPP access we will treat an instruction from a TPP as if it was from you.
TPPs have to be authorised by the UK’s Financial Conduct Authority (FCA) or another European Regulator before allowing them to access your account. TPP’s are also required to comply with the PSD2 requirements by 14 March 2020 and this will change the way in which they can access your account. Where a TPP is not compliant, we are not able to permit them to continue accessing your account in the same way they used to and you may receive unexpected SMS OTPs during this time. In order to prevent these SMS OTPs from occurring, the best thing you can do is contact your TPP to remove their access.