The following describes the security measures we take to protect your information on the Internet:

128-Bit Encryption
Citibank uses Secured Socket Layer (SSL) for secure transmissions. SSL applies encryption between two communicating computer systems, such as your PC and our corporate Internet server. When your data is transmitted over the Internet, it is encrypted or "scrambled" at the sending end and then decrypted or "unscrambled" at the receiving end. We use 128-bit encryption, the highest level generally available today.

Encryption
Encryption is a technology that allows secure transmittal of information along the Internet by encoding the transmitted data using a mathematical formula that scrambles it. Without a corresponding "decoder," the transmission would look like nonsense text and would be unusable. It can be used with many applications, including electronic commerce (sending credit card numbers for orders or transmitting account information), email messages and sensitive documents.

Basic encryption involves the transmission of data from one party to another. The sender encodes the data by scrambling it, then sends it on. The receiver must decode the data with the correct "decoder" in order to read and use it.

The effectiveness (or level of security) for encryption is measured in terms of how long the key is — the longer the key, the longer it would take for someone without the correct "decoder" to break the code. This is measured in bits, e.g. 40-bit encryption, the level of encryption used with many ordinary browsers, versus the level of encryption recommended to use Account Online. For a 40-bit key, there are 2⁴⁰ possible combinations. For a 128-bit key, there are 2¹²⁸ possible combinations.

Cookie Definition
A cookie is a small piece of information which is created by a web server during a user's visit to a web site. If you configure your web browser to alert you regarding the presence of cookies, you may receive a notice that a web server wishes to set a cookie. There are two kinds of cookies — "persistent" and "transient."

Sometimes we use persistent cookies which remain on the hard drive of your personal computer. We use persistent cookies for a number of purposes including to store your preferences for certain kinds of information, to provide you with access to certain web sites for which you have previously registered, to retrieve information you have provided us previously, etc. You can set your browser to disable cookies or prevent them, or you can delete cookies which have already been set by instructing your browser accordingly. To access some information on our website, you'll have to set your browser to enable cookies. The persistent cookies used on Citi's credit card websites are available only to Citibank or to certain agents of Citibank who are performing services or hosting specific web sites on our behalf.

We may also use transient cookies, which are not stored on your hard drive and are not available to anyone other than Citibank. Transient cookies contain information that identifies you and allows you to navigate on our site from one page to another without requiring you to log in again on each page. When you leave our site, or when your session expires, the transient cookies expire.

CHECK ENCRYPTION

Identify the browser you are currently using:

Internet Explorer

• Select Help on the menu bar
• Choose About Internet Explorer from the drop down menu
• The number in the "Cipher Strength" field is your encryption strength

Netscape

• Select Help on the menu bar
• Choose About Navigator or About Communicator from the drop down menu
• Scroll down and look to the left for the statement that begins, "This version supports U.S. Security with RSA Public Key Cryptography" That indicates a 128-bit encryption level.

Other

• Check your software manual or contact your browser software provider for product specifications.

How to Protect Yourself Online
Here are simple steps you can take to protect yourself from fraud while shopping and banking online.

• Verify the URL (address) of the sites you visit. If you're on a secure site, it should start with https (the "s" indicates it is secure.) A padlock image also should appear at the bottom of your browser window.
• Install anti-virus software and update it regularly with the most current version.
• Use separate passwords and PINs for your Internet accounts and make them difficult for others to guess. Change passwords and PINs frequently.
• Use the logoff button to end a secure session instead of closing your browser.
• Only open email messages sent by people you know.
• Never send personal or financial information by email. (Remember, we will never ask you to provide personal information via email.)
• Review your order confirmations, credit card and bank statements and report any unusual activity immediately.
• Review the security measures recommended by the Better Business Bureau, the U.S. Government and others at the following sites:
  http://www.nipc.gov/warnings/computertips.htm
  http://www.bbb.org/alerts/article.asp?ID=153
  http:/iisw.cerias.purdue.edu/home_computing/topten.php