Your Security is Our Goal

The following describes the security measures we take to protect your information on the Internet:

We recommend periodically changing your password every 30-60 days. To change your password, sign on and go to the Manage My Account menu and select Update Account Profile. For additional security password tips view User ID and Password Guidelines.

128-Bit Encryption
We use Secured Socket Layer (SSL) for secure transmissions. SSL applies encryption between two communicating applications, such as your PC and our corporate Internet server. When your data is transmitted over the Internet, it is encrypted or "scrambled" at the sending end and then decrypted or "unscrambled" at the receiving end. We use 128-bit encryption, the highest level generally available today.

Encryption is a technology that allows secure transmittal of information along the Internet by encoding the transmitted data using a mathematical formula that scrambles it. Without a corresponding "decoder," the transmission would look like nonsense text and would be unusable. It can be used with many applications, including electronic commerce (sending credit card numbers for orders or transmitting account information), email messages and sensitive documents.

Basic encryption involves the transmission of data from one party to another. The sender encodes the data by scrambling it, then sends it on. The receiver must decode the data with the correct "decoder" in order to read and use it.

The effectiveness (or level of security) for encryption is measured in terms of how long the key is - the longer the key, the longer it would take for someone without the correct "decoder" to break the code. This is measured in bits, e.g. 40-bit encryption, the level of encryption used with many ordinary browsers, versus the level of encryption recommended to use Account Online. For a 40-bit key, there are 240 possible combinations. For a 128-bit key, there are 2128 possible combinations.

Cookie Definition
A cookie is a small piece of information which is created by a web server during a user's visit to a website. If you configure your web browser to alert you regarding the presence of cookies, you may receive a notice that a web server wishes to set a cookie. There are two kinds of cookies - "persistent" and "transient."

Sometimes we use persistent cookies which remain on the hard drive of your personal computer. We use persistent cookies for a number of purposes including to store your preferences for certain kinds of information, to provide you with access to certain websites for which you have previously registered, to retrieve information you have provided us previously, etc. You can set your browser to disable cookies or prevent them, or you can delete cookies which have already been set by instructing your browser accordingly. The persistent cookies used on Citibank, N.A. credit card Websites are available only to Citibank, N.A. or to certain agents of Citibank, N.A. who are performing services or hosting specific websites on our behalf.

We may also use transient cookies, which are not stored on your hard drive and are not available to anyone other than Citibank, N.A. Transient cookies contain information that identifies you and allows you to navigate our site from one page to another without requiring you to log in again on each page. When you leave our site, or when your session expires, the transient cookies expire.