In the space of 1 week, my citibank was compromised with my phone number swapped out. After the first incident, I had change the password to a randomised one and it happened again, leading me to think it's quite plausible Citibank system had been compromise beyond users control. So, if you have your $ with Citibank, best check your contact details.
wow, didn't know that. That would have been in the news. Slim chance that still on going?
It was. But as the other replyer posted, it was some time ago
Amazing… One would think that this would be one of the first things a pen tester would check.
Update: Found it. To be fair it was 10+ years ago but still unacceptable: https://consumerist.com/2011/06/how-hackers-stole-200000-cit…
All fine on my end. Maybe it's your system that's been compromised?
possibly, but highly unlikely, changed password after 1st incident while I was at work. Work security is quite over the top: like no USB port on pcs o.t.t. And I didn't save the password. So either I did this for kick, or Citi system exploited, or someone somehow able to brute force my password without tripping Citibank system. Either way, there's chance it's my end, but slim chance.
Did you access your Citi account on your personal device after you changed your password?
sure did, my mobile app on my phone. Could be true that my phone is compromised (whose phone isn't, to an extent) But so far only my Citibank account has been attacked. No email or other bank accounts seem to play up.
Safe for me. Thanks for the PSA tho.
and the kicker is, 1st incident didn't warrant an investigation. And the security team doesn't have the authority to raise an security investigation request, you'll have to speak customer service team for that. Glad my balance with them is $0.
my citibank was compromised with my phone number swapped out.
Citibank still use sim 2FA? Amateurs.
I can't update my contact details online without 2FA?
no 2FA for changing phone numbers.
But you needed 2FA to be able to start changing your phone number under My Profile > Personal Information > View / Update Details?
actually, yes, but Citibank gives you 2 options for 2FA: sms or mobile token. To get a mobile token, you just need username and password it seems.
I only received notification about the phone change after the fact, not before.
Wtf I've been trying to withdraw my balance to my ANZ account and it keeps failing (OSKO TRANSFER REVERSAL (name) RECEIVER ACCT CANNOT ACCEPT THIS PYMT), I've even deleted and re-added, and activated the new account. Anyone knows how to get this sorted? Have used this account to transfer funds between accounts during the travel days
are you using payid? otherwise, try the online portal?
No, by bsb acct details. I'm using chrome on phone but its on desktop mode and there's no other option for transfer.
sorry, can't help you there. Probably try again on a computer, otherwise, you should be able to engage chat online and ask them to manually put it in for you.
Ah, I think from citibanks end is trying to do payid but I don't have it on my anz. I ve done below and it still doesn't give me the option to make it a standard transfer, app keeps erroring in the rejected payment screen as well. Frustrating. Wonder how long they ll take to get back to me
You can resubmit this payment as a standard transfer by logging in to your Citibank Mobile® App and navigating to:
Payments > Manage Payments, Payees and your PayID > Rejected Payments
Alternatively, you can log into Citibank Online and navigate to:
Payments and Transfers > PayID > Rejected Payments
Update: the phone number change requests were done over the phone, twice. Can't wait to get away from this Schitybank
hardly surprising.
Weren't they the mob a while ago who had a massive security issue where if you changed your account number in the URL to anything else (and they were sequential) you'd have access to someone elses account? Essentially meaning that if you had the key to any house in a country, you had a key to every house.
They're rubbish.