Skip to main content

Reporting a Vulnerability

The security of your account information is of the utmost importance to us

If you believe you've found a security issue in one of our products or services, we encourage you to notify us.

How to Report a Vulnerability

Please report suspicious e-mails or phishing to To report issues, complaints or questions about banking accounts, cards, fraud, ATMs, or malware via please contact us at 1-800-248-4226, 1-800-945-0258 TDD/TTY (Banking) or 1-800-950-5114, 1-800-325-2865 TDD/TTY (Citi Cards). Any other potential security vulnerabilities can be reported through our Responsible Disclosure Program

Submit report

For the protection of our customers, Citi will not disclose, discuss, or confirm security issues.

Out of Scope Items

This program is not intended for submitting complaints about Citi's services or products, reporting issues with bank accounts, cards fraud, ATMs, malware or asking questions about the availability of Citi's websites or mobile banking services. This program is also not intended for submitting suspicious or phishing e-mails. Please report suspicious e-mails or phishing to

Please note that this program should not be construed as encouragement or permission to perform any of the following activities:

  • Hack, penetrate or otherwise attempt to gain unauthorized access to Citi software or systems in violation of applicable law
  • Disclose or use any proprietary or confidential Citi info or data, including any customer data
  • Adversely impact Citi or the operation of Citi software or systems

Citi does not waive any rights or claims with respect to such activities.