CITIFINANCIAL/CITIFINANCIAL PLUS SECURITY STATEMENT


This explains our cookies and security policies and provides information regarding server authentication and data encryption.

Cookies
In order to provide better service or to address security hazards, we will occasionally use a "cookie." A cookie is a small piece of information which a Web site stores on your Web browser on your PC and can later retrieve. The cookie cannot be read by a Web site other than the one that set the cookie. We use cookies for a number of administrative purposes; for example, to store your preferences for certain kinds of information or to store a password so that you do not have to input it every time you visit our site. Most cookies last only through a single session, or visit to our site. None will contain information that will enable anyone to contact you via telephone, e-mail, or any other means. You can set up your Web browser to inform you when cookies are set or to prevent cookies from being set.

Security Policy
To provide additional assurance of the privacy and security of personal information during Internet transfers, we use the SSL (Secure Sockets Layer) protocol that is built into most Web browsers. In order to apply online, your browser must support SSL protocol. (Keep in mind - most browsers do.)

Server Authentication
Secure Sockets Layer provides a way to verify that you are in fact logging on to our server and not a site that is impersonating our server. Our server sends the public key to your browser program before you log on with us. SSL lets you verify the identity of a server by viewing the site's certificate. A certificate is a way of associating a public key to a name. You can be sure you are logged on to our server by viewing our certificate through your browser program. This can be seen on the first page of the online application or login screen.

Data Encryption
Once SSL has authenticated the server, your browser and our server will establish a secret symmetric key. This symmetric key allows your browser and our server to exchange encrypted data and is valid for a single session only. If you log out and later come back to our website, your browser and our server will negotiate a different symmetric key automatically. The symmetric key protects all of your communications with us.

   
Citigroup Privacy Promise
Terms, conditions, caveats and small print
Copyright © 2007 Citigroup Inc.
CitiFinancial.com | State Licensing