Citibank needs to implement 2FA and MFA for customers
Citibank is in the dark ages when it comes to security for consumers. The only option for two factor authentication for browser access is text message (SMS) based 2FA, the least secure and most inconvenient option: The cell phone might be in another room or battery dead, phone accounts can be hijacked, text messages can be severely delayed, or users may be traveling internationally without a roaming plan. At a minimum, Citibank needs to implement support for industry-standard time-based OTP (e.g. Google Authenticator, Authy, 1Password). Ideally, Citibank would also add support for hardware MFA (e.g Yubikey) as well. Don’t wait for regulators to mandate it, so what’s right for your customers willingly please.