Citi Mobile® Token

Citi Mobile® Token
Your mobile phone is now your Security Device

Citi Mobile® Token Your mobile phone is now your Security Device

At Citibank, we are committed to making Citibank Online a secure banking environment for you. Additional authentication is required for designated online transactions where a higher level of security is needed.
A built-in security token, Citi Mobile® Token, replacing other methods like physical Security Device or One-Time Password (OTP) via SMS, lets you generate an OTP for authenticating designated transactions via Citi Mobile® App anytime, anywhere.

Secure

Secure

Protected by a 6-digit Passcode chosen by you, and restricted to one mobile device of your choice.

Instant

Instant

Direct generation of an OTP, without the need to wait for an SMS anymore.

Convenient

Convenient

Generate an OTP anytime without a physical Security Device or network connection.

Examples of transactions requiring OTP

  • Payments & Transfers
  • Enroll/View e-Statement
  • Stock Trading
How To Activate

Enable Citi Mobile® Token in 3 easy steps

Physical Security Device

Please note that we no longer accept any new Security Device request and current physical Security Device will be sunset by Dec 31, 2017.
For customers who are holding physical Security Device, we recommend you to download Citi Mobile® App and enable Citi Mobile® Token before the sunset date.

To activate your physical Security Device, please log on to Citibank Online, select "My Profile" > "Security Device Activation" .

How OTP works

When you access transactions at Citibank Online that require a One-Time Password (OTP), you will be prompted with a screen. Select your preferred way (one of the following) to generate an OTP. Simply enter the OTP you have generated and click "Continue".

Citi Mobile® Token : Simply open the Citi Mobile® App and follow below steps




Physical Security Device : Press the green button on the device

Transaction Signing

Transaction Signing is a more sophisticated authentication process for designated online transactions that require stronger protection. During the process, you will enter a Challenge Code, which will be displayed on Citibank Online when you perform the transaction, into the device to generate a Transaction Authorization Code (TAC) to authorize the transaction.

Transaction Signing will be required when a banking customer adds a New Payee (Local Payee or Overseas Payee). This is not applicable to customers who only hold credit card with us.


You can generate the TAC via the following methods:

Citi Mobile® Token : Simply open the Citi Mobile® App and follow few simple steps


Physical Security Device : Click here to view the steps

FAQs

One-Time Password (OTP)

Second-level authentication is required for certain online transactions. You will be asked to input OTP when performing these transactions. The OTP can be generated by the Citi Mobile® Token or a Security Device, OR can be received from your registered mobile number via SMS.

Transaction Signing is a more sophisticated authentication process for designated online transactions that require stronger protection. You will need to perform transaction signing using the Citi Mobile® Token or a Security Device in order to add a new payee (local payee or overseas payee).

This is for your added security protection. The One-Time Password and Transaction Signing serve as additional information on top of Card Number and PIN for authentication.

Your Citibank Online User ID and Password remains unchanged. You do not need a One-Time Password to login to Citibank Online.

One-Time Password applies to both session level (require once per logon session) and transaction level (require for certain transaction in the same logon session). Online transactions that require a One-Time Password are those that require a higher level of security. Examples of transactions requiring second-level authentication:

  • • Payments and transfers
  • • Enroll/view e-Statements

No, you only need to perform transaction signing for Adding a New Payee (Local Payee or Overseas Payee).

You will need to perform transaction signing using a Citi Mobile® Token or Security Device in order to add a new payee (local payee or overseas payee). During the process of transaction signing, you will enter a Challenge Code, which will be displayed on Citibank Online when you perform the transaction, into the Citi Mobile® Token or the Security Device to generate a Transaction Authorization Code (TAC) to authorize the transaction.
Credit card only clients will have the option to add a new Merchant payee using the authentication process of Online Authorization Code (OAC) sent to your registered mobile number via SMS. Hence it is not necessary to request for a Security Device.

Citi Mobile® Token

Citi Mobile® Token is a new feature within the Citi Mobile® App to generate a unique, One-Time Password (OTP) in order to authenticate online and mobile transactions. It is an alternative to other authentication methods such as a physical Security Device, or OTP via SMS, yet is more secure, instant and convenient. The Citi Mobile® Token can only be activated with the Citi Mobile® App on ONE mobile device at a time which provides you with an additional level of security.

The benefits of the Citi Mobile® Token are:
Secure - Protected by a 6-digit Passcode chosen by you, and restricted to one mobile device of your choice.
Instant - Direct generation of OTP, without the need to wait for an SMS anymore.
Convenient - Generate an OTP anytime without a physical Security Device or network connection.

For designated online/ mobile transactions which require additional authentication for a higher level of security, you can use the Citi Mobile® Token to generate OTP/ Transaction Authorization Code (TAC) to perform the authentication. Examples of transactions requiring OTP: Payment & Transfers, Enroll/ View eStatement or eAdvice, Stock Trading, Email Address Update. Examples of transaction requiring TAC: Add a New Payee.

No, Citi Mobile® Token is a feature within Citi Mobile® App. Thus, you will not be able to use the Citi Mobile® Token without the Citi Mobile® App.

Yes, Citi Mobile® Token does not require any internet connection to generate an OTP.

You can simply follow a few simple steps to activate Citi Mobile® Token

You can simply log in the Citi Mobile® App and follow a few simple steps to authenticate transactions with the Citi Mobile® Token.

The steps are similar to generating a TAC with the physical Security Device. You can simply log in the Citi Mobile® App and follow a few simple steps to generate a TAC with the Citi Mobile® Token.

Your unique 6-digit Citi Mobile® Token Passcode ensures that only you have access to the Citi Mobile® Token activated device and can generate an OTP and / or TAC. For security reasons and to protect your interests, you should not share your Passcode with anyone. You can change your Passcode in the Settings of Citi Mobile® App when necessary.

You can reset the Passcode by signing on the Citi Mobile® App and entering an OTP SMS sent to your registered mobile phone number. Simply follow the “Forgot Passcode” on the Citi Mobile® Token page to reset it.

Your OTP authentication may be unsuccessful because you have entered an incorrect Citi Mobile® Token Passcode. Please try again with a correct Passcode. If you have entered an incorrect Passcode for more than a number of times in a row, you will no longer be able to log in to your Citibank Online and the Citi Mobile® App for security reasons. Please call CitiPhone at (852) 2860 0333 to release your account.

For security reasons, your Citi Mobile® Token can only be activated on ONE mobile device at a time. If you would like to change the mobile device on which your Citi Mobile® Token is activated, simply complete the activation process on the mobile device you would like to change to. Once the activation is completed, the Citi Mobile® Token on the previous device will be automatically deactivated immediately.

For security reasons, your Citi Mobile® Token can only be activated on ONE mobile device at a time. We strongly recommend you register the Citi Mobile® Token on your personal device that you commonly use.

There are 3 ways to deactivate your Citi Mobile® Token:
1. Log in to your Citibank Online and go to Services → My Profile → Deactivate Citi Mobile® Token
2. Enable the Citi Mobile® Token on another mobile device. The Citi Mobile® Token on the previous mobile device will automatically be deactivated instantly.
3. Call CitiPhone at (852) 2860 0333 to deactivate your Citi Mobile® Token.

Simply activate the Citi Mobile® Token on your new mobile device; the Citi Mobile® Token will be automatically deactivated on the previous device.

You should deactivate the Citi Mobile® Token immediately by the methods mentioned in Q22.

For the time being, you can still use your physical Security Device or get an OTP via SMS. However, Citi Mobile® Token offers you a more secure, instant and convenient way to authenticate online and mobile transactions. Generating an OTP with the physical Security Device will no longer be available after December 31, 2017.

Once you have activated the Citi Mobile® Token, it becomes your primary mode of authentication for all transactions made through the Citi Mobile® App. Simply input your 6-digit Citi Mobile Token Passcode and your transaction will be automatically authenticated.

Security Device

Your Security Device is a personalized device that randomly generates a 6-digit One-Time Password that works with your account only when a higher level of security is required. Starting from July 26, 2015, the Security Device will support Transaction Signing to enhance online banking security.

Please activate your Security Device at Citibank Online before use. Logon to Citibank Online, select "My Profile" > "Security Device Activation"

No. The Security Device is free of charge.

If you lose or damage your Security Device, please call 24-hour CitiPhone Banking (852) 2860 0333 to request a replacement.

The Security Device sent to you has been assigned to your profile, and you will have to activate it in Citibank Online before use. This will prevent others from using your Security Device during delivery.

DOs DON'Ts
Keep your Security Device in a safe and secured place at all times. Allow anyone to use or obtain your Security Device.
Store your Security Device in a dry and cool environment, away from water or extremely high temperatures. Leave your Security Device unattended or exposed with the One-Time Password displayed on the screen.
Personalize your Security Device so that it is recognizable by you. Reveal your Security Device serial number or One-Time Password to anyone.
Contact us on 24-hour CitiPhone Banking (852) 2860 0333 immediately if you lose or damage your Security Device. Drop your Security Device from great heights, step on it, or attempt to dismantle it.
Inform us when the message "BATT" appears on your Security Device. This indicates that the battery is running low. Label your Security Device with your name, passport number or any other information that may identify you as the owner of the Security Device.

One-Time Password (OTP) SMS

Yes, the One-Time Password (OTP) SMS can be sent to both Hong Kong and overseas mobile phone numbers.

Please click here to download an application form to update your mobile number.
After successful update, the OTP will be sent to the new mobile phone number.

Citibank HK

Download Citi Mobile® App and enable Citi Mobile® Token today.

Available on the App Store     Android App on Google play

Click here to learn more about Citi Mobile®

  • Citibank Mobile. Logon with your mobile to enjoy fabulous offers.
  • e-Statement Services Simple, Safe and Secure.