Citi Mobile® App Enhanced Security

Citi Mobile^® App Enhanced Security

At Citi, we are committed to bringing you a secure and quicker digital banking experience. The new “Citi Mobile^® App Enhanced Security” aims to improve the level of security, as well as enhance the customer experience with an in-built enhanced security function for login and transaction authentication without the need for you to input a 6-digit unlock code of Citi Mobile^® Token or One-time Password.

This new enhanced security feature update is for Citi Mobile^® App only. Customers conducting transactions in Citibank Online Banking will continue to use 6-digit unlock code of Citi Mobile^® Token or SMS OTP to complete their transactions.

Feature of “Citi Mobile^® App Enhanced Security”:

Multi-factor authentication with minimal customer manual input
Improved security feature that ensures each user’s account cannot be compromised, cloned or tampered with, even if the device is compromised
Each user’s account is cryptographically bound to the user’s specific mobile device at the moment the user activates the enhanced security feature

Secure

Without 6-digit unlock code of Citi Mobile^® Token, authentication with enhanced security feature is as strong as before

Convenient

A seamless banking experience by reducing the steps of authentication in Citi Mobile^® App.

Enable “Citi Mobile^® App Enhanced Security”

Steps to enable “Citi Mobile^® App Enhanced Security”

Login to Citibank Mobile^® App. Read the details and tap “Continue”
Enter the One-time Password (OTP) from the SMS
Select “OK” to allow the use of Biometric ID and complete the authentication
Read the details and tap “Done”, enhanced security function is enabled

Login with your password via Citibank Mobile^® App. Read the details and tap “Continue”
Enter the One-time Password (OTP) from the SMS
Select “OK” to allow the use of Biometric ID and complete the authentication
Read the details and tap “Done”, enhanced security function is enabled

Citibank Online Transaction Signing

After updating to the new version of Citi Mobile^® App and enrolling to the enhanced security feature, you will no longer be required to use Citi Mobile^® Token for certain Citi Mobile^® App transactions.

For Citibank Online transactions, there will be no change to the transaction authentication, and you will still use Citi Mobile^® Token to perform transaction signings.

For Transaction Signing which is a more sophisticated authentication process for designated online transactions (e.g. add new payees) that require stronger protection. During the process, you will enter a Challenge Code, which will be displayed on Citibank Online when you perform the transaction, into the device to generate a Transaction Authorization Code (TAC) to authorize the transaction.

You can generate the TAC via the following methods:

Citi Mobile^® Token : Simply open the Citi Mobile^® App and follow few simple steps to generate a Transaction Authorization Code (TAC).

Physical Security Device : Click here to view the steps

Step to authenticate the Citibank Online transaction

Citi Mobile Token OTP is required to authenticate the Citibank Online transaction

Tap on “Citi Mobile^® Token” on the login screen of the Citi Mobile^® App

Enter your 6-digit Citi Mobile^® Token Unlock Code

OTP is displayed. Enter this OTP to where requested to complete your transaction / instruction

Enter the OTP and complete the authentication

Citi Mobile^® App Transaction Authentication Service

The new version of Citi Mobile^® App and its enhanced security features will be able to deliver a more frictionless online shopping journey with quicker online payment process. You will no longer be required to input SMS OTP to authenticate online transaction on your Citi Credit Card or Debit Card. Instead, you can now authenticate transactions seamlessly via Citi Mobile^® App Push Notification.

Steps for Citi Mobile^® App Transaction Authentication Service:

Instant push notification gets triggered upon payment initiated at merchant page
Tap the push notification to launch Citi Mobile^® App
View transaction details and tap “Proceed” to authorize transaction with Biometric ID or password
Transaction gets validated, and you will be redirected back to merchant page

Instant push notification gets triggered upon payment initiated at merchant page
Tap the push notification to launch Citi Mobile^® App
View transaction details and tab“Proceed”to authorize transaction with Biometric ID or password
Transaction gets validated, and you will be redirected back to merchant page

Smart Tips for users who are new to "Citi Mobile^® App Transaction Authentication Service":

Enable "Citi Mobile^® App Enhanced Security" and Push Notification

Login to Citi Mobile^® App. Read the details and tap “Continue”
Enter the One-time Password (OTP) from the SMS
Select “OK” to allow the use of Biometric ID and complete the authentication
Read the details and tap “Done”, enhanced security function is enabled
Tap the inbox icon at the top right
Tap “Enable” for Push Notification to complete setup

Login to Citi Mobile^® App. Read the details and tap “Continue”
Enter the One-time Password (OTP) from the SMS
Select “OK” to allow the use of Biometric ID and complete the authentication
Read the details and tap “Done”, enhanced security function is enabled
Tap the inbox icon at the top right
Tap “Enable” for Push Notification to complete setup

FAQs

1. What is the “Updated Citi Mobile^® App security” prompt I am seeing after I have updated the app and logged in for the first time?

We have updated our Citi Mobile^® App security authentication to provide you with a more convenient and seamless mobile banking experience.

To enroll for the feature, simply follow the instructions in your phone and input the SMS one-time password (OTP) for one-time validation. Enrolling in this will enable you to perform multiple authentications without the need for Unlock Codes or SMS OTPs for certain transactions. In effect, this will replace the Citi Mobile^® Token feature in your app.

2. How is this new updated security feature safe?

When you login with your device using the updated security authentication, multiple validations happen in the background of your Citi Mobile^® App to confirm that it is really you who is logged in. Rest assured that even with this updated security authentication, we are committed to making sure that your logins and transactions are handled with the same level of security as previous versions of the app.

3. Upon successfully registering for this enhanced security feature, what impact will it have on my Citi Mobile^® App?

This feature allows you to experience a more convenient, time-saving, and faster transaction authentication. When you login with your device using the updated security authentication, the Citi Mobile^® App will be able to recognize and authenticate you. There is no need for you to input an Unlock Code or SMS OTP when conducting transactions, because the app has already confirmed that you are the person logged in.

4. How will I know if I have successfully registered for this enhanced security feature?

You will receive a confirmation SMS and email from us to inform you that the Citi Mobile^® App Enhanced Security feature has been successfully activated.

5. Will I still be able to use my Citi Mobile^® Token to generate an OTP for my Citibank Online transactions?

Yes, for this update, if you have updated to the new version of the Citi Mobile^® App, you will still be able to use your Citi Mobile^® Token to generate OTPs for Citibank Online transactions.

6. I tapped on "Continue" and entered the SMS OTP to enroll for this enhanced security feature, but I got an error and instead landed on my account summary, will I still be able to enroll for the updated security feature?

Yes, you will still be able to enroll for the updated security authentication. Logout of your current session and re-login to see the prompt.

7. I am not receiving any SMS OTP to enroll for the updated security authentication. What might be the issue?

There may be an issue with your telco provider. Please try to turn on and off your airplane mode setting or try restarting the phone. If the issue still persists, please call CitiPhone at +852 2860 0333 for further assistance.

8. When I enrolled for the updated security authentication, I was asked as well if I would like to enable biometric login (Face ID, Touch ID, Fingerprint Authentication) but I declined since I prefer logging in with a password. Will I still be able to take advantage of the updated security authentication?

Yes, you will still be able to take advantage of the updated security authentication, but we highly recommend that you enable biometric login as well for a highly secure experience.

9. I am currently abroad and have received the updated security prompt. As I am relying on Citi Mobile^® Token for transacting while outside Hong Kong, do I still need to use my Citi Mobile^® Token?

Once you have updated to the new version of the Citi Mobile^® App and enrolled into the enhanced security feature, whether you are in Hong Kong or abroad the transactions you conduct in Citi Mobile^® App will no longer need the Citi Mobile^® Token.

10. I have already updated the app and enrolled for the updated security authentication, why am I still getting an SMS OTP for my transactions?

Depending on the circumstances, for example FPS Registration, you may receive SMS OTPs for your transactions.

11. I enrolled already for the updated security feature in my previous phone but have recently bought a new phone and I am now seeing the prompt again when I login. Am I still enrolled for the updated security authentication?

The app only allows one device to be enrolled in the updated security authentication. You would need to re-enroll with your new device to take advantage of this. Enrolling with the new device will effectively de-enroll the old device from the updated security authentication.

12. I am already enrolled for the updated security feature, but I recently re-installed the Citi Mobile^® App and now I am being prompted again to re-enroll for the updated security feature. Is this usual?

Yes, since you re-installed the app, you will need to re-enroll for the updated security authentication.

13. I recently changed my username/password and now when I login, I am again seeing the prompt to re-enroll for the updated security feature. Is that expected?

Yes, since there were changes to your username/password, we need to re-authenticate by prompting you to re-enroll for the updated security feature.

14. I am enrolled for the updated security feature in my Citi Mobile^® App but I lost my phone. What should I do?

You may login to Citibank Online and navigate to "Services" > "Profile & Settings" > "Citi Mobile^® App security". Select your device and tap on de-enroll to de-enroll your device from the updated security authentication.

15. What if I only use Citibank Online to access my account and do transactions? Will there be an impact?

No, there will be no impact and no changes to your existing flow as Citi Mobile^® Token or SMS one-time password (OTP) can still be used to access your account and authenticate the transactions in Citibank Online.

16. How can I enable or disable the Push Notification in Citi Mobile^® App?

You can enable or disable Push Notification at setting page. After selecting the setting icon at top left corner, you can tap “Security”, then “Alerts & Notification”. Select “Enable” or “Disable” Push Notification.

17. What should I do if I cannot receive any Push Notification when proceeding with payment for my online transaction?

Simply return to the merchant order page and tap “Enter One-time Pin” (OTP) or “Resend OTP” instead. An SMS will be sent to your mobile and you may authorize payment with the OTP in the SMS.

18. Can I authorize online payment with Citi Mobile® App when I am abroad?

Yes, once you have updated to the latest version of the Citi Mobile^® App, you will still be able to authorize online transactions via Push Notification and Citi Mobile^® App.

19. Will I receive an SMS OTP and transaction Push Notification at the same time?

No, once you have updated to the latest version of the Citi Mobile^® App, Push Notification is set default to be triggered for online transaction authorization. If Push Notification is not available under any circumstances, you will receive an SMS OTP instead for payment authorization.

20. What should I do if I have accidentally swiped the Push Notification away?

You can simply launch the Citi Mobile^® App manually and resume the authentication process.