- Home
- |
- Ways to Bank
- |
- Online and Mobile Services
- |
- Citi Mobile® App Enhanced Security
At Citi, we are committed to bringing you a secure and quicker digital banking experience. The new “Citi Mobile® App Enhanced Security” aims to improve the level of security, as well as enhance the customer experience with an in-built enhanced security function for login and transaction authentication without the need for you to input a 6-digit unlock code of Citi Mobile® Token or One-time Password.
This new enhanced security feature update is for Citi Mobile® App only. Customers conducting transactions in Citibank Online Banking will continue to use 6-digit unlock code of Citi Mobile® Token or SMS OTP to complete their transactions.
Feature of “Citi Mobile® App Enhanced Security”:
- Multi-factor authentication with minimal customer manual input
- Improved security feature that ensures each user’s account cannot be compromised, cloned or tampered with, even if the device is compromised
- Each user’s account is cryptographically bound to the user’s specific mobile device at the moment the user activates the enhanced security feature

Secure
Without 6-digit unlock code of Citi Mobile® Token, authentication with enhanced security feature is as strong as before
Convenient
A seamless banking experience by reducing the steps of authentication in Citi Mobile® App.Steps to enable “Citi Mobile® App Enhanced Security”
After updating to the new version of Citi Mobile® App and enrolling to the enhanced security feature, you will no longer be required to use Citi Mobile® Token for certain Citi Mobile® App transactions.
For Citibank Online transactions, there will be no change to the transaction authentication, and you will still use Citi Mobile® Token to perform transaction signings.
For Transaction Signing which is a more sophisticated authentication process for designated online transactions (e.g. add new payees) that require stronger protection. During the process, you will enter a Challenge Code, which will be displayed on Citibank Online when you perform the transaction, into the device to generate a Transaction Authorization Code (TAC) to authorize the transaction.
You can generate the TAC via the following methods:
![]() |
Citi Mobile® Token : Simply open the Citi Mobile® App and follow few simple steps to generate a Transaction Authorization Code (TAC). |
![]() |
Physical Security Device : Click here to view the steps |
Step to authenticate the Citibank Online transaction

Citi Mobile Token OTP is required to authenticate the Citibank Online transaction

Tap on “Citi Mobile® Token” on the login screen of the Citi Mobile® App

Enter your 6-digit Citi Mobile® Token Unlock Code

OTP is displayed. Enter this OTP to where requested to complete your transaction / instruction

Enter the OTP and complete the authentication
The new version of Citi Mobile® App and its enhanced security features will be able to deliver a more frictionless online shopping journey with quicker online payment process. You will no longer be required to input SMS OTP to authenticate online transaction on your Citi Credit Card or Debit Card. Instead, you can now authenticate transactions seamlessly via Citi Mobile® App Push Notification.
Steps for Citi Mobile® App Transaction Authentication Service:
Smart Tips for users who are new to "Citi Mobile® App Transaction Authentication Service":
![]() |
Enable "Citi Mobile® App Enhanced Security" and Push Notification |
We have updated our Citi Mobile® App security authentication to provide you with a more convenient and seamless mobile banking experience.
To enroll for the feature, simply follow the instructions in your phone and input the SMS one-time password (OTP) for one-time validation. Enrolling in this will enable you to perform multiple authentications without the need for Unlock Codes or SMS OTPs for certain transactions. In effect, this will replace the Citi Mobile® Token feature in your app.
When you login with your device using the updated security authentication, multiple validations happen in the background of your Citi Mobile® App to confirm that it is really you who is logged in. Rest assured that even with this updated security authentication, we are committed to making sure that your logins and transactions are handled with the same level of security as previous versions of the app.
This feature allows you to experience a more convenient, time-saving, and faster transaction authentication. When you login with your device using the updated security authentication, the Citi Mobile® App will be able to recognize and authenticate you. There is no need for you to input an Unlock Code or SMS OTP when conducting transactions, because the app has already confirmed that you are the person logged in.
You will receive a confirmation SMS and email from us to inform you that the Citi Mobile® App Enhanced Security feature has been successfully activated.
Yes, for this update, if you have updated to the new version of the Citi Mobile® App, you will still be able to use your Citi Mobile® Token to generate OTPs for Citibank Online transactions.
Yes, you will still be able to enroll for the updated security authentication. Logout of your current session and re-login to see the prompt.
There may be an issue with your telco provider. Please try to turn on and off your airplane mode setting or try restarting the phone. If the issue still persists, please call CitiPhone at +852 2860 0333 for further assistance.
Yes, you will still be able to take advantage of the updated security authentication, but we highly recommend that you enable biometric login as well for a highly secure experience.
Once you have updated to the new version of the Citi Mobile® App and enrolled into the enhanced security feature, whether you are in Hong Kong or abroad the transactions you conduct in Citi Mobile® App will no longer need the Citi Mobile® Token.
Depending on the circumstances, for example FPS Registration, you may receive SMS OTPs for your transactions.
The app only allows one device to be enrolled in the updated security authentication. You would need to re-enroll with your new device to take advantage of this. Enrolling with the new device will effectively de-enroll the old device from the updated security authentication.
Yes, since you re-installed the app, you will need to re-enroll for the updated security authentication.
Yes, since there were changes to your username/password, we need to re-authenticate by prompting you to re-enroll for the updated security feature.
You may login to Citibank Online and navigate to "Services" > "Profile & Settings" > "Citi Mobile® App security". Select your device and tap on de-enroll to de-enroll your device from the updated security authentication.
No, there will be no impact and no changes to your existing flow as Citi Mobile® Token or SMS one-time password (OTP) can still be used to access your account and authenticate the transactions in Citibank Online.
You can enable or disable Push Notification at setting page. After selecting the setting icon at top left corner, you can tap “Security”, then “Alerts & Notification”. Select “Enable” or “Disable” Push Notification.
Simply return to the merchant order page and tap “Enter One-time Pin” (OTP) or “Resend OTP” instead. An SMS will be sent to your mobile and you may authorize payment with the OTP in the SMS.
Yes, once you have updated to the latest version of the Citi Mobile® App, you will still be able to authorize online transactions via Push Notification and Citi Mobile® App.
No, once you have updated to the latest version of the Citi Mobile® App, Push Notification is set default to be triggered for online transaction authorization. If Push Notification is not available under any circumstances, you will receive an SMS OTP instead for payment authorization.
You can simply launch the Citi Mobile® App manually and resume the authentication process.
![]() Citibank HK |
Citi Live Chat is now available on Citi Mobile® App Click here to learn more about Citi Mobile® |