CITI MOBILE® APP ENHANCED SECURITY

Citi Mobile® App Enhanced Security

Citi Mobile® App Enhanced Security

At Citi, we are committed to bringing you a secure and quicker digital banking experience. The new “Citi Mobile® App Enhanced Security” aims to improve the level of security, as well as enhance the customer experience with an in-built enhanced security function for login and transaction authentication without the need for you to input a 6-digit unlock code of Citi Mobile® Token or One-time Password.

This new enhanced security feature update is for Citi Mobile® App only. Customers conducting transactions in Citibank Online Banking will continue to use 6-digit unlock code of Citi Mobile® Token or SMS OTP to complete their transactions.

Feature of “Citi Mobile® App Enhanced Security”:

  • Multi-factor authentication with minimal customer manual input
  • Improved security feature that ensures each user’s account cannot be compromised, cloned or tampered with, even if the device is compromised
  • Each user’s account is cryptographically bound to the user’s specific mobile device at the moment the user activates the enhanced security feature
Secure

Secure

Without 6-digit unlock code of Citi Mobile® Token, authentication with enhanced security feature is as strong as before
Convenient

Convenient

A seamless banking experience by reducing the steps of authentication in Citi Mobile® App.
Enable “Citi Mobile® App Enhanced Security”

Steps to enable “Citi Mobile® App Enhanced Security”

  • Login to Citibank Mobile® App. Read the details and tap “Continue”
  • Enter the One-time Password (OTP) from the SMS
  • Select “OK” to allow the use of Biometric ID and complete the authentication
  • Read the details and tap “Done”, enhanced security function is enabled
Citibank Online Transaction Signing

After updating to the new version of Citi Mobile® App and enrolling to the enhanced security feature, you will no longer be required to use Citi Mobile® Token for certain Citi Mobile® App transactions.

For Citibank Online transactions, there will be no change to the transaction authentication, and you will still use Citi Mobile® Token to perform transaction signings.

For Transaction Signing which is a more sophisticated authentication process for designated online transactions (e.g. add new payees) that require stronger protection. During the process, you will enter a Challenge Code, which will be displayed on Citibank Online when you perform the transaction, into the device to generate a Transaction Authorization Code (TAC) to authorize the transaction.

You can generate the TAC via the following methods:

Citi Mobile® Token : Simply open the Citi Mobile® App and follow few simple steps to generate a Transaction Authorization Code (TAC).


Physical Security Device : Click here to view the steps


Step to authenticate the Citibank Online transaction

Citi Mobile Token OTP is required to authenticate the Citibank Online transaction

Tap on “Citi Mobile® Token” on the login screen of the Citi Mobile® App

Enter your 6-digit Citi Mobile® Token Unlock Code

OTP is displayed. Enter this OTP to where requested to complete your transaction / instruction

Enter the OTP and complete the authentication

Citi Mobile® App Transaction Authentication Service

The new version of Citi Mobile® App and its enhanced security features will be able to deliver a more frictionless online shopping journey with quicker online payment process. You will no longer be required to input SMS OTP to authenticate online transaction on your Citi Credit Card or Debit Card. Instead, you can now authenticate transactions seamlessly via Citi Mobile® App Push Notification.

Steps for Citi Mobile® App Transaction Authentication Service:

  • Instant push notification gets triggered upon payment initiated at merchant page
  • Tap the push notification to launch Citi Mobile® App
  • View transaction details and tap “Proceed” to authorize transaction with Biometric ID or password
  • Transaction gets validated, and you will be redirected back to merchant page

Smart Tips for users who are new to "Citi Mobile® App Transaction Authentication Service":

Enable "Citi Mobile® App Enhanced Security" and Push Notification

  • Login to Citi Mobile® App. Read the details and tap “Continue”
  • Enter the One-time Password (OTP) from the SMS
  • Select “OK” to allow the use of Biometric ID and complete the authentication
  • Read the details and tap “Done”, enhanced security function is enabled
  • Tap the inbox icon at the top right
  • Tap “Enable” for Push Notification to complete setup
FAQs

We have updated our Citi Mobile® App security authentication to provide you with a more convenient and seamless mobile banking experience.

To enroll for the feature, simply follow the instructions in your phone and input the SMS one-time password (OTP) for one-time validation. Enrolling in this will enable you to perform multiple authentications without the need for Unlock Codes or SMS OTPs for certain transactions. In effect, this will replace the Citi Mobile® Token feature in your app.

When you login with your device using the updated security authentication, multiple validations happen in the background of your Citi Mobile® App to confirm that it is really you who is logged in. Rest assured that even with this updated security authentication, we are committed to making sure that your logins and transactions are handled with the same level of security as previous versions of the app.

This feature allows you to experience a more convenient, time-saving, and faster transaction authentication. When you login with your device using the updated security authentication, the Citi Mobile® App will be able to recognize and authenticate you. There is no need for you to input an Unlock Code or SMS OTP when conducting transactions, because the app has already confirmed that you are the person logged in.

You will receive a confirmation SMS and email from us to inform you that the Citi Mobile® App Enhanced Security feature has been successfully activated.

Yes, for this update, if you have updated to the new version of the Citi Mobile® App, you will still be able to use your Citi Mobile® Token to generate OTPs for Citibank Online transactions.

There may be an issue with your telco provider. Please try to turn on and off your airplane mode setting or try restarting the phone. If the issue still persists, please call CitiPhone at +852 2860 0333 for further assistance.

Once you have updated to the new version of the Citi Mobile® App and enrolled into the enhanced security feature, whether you are in Hong Kong or abroad the transactions you conduct in Citi Mobile® App will no longer need the Citi Mobile® Token.

Depending on the circumstances, for example FPS Registration, you may receive SMS OTPs for your transactions.

The app only allows one device to be enrolled in the updated security authentication. You would need to re-enroll with your new device to take advantage of this. Enrolling with the new device will effectively de-enroll the old device from the updated security authentication.

Yes, since there were changes to your username/password, we need to re-authenticate by prompting you to re-enroll for the updated security feature.

You may login to Citibank Online and navigate to "Services" > "Profile & Settings" > "Citi Mobile® App security". Select your device and tap on de-enroll to de-enroll your device from the updated security authentication.

No, there will be no impact and no changes to your existing flow as Citi Mobile® Token or SMS one-time password (OTP) can still be used to access your account and authenticate the transactions in Citibank Online.

You can enable or disable Push Notification at setting page. After selecting the setting icon at top left corner, you can tap “Security”, then “Alerts & Notification”. Select “Enable” or “Disable” Push Notification.

Simply return to the merchant order page and tap “Enter One-time Pin” (OTP) or “Resend OTP” instead. An SMS will be sent to your mobile and you may authorize payment with the OTP in the SMS.

Yes, once you have updated to the latest version of the Citi Mobile® App, you will still be able to authorize online transactions via Push Notification and Citi Mobile® App.

No, once you have updated to the latest version of the Citi Mobile® App, Push Notification is set default to be triggered for online transaction authorization. If Push Notification is not available under any circumstances, you will receive an SMS OTP instead for payment authorization.

You can simply launch the Citi Mobile® App manually and resume the authentication process.

Citibank HK

Citibank HK

Citi Live Chat is now available on Citi Mobile® App

Available on the App Store     Android App on Google play

Click here to learn more about Citi Mobile®

  • Citi Mobile® App makes banking more convenient
  • e-Statement Services Simple, Safe and Secure.