CITI MOBILE® APP ENHANCED SECURITY FUNCTION

Citi Mobile® App Enhanced Security Function

Citi Mobile® App Enhanced Security Function

At Citi, we are committed to bringing you a secure and fast banking experience. The new “Citi Mobile® App Enhanced Security Function” aims to improve the level of security, as well as enhance the customer experience with an in-built advanced security function for identity and transaction authentication without the need for you to input a 6-digit unlock code for Citi Mobile® Token or a One-time Password for your Citi Mobile® App and Citibank Online transactions.

This new enhanced security function update is for Citi Mobile® App and Citibank Online. Once you enabled the Citi Mobile® App Enhanced Security Function, your device and account are cryptographically bounded and a 6-hour cooling-off period will be required. You will be able to enjoy full access to Citi Mobile® App and Citibank Online services after cooling-off period ends. No additional authentication (e.g. SMS One-Time Password) is required for transaction after login.

When authenticating your service and transaction at Citibank Online, you can simply scan the QR code with our QR Scanner at pre-login page in your bounded Citi Mobile® App.

Feature of “Citi Mobile® App Enhanced Security Function”:

  • Multi-factor authentication with minimal customer manual input
  • Each user’s account could only bound to one user’s specific mobile device at all time when “Citi Mobile® App Enhanced Security” setting is registered
  • User’s accounts are protected by a 6-hour cooling-off period upon registration with additional authentications and restrictions to high-risk transactions in both Citi Mobile® App and Citibank Online.
Secure

Secure

Without 6-digit unlock code of Citi Mobile® Token, authentication with enhanced security feature is as strong as before
Convenient

Convenient

A seamless banking experience by reducing the steps of authentication in Citi Mobile® App.
Enhanced Security Function

Register Enhanced Security Function in Citi Mobile® App

  • Login to Citi Mobile® App. Read the details and tap “Continue”
  • Enter the One-time Password (OTP) from SMS
  • "Citi Mobile® App Enhanced Security Function“ has been enabled

Make sure your device has passcode/ biometric or any form of screen lock protection to proceed registration.

You will be protected by a 6-hour Cooling-off Period upon Enhanced Security Function Registration

Citi Mobile® App

  • Log in to Citi Mobile® App
  • Perform high-risk transactions, e.g. Personal information update/ Add payee/ FPS Fund Transfer etc.
  • Transactions are prohibited during the 6-hour cooling-off period.

Citibank Online

  • Log in to Citibank Online
  • Perform high-risk transactions, e.g. Personal information update/ Add payee/ Set up Autopay etc.
  • Transactions are prohibited during the 6-hour cooling-off period.
QR Authentication

We are updating our Citibank Online security authentication to provide you with an even more secure, convenient and seamless mobile banking experience.

This updated feature, "QR Authentication" Function, provides you with simplified and secure authentication when using Citibank Online.

Simply enable the enhanced security feature on your mobile app. Then, all you need to do is tap on "QR Scan" then select "Citi Scan and Pay/ QR Authentication" on your mobile app login page and scan the newly-generated Citibank Online QR code to complete your authentication.

For security reason, do not share your QR code to others.

Step to use "QR Authentication" Function

On Citibank Online, request to scan the QR Code which will be generated when a service/ transaction requires additional authentication

Tap “QR Scan” on Citi Mobile® App login page

Tap “Citi Scan and Pay / QR Authentication”

Scan the QR Code shown on Citibank Online

Review the service/ transaction details and tap “Proceed” to authenticate

Verify your identity via biometric ID or password

Successful authentication of service/ transaction on Citi Mobile® App

Successful authentication of service/ transaction on Citibank Online

Online Purchase Authentication

The new version of Citi Mobile® App and its enhanced security features will be able to deliver a more frictionless online shopping journey with quicker online payment process. You will no longer be required to input SMS OTP to authenticate online transaction on your Citi Credit Card or Debit Card. Instead, you can now authenticate transactions seamlessly via Citi Mobile® App Push Notification.

Steps for Citi Mobile® App Transaction Authentication Service:

  • Instant push notification gets triggered upon payment initiated at merchant page
  • Tap the push notification to launch Citi Mobile® App
  • View transaction details and tap “Proceed” to authorize transaction with Biometric ID or password
  • Transaction gets validated, and you will be redirected back to merchant page

Smart Tips for users who are new to "Citi Mobile® App Transaction Authentication Service":

Enable "Citi Mobile® App Enhanced Security" and Push Notification

  • Login to Citi Mobile® App. Read the details and tap “Continue”
  • Enter the One-time Password (OTP) from the SMS
  • Select “OK” to allow the use of Biometric ID and complete the authentication
  • Read the details and tap “Done”, enhanced security function is enabled
  • Tap the inbox icon at the top right
  • Tap “Enable” for Push Notification to complete setup
FAQs

To better protect you from digital fraud, we have introduced Citi Mobile® App Enhanced Security Function which allows you to bind Citi Mobile® App with a trusted device using cryptographic technology.

After successful binding, registered Citi Mobile® App could be used to conduct secured authentications for digital banking transactions or online purchase  with in-app password or biometric authentication without manual input 6 digit unlock code or SMS OTP.

To register the function, simply follow the instructions in your phone and input the SMS one-time password (OTP) for one-time validation, you will then be protected by 6-hour cooling-off period with additional authentication and restrictions on high risk transactions conducted in Citi Mobile® App and Citibank Online.

This is to ensure you authenticate digital transactions or online purchase securely only with Citi Mobile® App registered in a trusted device. You can choose not to register the Function, however, you will be not be able to perform high risk transactions such as add payee and FPS fund transfer in app.

As transactions are authenticated in app with your account password or biometric authentication, it is a stronger preventive measure to digital fraud like SMS phishing attack. 

Moreover, to protect you from unauthorized transactions when someone is trying to takeover your account, your account may be subjected to 6-hour Cooling-off Period with restriction to high risk transactions under below scenarios:
1. First time Enhanced Security Function registration
2. Re-registration due to changes in password or biometric authentication
3. Re-registration due to app re-installment or device changes
4. Re-registration after manual deregistration in Citibank Online 

If you have not registered Enhanced Security Function, you will see the registration prompt for binding Citi Mobile® App with your device every time you login the App. Make sure you always have a device screen lock protection to complete registration or keep this Enhanced Security Function active.

Alternatively, you can follow below steps to check registration status in Citibank Online: 
1. Login and select “Setting and More” in left menu
2. Select “Security” and “Disable Citi Mobile® Token / Enhanced Security Function”
3. Select “Security Device or Citi Mobile Token”  and “Citi Mobile® App Security Management"

Upon successful authentication, you will receive a confirmation SMS and email from us to inform you that the Citi Mobile® App Enhanced Security Function has been successfully registered.

As biometric authentication registration is not mandatory for Citi Mobile® App user, user who has not enabled biometric authentication will still be able to registered Enhanced Security Function with password login only and hence will only receive 1 notification about Enhanced Security Function registration with password. However, we highly recommend you to register both for a safer and more seamless experience.

You could only perform high risk transaction in Citi Mobile® App and Citibank Online after the 6-hour Cooling-Off Period.

There may be an issue with your telco provider. Please try to turn on and off your airplane mode setting or try restarting the phone. If the issue still persists, please call us at +852 2860 0333 for further assistance.

No, Once you have complete Enhanced Security Function registration, you will no longer need to use Citi Mobile® Token for authentication.

Depending on the circumstances, for example FPS Registration, SMS OTP validation is required. 

Additional Authentication might also be required due to security reason.

You should firstly deregister Enhanced Security Function in Citibank Online following below steps:
1. Login and select “Setting and More” in left menu
2. Select “Security” and “Disable Citi Mobile® Token / Enhanced Security Function”
3. Select “Security Device or Citi Mobile Token” and “Citi Mobile® App Security Management"
4. Check the box and select “Deactivate”
When your new device is available, you can re-register Enhanced Security Function again. 

Under below scenarios, your will be required to re-register Enhanced Security Function for security reason.
1. Changes in account login password 
2. Changes in app or device biometric authentication setting
3. Re-install app in same device
4. Login in app in new device
5. Login app again after deregistration

Deregistration is not recommended as it will reduce security protection in digital banking in both Citi Mobile® App and Citibank Online channels. Manual input SMS OTP is a less secure authentication method which exposes higher risk to SMS phishing attacks. 

Impacts to Citi Mobile® App:
1. After deregistration, you will receive a pop up on Enhanced Security Enrollment every time you login Citi Mobile® App , select the down arrow or tap the background to skip registration. You will not be able to turn OFF this registration prompt.
2. You will not be able perform high risk transactions in Citi Mobile® App unless you re-register and complete 6-hour Cooling-Off Period.
3. You will use SMS OTP and Citi Mobile® Token to perform authentication for all digital banking transactions or online purchases authorization.

Impacts to Citibank Online:
1. You will use SMS OTP and Citi Mobile® Token instead of QR code scanning to perform authentication. 

QR Authentication is a stronger authentication method available to those who have registered Enhanced Security Function in Citi Mobile® App. A QR will be shown in Citibank Online when authentication is required. Simply follow below steps to complete the authentication:
1. Launch the registered Citi Mobile® App in your trusted device
2. At pre-login page, select “QR Scan” then “Citi Scan and Pay/ QR Authentication”
3. Scan the QR code shown in Citi bank Online
4. Review your transaction shown on Citi Mobile® App
5. Complete transaction with your account password or biometric authentication

QR codes used in authentication are unique and refreshes every 30 seconds. Transaction could only be completed when correct QR code is being scanned within time limit and authenticated successfully with registered Citi Mobile® App.

It can also authenticate online transaction through Citi Mobile® App in overseas with device connected to network. No more worry on SMS delivery failure when you are abroad.

No. QR authentication completed with registered Citi Mobile® App and a dynamic QR code is the most secure authentication method.

It may take some time to adapt new authentication process, but it is definitely providing a safer online banking experience and better protect your asset from fraud risk. 

Enhanced Security Function registration is optional now. You can perform deregistration in Citibank Online following steps in FAQ #3 under section: Enhanced Security Function in Citi Mobile® App. Please read the impacts of deregistration before you proceed.

Below are some possible scenarios:

  • Scan the QR code with Citi Mobile® App post-login scanner 
  • Scan the QR code with a non-registered Citi Mobile® App
  • Scan a QR code at the time it refreshed or after the 30 second valid period

Please try to re-initiate the transaction and follow below steps to complete authentication. If you still cannot proceed authentication, please connect with us via Messaging Service in Citi Mobile® App.
1. Launch the registered Citi Mobile® App in your trusted device
2. Select “QR Scan” then “Citi Scan and Pay/ QR Authentication”
3. Scan the QR code shown in Citi bank Online
4. Review your transaction shown on Citi Mobile® App’s authentication page
5. Complete transaction with your app’s password or biometric authentication
6. Continue transaction in Citibank Online

This means you have selected “Cancel” in authentication screen in Citi Mobile® App. If you did not select “Cancel” but still unable to proceed, please connect with us via Messaging Service in Citi Mobile® App.

This means you are not using a registered Citi Mobile® App to scan the QR code. You may follow below steps to check your registered device details and retry authentication.
1. Login and select “Setting and More” in left menu
2. Select “Security” and “Disable Citi Mobile®  Token / Enhanced Security Function”
3. Select “Security Device or Citi Mobile Token”  and “Citi Mobile® App Security Management"
If you proceed Enhanced Security Function registration in an unregistered Citi Mobile® App, you will be subjected to 6-hour Cooling Off period with restriction to high risk transactions.

Apart from network connection issue, some authentication might be denied due to fraud monitoring done by Citibank to safeguard your account safety. If your authentication is successful in Citi Mobile® App but transaction is denied in Citibank Online, you may try switch off Virtual Private Network (VPN) and re-login to conduct the transaction again.

If authentication is still unsuccessful, please connect us via Messaging Service in Citi Mobile® App.

You will need to ensure Citi Mobile® App is installed in a trusted device with clear camera scanning capability. For device with camera blurry issue, you may first try to adjust the lightning and shorten the distance between device and QR code display screen. 

If you need to perform any transaction urgently, you may proceed with Citi Mobile® App or you may consider deregister Enhanced Security Function first such that transaction will be authenticated with SMS OTP and Citi Mobile® Token.

Please refer to FAQ 10 & 12 under section: Enhanced Security Function in Citi Mobile® App for impacts due to deregistration. 

You can re-register Enhanced Security Setting with your new device and conduct QR authentication in Citibank Online. Your Enhanced Security Setting in old device will immediately be deactivated for conducting QR Authentication.

If your new device is unavailable at the moment, you may first de-register Enhanced Security Setting from Citibank Online with the below steps:

Please refer to FAQ 10 & 12 under section: Enhanced Security Function in Citi Mobile® App for impacts due to deregistration. 

No, there will be no impact and no changes to your existing flow as Citi Mobile® Token or SMS one-time password (OTP) can still be used to authenticate the transactions in Citibank Online.

When you have registered Enhanced Security Function in Citi Mobile® App, online purchase ,authorized through 3D Secure platform, will be authenticate with Citi Mobile® App instead of SMS OTP. 

In view of the increasing SMS phishing attack, authenticate your transaction with registered Citi Mobile® App will be a safer authentication method due to below reasons:
1. Authenticate transactions with Citi Mobile® App in one trusted device only.
2. In-app authentication is safer than SMS OTP authentication.
3. You can review transaction details in your registered device before proceed or cancel transactions.

After you have registered Enhanced Security Function in Citi Mobile® App and turned on Push Notification setting, online purchase authorized via 3D Secure Platform will be authenticated with Citi Mobile® App. Simply follow below steps to complete authentication:
1. Launch the registered Citi Mobile® App in your trusted device
2. At pre-login page, select “QR Scan” then “Citi Scan and Pay/ QR Authentication”
3. Scan the QR code shown in Citi bank Online
4. Review your transaction shown on Citi Mobile® App
5. Complete transaction with your account password or biometric authentication

Only online purchase authorized with 3D Secure platform will be authentication via Citi Mobile® App.

Tap the Citi Mobile®  Token button on your Citi Mobile® App’s pre-login page, the authentication page will be shown afterwards. If you have more than 1 pending transactions, they will be displayed after you tap the button.

If you cannot authenticate successfully, you may also tap on the “Send SMS OTP” button to authenticate with SMS OTP.

Citibank HK

Citibank HK

Citi Live Chat is now available on Citi Mobile® App

Available on the App Store     Android App on Google play

Click here to learn more about Citi Mobile®

  • Citi Mobile® App makes banking more convenient
  • e-Statement Services Simple, Safe and Secure.