Citi Mobile® Token

Citi Mobile® Token
Your mobile phone is now your Security Device

Citi Mobile® Token Your mobile phone is now your Security Device

<IMPORTANT NOTICE> Citi Mobile Token authentication service will be discontinued by 2024 second quarter
To further enhance digital banking’s safety, you will make more secure authentication with Citi Mobile® App Enhanced Security Function. Tap here to learn more.


At Citibank, we are committed to making Citibank Online a secure banking environment for you. Additional authentication is required for designated online transactions where a higher level of security is needed.
A built-in security token, Citi Mobile® Token, replacing other methods like physical Security Device or One-Time Password (OTP) via SMS, lets you generate an OTP for authenticating designated transactions via Citi Mobile® App anytime, anywhere.

Secure

Secure

Protected by a 6-digit Unlock Code chosen by you, and restricted to one mobile device of your choice.

Instant

Instant

Direct generation of an OTP, without the need to wait for a SMS anymore.

Convenient

Convenient

Generate an OTP anytime without a physical Security Device or network connection.

Examples of transactions requiring OTP

  • Payments & Transfers
  • Enroll/View e-Statement
  • Stock Trading
How To Activate

Enable Citi Mobile® Token in just a few steps

  • Log on to the Citi Mobile App
  • Tap > Manage Citi Mobile Token after logging in
  • Read the details and tap "Create Unlock Code"
  • Enter the One-time Password (OTP) from the SMS
  • Create your unique 6-digit Unlock Code
  • Re-enter your Unlock Code to confirm
  • Citi Mobile Token is enabled. You can generate an OTP via the app anytime


Physical Security Device

Please note that we no longer accept any new request or replacement request for customers holding physical security device. We recommend customers to download Citi Mobile® App and enable Citi Mobile® Token to enjoy a more convenient experience.

To activate your physical security device, please log on to Citibank Online, select "My Profile" > "Security Device Activation" .

How OTP works

When you access transactions at Citibank Online that require a One-Time Password (OTP), you can select one of the below methods to generate an OTP. Then simply enter the OTP you have generated and click "Continue".

Citi Mobile® Token : Simply open the Citi Mobile® App and follow below steps

  • Tap on “Citi Mobile® Token” on the login screen of the Citi Mobile® App
  • Enter your 6-digit Citi Mobile® Token Unlock Code.
  • OTP is displayed. Enter this OPT to where requested to complete your transaction / instruction.

Physical Security Device : Press the green button on the device

Transaction Signing

Transaction Signing is a more sophisticated authentication process for designated online transactions (e.g. add new payees) that require stronger protection. During the process, you will enter a Challenge Code, which will be displayed on Citibank Online when you perform the transaction, into the device to generate a Transaction Authorization Code (TAC) to authorize the transaction.

You can generate the TAC via the following methods:

Citi Mobile® Token : Simply open the Citi Mobile® App and follow few simple steps


Physical Security Device : Click here to view the steps

FAQs

One-Time Password (OTP)

Second-level authentication is required for certain online transactions. You will be asked to input OTP when performing these transactions. The OTP can be generated by the Citi Mobile® Token or a Security Device, OR can be received from your registered mobile number via SMS.

Transaction Signing is a more sophisticated authentication process for designated online transactions that require stronger protection. You will need to perform transaction signing using the Citi Mobile® Token or a Security Device in order to add a new payee (local payee or overseas payee).

This is for your added security protection. The One-Time Password and Transaction Signing serve as additional information on top of Card Number and PIN for authentication.

Your Citibank Online User ID and Password remains unchanged. You do not need a One-Time Password to login to Citibank Online.

One-Time Password applies to both session level (require once per logon session) and transaction level (require for certain transaction in the same logon session). Online transactions that require a One-Time Password are those that require a higher level of security. Examples of transactions requiring second-level authentication:

  • • Payments and transfers
  • • Enroll/view e-Statements

No, you only need to perform transaction signing for Adding a New Payee (Local Payee or Overseas Payee).

You will need to perform transaction signing using a Citi Mobile® Token or Security Device in order to add a new payee (local payee or overseas payee). During the process of transaction signing, you will enter a Challenge Code, which will be displayed on Citibank Online when you perform the transaction, into the Citi Mobile® Token or the Security Device to generate a Transaction Authorization Code (TAC) to authorize the transaction.
Credit card only clients will have the option to add a new Merchant payee using the authentication process of Online Authorization Code (OAC) sent to your registered mobile number via SMS. Hence it is not necessary to request for a Security Device.

Citi Mobile® Token

Citi Mobile® Token is a new feature within the Citi Mobile® App to generate a unique, One-Time Password (OTP) in order to authenticate online and mobile transactions. It is an alternative to other authentication methods such as a physical Security Device, or OTP via SMS, yet is more secure, instant and convenient. The Citi Mobile® Token can only be activated with the Citi Mobile® App on ONE mobile device at a time which provides you with an additional level of security.

The benefits of the Citi Mobile® Token are:
Secure - Protected by a 6-digit Unlock Code chosen by you, and restricted to one mobile device of your choice.
Instant - Direct generation of OTP, without the need to wait for an SMS anymore.
Convenient - Generate an OTP anytime without a physical Security Device or network connection.

For designated online/ mobile transactions which require additional authentication for a higher level of security, you can use the Citi Mobile® Token to generate OTP/ Transaction Authorization Code (TAC) to perform the authentication. Examples of transactions requiring OTP: Payment & Transfers, Enroll/ View eStatement or eAdvice, Stock Trading, Email Address Update. Examples of transaction requiring TAC: Add a New Payee.

No, Citi Mobile® Token is a feature within Citi Mobile® App. Thus, you will not be able to use the Citi Mobile® Token without the Citi Mobile® App.
Currently Citi Mobile App is available in the following 16 markets: Hong Kong, China, India, Indonesia, Japan, Korea, Malaysia, Philippines, Singapore, Thailand, Taiwan, Vietnam, Australia, United Arab Emirates, United Kingdom and USA. You can get our app in Apple App store or Google Play store in these markets by searching “Citibank HK”. If you are not able to download Citi Mobile App from the Apple App store or Google Play store , please call CitiPhone Hotline +852 2860 0333.

Yes, Citi Mobile® Token does not require any internet connection to generate an OTP.

You can simply follow a few simple steps to activate Citi Mobile® Token

You can simply enter your 6-digit Citi Mobile Token Unlock Code to authenticate transactions at Citi Mobile App.

The steps are similar to generating a TAC with the physical Security Device. You can simply log in the Citi Mobile® App and follow a few simple steps to generate a TAC with the Citi Mobile® Token.

Your unique 6-digit Citi Mobile® Token Unlock Code ensures that only you have access to the Citi Mobile® Token activated device and can generate an OTP and / or TAC. For security reasons and to protect your interests, you should not share your Unlock Code with anyone. You can change your Unlock Code in the Settings of Citi Mobile® App when necessary.

You can reset the Unlock Code by signing on the Citi Mobile® App and entering an OTP SMS sent to your registered mobile phone number. Simply follow the “Forgot Unlock Code” on the Citi Mobile® Token page to reset it.

Your OTP authentication may be unsuccessful because you have entered an incorrect Citi Mobile® Token Unlock Code. Please try again with a correct Unlock Code. If you have entered an incorrect Unlock Code for more than a number of times in a row, you will no longer be able to log in to your Citibank Online and the Citi Mobile® App for security reasons. Please call CitiPhone at (852) 2860 0333 to release your account.

For security reasons, your Citi Mobile® Token can only be activated on ONE mobile device at a time. If you would like to change the mobile device on which your Citi Mobile® Token is activated, simply complete the activation process on the mobile device you would like to change to. Once the activation is completed, the Citi Mobile® Token on the previous device will be automatically deactivated immediately.

For security reasons, your Citi Mobile® Token can only be activated on ONE mobile device at a time. We strongly recommend you register the Citi Mobile® Token on your personal device that you commonly use.

There are 3 ways to deactivate your Citi Mobile® Token:
1. Log in to your Citibank Online and go to Services → My Profile → Deactivate Citi Mobile® Token
2. Enable the Citi Mobile® Token on another mobile device. The Citi Mobile® Token on the previous mobile device will automatically be deactivated instantly.
3. Call CitiPhone at (852) 2860 0333 to deactivate your Citi Mobile® Token.

Simply activate the Citi Mobile® Token on your new mobile device; the Citi Mobile® Token will be automatically deactivated on the previous device.

You should deactivate the Citi Mobile® Token immediately by the methods mentioned in Q22.

For the time being, you can still use your physical Security Device or get an OTP via SMS. However, Citi Mobile® Token offers you a more secure, instant and convenient way to authenticate online and mobile transactions. Generating an OTP with the physical Security Device will no longer be available after December 31, 2017.

Once you have activated the Citi Mobile® Token, it becomes your primary mode of authentication for all transactions made through the Citi Mobile® App. Simply input your 6-digit Citi Mobile Token Passcode and your transaction will be automatically authenticated.

Physical Security Device

Your physical security device is a personalized device. when a higher level of security is required, you can generate a 6-digit One-Time Password that works with your account only or complete a Transaction Signing with the physical security device to enhance online banking security.

Please activate your physical security device at Citibank Online before use. Logon to Citibank Online, select "My Profile" > "Security Device Activation"

No. The physical security device is free of charge.

If you lose your physical security device, please call CitiPhone Banking (852) 2860 0333.

If physical security device is damaged, we recommend you to download Citi Mobile® App and enable Citi Mobile® Token to enjoy a more convenient experience.

The physical security device sent to you has been assigned to your profile, and you will have to activate it in Citibank Online before use. This will prevent others from using your physical security device during delivery.

DOs DON'Ts
Keep your physical security device in a safe and secured place at all times. Allow anyone to use or obtain your physical security device.
Store your physical security device in a dry and cool environment, away from water or extremely high temperatures. Leave your physical security device unattended or exposed with the One-Time Password displayed on the screen.
Personalize your physical security device so that it is recognizable by you. Reveal your physical security device serial number or One-Time Password to anyone.
If you lose your physical security device, please call CitiPhone Banking (852) 2860 0333.
If physical security device is damaged, we recommend you to download Citi Mobile® App and enable Citi Mobile® Token to enjoy a more convenient experience.
Drop your physical security device from great heights, step on it, or attempt to dismantle it.
Inform us when the message "BATT" appears on your physical security device. This indicates that the battery is running low. Label your physical security device with your name, passport number or any other information that may identify you as the owner of the Security Device.

One-Time Password (OTP) SMS

Yes, the One-Time Password (OTP) SMS can be sent to both Hong Kong and overseas mobile phone numbers.

Please click here to download an application form to update your mobile number. After successful update, the OTP will be sent to the new mobile phone number.

Citibank HK

Download Citi Mobile® App and enable Citi Mobile® Token today.

Available on the App Store     Android App on Google play

Click here to learn more about Citi Mobile®

  • Citi Mobile® App makes banking more convenient
  • e-Statement Services Simple, Safe and Secure.