Your browser does not support JavaScript! Pls enable JavaScript and try again.

Account security with 
One-Time PIN (OTP)

What is the Citi One-Time PIN (OTP)

The Citi One-Time PIN (OTP) is a unique, randomly generated, single use six digit PIN you will be required to enter when you want to perform certain online transactions or actions via Citi Online. It provides a second level of authentication to confirm that the transaction or action is authorised by you.

Never share this OTP with anyone, even with us.

How does the Citi OTP work?

When you need to perform certain online transactions or actions, you will be prompted to enter an OTP. This OTP can be generated via either:

  • 1) the Citi Mobile® App using the Citi Mobile® Token, or
  • 2) sent as an SMS to your mobile phone. You will automatically be enrolled to receive OTP via SMS when you open an account with us.

 

 

Download the Citi Mobile® App today.

Download the Citi mobile app on the App storeDownload the Citi mobile app on the Google play store

When traveling overseas or going off the grid you may not be able to receive the SMS OTP, due limited network coverage or the SMS being blocked by the country you are in. Set up your Citi Mobile® Token so you can generate a One-Time PIN (OTP) through your app, whenever, wherever.

Set up your Citi Mobile® Token (one time)

Make sure you have the latest version of the Citi Mobile® App installed before following these steps.

  1. Log into the Citi Mobile® App
  2. Tap the 'Profile and Settings' icon on the top left of your app home screen
  3. Select 'Citi Mobile® Token' under 'App and security settings'
  4. Select 'Citi Mobile® Token'
  5. Tap 'Create Unlock Code'
  6. Create your 4-digit Unlock Code. Re-enter it to confirm.

Note, Citi Mobile® Token can only be enabled on one mobile device.

Generating an OTP

No need to log in, simply:

  1. Open your Citi Mobile® App and tap on 'Citi Mobile® Token’
  2. Enter your 4-digit Unlock Code (this is the code you nominated when setting up the Citi Mobile® Token)
  3. The One-Time PIN (OTP) will be generated, and you can use it to proceed with your transaction

Or, when you've logged in already:

  1. Tap the 'Profile and Settings' icon on the top left of your app home screen
  2. Tap 'Generate OTP' under 'App and Security Settings'
  3. Enter your 4-digit Unlock Code (this is the code you nominated when setting up the Citi Mobile® Token)
  4. The One-Time PIN (OTP) will be generated, and you can use it to proceed with your transaction

Lost your phone?

If you lose or have your phone stolen and it is no longer accessible to you to receive or generate an OTP, please do one of the following:

If using the SMS OTP

If you want to stop your phone receiving an SMS OTP, please contact your network provider and put a block on your number until you have a replacement phone.

If you are worried about access to your Citi Online accounts, please call us on 13 24 84 or +61 2 8225 0615 if calling from overseas, and we can put a block on your Citi Online access (this block will apply to Citi Online access on all devices).

When you replace your phone, give us another call and we will unblock your Citi Online access.

If using Citi Mobile® Token:

If you have a replacement device available, simply download the Citi Mobile® App onto the device and activate the Citi Mobile® Token.

Once you have activated the Citi Mobile® Token on a new device, the Citi Mobile® Token on the previous (lost) device will automatically be deactivated as you can only activate the Citi Mobile® Token on one device.

If you do not have a replacement device available, you should disable your Citi Mobile® Token using your Citi Online account:

  • Sign on to Citi Online
  • Select ‘Services’ from the top navigation
  • Select ‘My Profile’
  • Click ’My Profile’ from the navigation on the left
  • Click 'Deactivate Citi Mobile® Token' and follow the prompts

Common reasons you may not receive your OTP by SMS

If you’re waiting for a One-Time PIN (OTP) by text and it hasn’t arrived, there are a few reasons to explain why. Your OTP is an extra layer of security to help keep your account safe but things like travelling overseas, network issues or phone settings can get in the way.

Here are the top five things to check, plus tips to help make sure you can still receive your OTP, to securely access your account.

1. Country restrictions when you travel

Some countries block international text messages, like OTPs, to help protect people from scams and fraud. In some cases, mobile providers may change the sender's name (e.g. “Citi AU”) to help the message get through, but other times, they’ll simply block the text entirely. Worth noting: International mobile operators and regulators often change how they treat these types of messages, so, if possible, test in advance.

Tip: Heading overseas? Set up your Citi Mobile® Token before you go. You’ll then be able to generate an OTP directly through the app – no SMS required, no matter where you are. Learn how to set up your Citi Mobile® Token.

2. Limited network coverage

To receive your OTP via SMS, your phone needs a mobile signal or coverage. If you're in an area with poor reception, your OTP may be delayed or not arrive at all.

Tip: Set up your Citi Mobile® Token before going off the grid. Even with no mobile signal or limited coverage, you can still generate your OTP through the app.

3. Recent changes to your mobile provider

If you’ve switched your phone number to a new mobile network recently, this may affect delivery of your messages for a few days.

Tip: Before you change your provider, set up your Citi Mobile® Token, so you can still get your OTP without waiting for an SMS to be delivered.

4. Settings on your phone

Some easy-to-miss phone settings could be stopping your OTP coming through. This is especially common when travelling but can happen at home too. Things like leaving aeroplane mode on, or not having global roaming set up, can block OTPs.

For Android users, it’s also important to check default messaging setup. If SMS isn’t active as your default messaging app, messages like your OTP may not arrive.

Tips:

  • If you’re travelling by plane, make sure Aeroplane Mode (also known as Flight Mode) is turned off when you land.
  • You might want to switch on Global Roaming (also known as International Roaming or Data Roaming) so your phone can receive messages overseas – depending on your mobile provider and plan.
  • If you use an Android device, check that SMS is set as your default text messaging app. Go to ‘Settings’, tap ‘Apps’, select ‘Choose default apps’, select ‘SMS app’ for text messages.

 

5. Problems with your device

In some cases, your device itself could be the problem. This may happen if your device is low on memory, the SIM card isn’t working properly, or the phone simply needs a quick restart to refresh its connection.

Tips:

  • Try restarting your phone
  • Remove and reinsert your SIM card
  • Try putting your SIM card into another compatible phone

 

Still having trouble? Give us a call on 13 24 84 (or +61 2 8225 0615 if calling from overseas) and we’ll help you troubleshoot.

There are 2 reasons why we will send you an OTP. You can see these 2 reasons below. Received an OTP when you weren’t expecting it? Please call us immediately on 1300 550 216.

Why we will send you an OTP SMS:

You may receive an OTP SMS if you made a 3D secure purchase online (3D Secure purchases are purchases where you are asked for additional authentication by entering a unique password, an SMS code or a temporary PIN to complete the transaction). If you are concerned about fraudulent activity on your account, please get in touch with us on 1300 550 216.

We also may send you an OTP when you are trying to sign on to Citi Online. If you haven’t tried to log in to Citi Online, it could be that your accounting software is attempting to sign on to Citi Online on your behalf. If you believe that’s not the case, there is a chance your user ID or password have been compromised and you should get in touch with us promptly on 1300 550 216.

Related

Reset your User ID or Password

Reset your log in details using the Citi Mobile® App or Citi Online.

View guide >

Fraud and Scams

Learn to recognise and report potential scams and fraud.

View guide >