Your browser does not support JavaScript! Pls enable JavaScript and try again.

Account security with 
One-Time PIN (OTP)

What is the Citi One-Time PIN (OTP)

The Citi One-Time PIN (OTP) is a unique, randomly generated, single use six digit PIN which can be generated via the Citi Mobile® App, or sent as an SMS to your mobile phone. You'll need to enter this any time you want to perform certain online transactions or actions via Citi Online. The OTP provides a stronger, smarter method for authenticating your online transactions for your peace of mind.

How does the Citi OTP work?

When you need to perform an online transaction or action, you will be required to enter an OTP as a second level of authentication to confirm that the transaction is authorised by you. This OTP will be sent to your mobile phone via SMS. Alternatively, you can also generate an OTP via the Citi Mobile® App using the Citi Mobile® Token feature.
You will automatically be enrolled to receive OTP via SMS when you open an account with us. This is to ensure all customers are using stronger authentication to transact online.

 

Benefits of OTP

 

 

  • Smarter, more advanced security system to protect you and your money online
  • Provides a stronger method for authenticating your online transactions
  • Acts as an extra level of protection should your Card Number and PIN be compromised
  • It's totally free, secure and easy to use.

Receiving an OTP

 

 

You will get an OTP sent to your mobile phone automatically when you need to perform an online transaction or action.

Alternatively, you can also generate an OTP using the Citi Mobile® Token feature available in the Citi Mobile® App.

Updating your mobile number

 

 

You can update your mobile number via the Citi Mobile® App or Citi Online. To update to an overseas number, please update via Citi Online.

Visit our help guide for instructions.

Download the Citi Mobile® App today.

Download the Citi mobile app on the App storeDownload the Citi mobile app on the Google play store

Managing your accounts online using the SMS OTP

Log in to Citi Online using your User ID and Password. Then when you perform an online transaction, you will be sent an OTP via SMS to enter before proceeding.

An OTP will be required for any transaction that could potentially compromise your security or privacy as our customer.
Please note if you enter an incorrect OTP 3 times, your account will be locked and you will need to reset your password.

Receiving an OTP via the Citi Mobile® App

Make sure you have already set up the Citi Mobile® Token feature in the Citi Mobile® app to generate the OTP.

  1. Log in to the Citi Mobile® App.
  2. Tap the 'Profile and Settings' icon on the top left of your app home screen.
  3. Tap ‘Generate OTP’ under ‘App and Security Settings’.
  4. Enter your 4-digit Unlock Code (this is the code you nominated when setting up the Citi Mobile® Token).
  5. The One-Time PIN (OTP) will be generated and you can use it to proceed with your transaction.

You can also generate an OTP by selecting 'Citi Mobile® Token' from your log in screen.

Receiving an OTP overseas

There are several ways you can receive an OTP while overseas.

Receive an OTP via the Citi Mobile® App

When you are travelling overseas you may not be able to get an OTP sent to your phone. Instead, you can also get an OTP sent via the Citi Mobile® App without internet connection or network coverage.

To receive an OTP via the Citi Mobile® App you will need to activate the Citi Mobile® Token and set up your 4-digit passcode.

Make sure you have already set up the Citi Mobile® Token feature in the Citi Mobile® app to generate the OTP.

  • Log in to the Citi Mobile® App.
  • Tap the 'Profile and Settings' icon on the top left of your app home screen.
  • Tap ‘Generate OTP’ under ‘App and Security Settings’.
  • Enter your 4-digit Unlock Code (this is the code you nominated when setting up the Citi Mobile® Token).
  • The One-Time PIN (OTP) will be generated and you can use it to proceed with your transaction.

You can also generate an OTP by selecting 'Citi Mobile® Token' from your log in screen.

Receive an OTP via SMS

To receive an OTP to your mobile phone you will need to activate global roaming before travelling. The SMS OTP has been optimised for international delivery and is still delivered instantly.

Lost your phone?

If you lose or have your phone stolen and it is no longer accessible to you to receive or generate an OTP, please do one of the following:

If using the SMS OTP

If you want to stop your phone receiving an SMS OTP, please contact your network provider and put a block on your number until you have a replacement phone.

If you are worried about access to your Citi Online accounts, please call us on 13 24 84 or +61 2 8225 0615 if calling from overseas, and we can put a block on your Citi Online access (this block will apply to Citi Online access on all devices).

When you replace your phone, give us another call and we will unblock your Citi Online access.

If using Citi Mobile® Token:

If you have a replacement device available, simply download the Citi Mobile® App onto the device and activate the Citi Mobile® Token.

Once you have activated the Citi Mobile® Token on a new device, the Citi Mobile® Token on the previous (lost) device will automatically be deactivated as you can only activate the Citi Mobile® Token on one device.

If you do not have a replacement device available, you should disable your Citi Mobile® Token using your Citi Online account:

  • Sign on to Citi Online
  • Select ‘Services’ from the top navigation
  • Select ‘My Profile’
  • Click ’My Profile’ from the navigation on the left
  • Click 'Deactivate Citi Mobile® Token' and follow the prompts

Common reasons you may not be able to receive an OTP on your mobile phone

Travelling overseas
To receive an SMS OTP when you’re overseas, make sure you have roaming turned on and you are in an area with good reception or network coverage.

Reception or network availability
Make sure your mobile phone has reception or network coverage to ensure your OTP can be delivered to your mobile phone.

Changes to mobile network provider
If you’ve recently moved your phone number to a different network, this may affect OTP delivery for a few days.

Mobile phone device issues
Sometimes you may not get an OTP because of an issue with your mobile device. Try restarting your phone or putting your SIM card in another phone to get the OTP. If you’re still unable to receive an OTP to your mobile phone, you can call us on 13 24 84 (or +61 2 8225 0615 if calling from overseas).
 

Received an OTP when you weren’t expecting it?

There might be a few reasons why you receive an OTP unexpectedly. You can see the examples of OTP messages you might receive and what they mean below.

 

OTP message What it means
Beware of scams and do not share this code with anyone, even us. The code required to complete your transaction with [name of financial institution] for [AUD xxxx] is [xxxxxx]. Please call us promptly if you did not initiate this transaction. You may receive this if you recently made a 3D secure purchase online (3D purchases are purchases where you are asked to provide proof of identity by entering a unique password, an SMS code or a temporary PIN to complete the transaction).
If you are concerned about fraudulent activity on your account, please get in touch with us on 1300 550 216.
Beware of scams and do not share this code with anyone, even us. [xxxxxxx] is your One-Time PIN for Citi Online. Please call us if you did not request this.  This OTP is usually sent when you are trying to sign on to Citi Online. If you haven’t tried to log in to Citi Online, it could be that your accounting software is attempting to sign on to Citi Online on your behalf. If you believe that’s not the case, there is a chance your user ID or password have been compromised and you should get in touch with us promptly on 1300 550 216.

Related

Reset your User ID or Password

Reset your log in details using the Citi Mobile® App or Citi Online.

View guide >

Fraud and Scams

Learn to recognise and report potential scams and fraud.

View guide >