Account security with
One-Time PIN solution

The Citi OTP is a randomly generated six digit password, which makes it a stronger method for authenticating your online transactions. Each time you perform online transactions through Citi Online you'll be required to enter a Citi OTP. The Citi OTP is sent via SMS to your mobile phone. You will only be required to enter one OTP per session.

When you need to perform an online transaction or online query, you will be required to enter an OTP as a second level of authentication to confirm that the transaction is authorised by you. This OTP will be delivered to you via SMS. You will only need one OTP per session. 

You only need to enter one OTP per online session. Once you have entered your OTP you can perform as many transactions as you like within that session. If you're adding a new payee you'll still need to activate this payee using the Online Authorisation Code (OAC) which will be sent via SMS. The OAC functions separately to the OTP.

Online transactions that require an OTP are those that could potentially compromise your security or privacy. These transactions include:

The Citi OTP serves as a second level of authentication when you perform protected transactions at Citi Online. If your card number and PIN are compromised for any reason, the intruder will also need to have your mobile phone to access protected transactions via your account online. This is an additional security measure to protect you so you can enjoy total peace of mind when you manage your accounts online with us.

You will need your mobile phone to manage your account online. A new OTP mobile app feature will provide smartphone users (iPhone and Android) with an alternative to the SMS OTP option. This feature locks your device to your account and removes the need to enter an OTP when managing your accounts through the mobile app. It also allows you to generate an offline OTP for use when managing your accounts on Citi Online. Network coverage or internet connection are not required to generate an offline OTP. A hard token OTP generator will also be available.

No, this enhanced security feature is free to all customers. If you are travelling overseas contact your network provider as the SMS may incur an additional cost. Alternatively, you can download the OTP mobile app before travelling. It allows you to generate an offline OTP for use when managing your accounts on Citi Online. Network coverage or internet connection are not required.

If you don't receive your OTP you can request the OTP to be resent to you through the OTP screen on Citi Online. If you still don't receive your OTP, check that we have your current mobile phone number or phone us on 13 24 84.

The OTP will be sent to your mobile phone instantly. The receipt of the OTP will depend on your network coverage. Poor network coverage may cause some delays.

The Citi OTP is valid for five minutes. If the OTP expires, you will need to generate a new OTP. You can do this through the OTP screen on Citi Online. Please note that if you enter an OTP incorrectly three times you will be locked out of your session and your online user ID will be locked.

If you enter your OTP incorrectly three times, your online access will be blocked and your online user ID will be locked. If this happens and you receive the OTP via SMS you will need to reset your Citi Online password - have your card number, account number and PIN handy. If the OTP is generated from the mobile app, call us on 13 24 84. to unlock.

You'll sign on to Citi Online the same way, using your User ID and Password. You'll no longer need to enter your security question and you'll be taken directly to your account summary page. You'll be prompted to enter an OTP when you perform online transactions.

Yes, the Citi OTP can be sent to all international mobile numbers that have the ability to receive an SMS. If you experience any issues receiving the OTP to your international mobile number please contact us on +61 2 8225 0615.

Make sure you update your overseas mobile phone number via Citi Online or the Citi Mobile^® App and include the country code (without the + sign) and your mobile number. You can start to generate OTP using this number within three working days.

Note: Customers using a US SIM and mobile number may experience some delays in receiving the SMS OTP. Please contact us on +61 2 8225 0615 if you experience any issues.

Yes, you'll need to activate international roaming on your mobile phone before you travel overseas. If you have an iPhone or Android smartphone you will also be able to use the OTP feature in the Citi Mobile^® App where you can generate an offline OTP for use when managing your accounts on Citi Online. This feature is free to use internationally as no network coverage or internet connection is required to generate an offline OTP.

No, an OTP will not get forwarded. This would compromise your online security. Please ensure you contact details are updated via the Citi Mobile^® App or Citi Online. Visit our help guide for instructions.

The OTP system is mandatory. This is to ensure all customers are using stronger authentication to transact online.

You can start to receive the Citi OTP immediately once you have successfully updated your mobile number.

No, you can only register one mobile phone number and the Citi OTP will always be sent to the mobile phone number you have provided us with. You can update your contact details via the Citi Mobile^® App or Citi Online. Visit our help guide for instructions.

Yes. When you manage your accounts using your mobile device’s browser, you will be required to enter an OTP to access protected functions. Mobile OTP feature will also provide iPhone and Android smartphone users with an alternative to the SMS OTP option. This feature locks your device to your account and removes the need to enter an OTP when managing your accounts through the mobile app. It also allows you to generate an offline OTP for use when managing your accounts on Citi Online. No network coverage or internet connection is required to generate an offline OTP.

This feature will provide iPhone and Android smartphone users with an alternative to the SMS OTP option. It also locks your device to your account and removes the need to enter an OTP when managing your accounts through the mobile app using your smartphone. It also allows you to generate an offline OTP for use when managing your accounts on Citi Online. This feature is free to use internationally as no network coverage or internet connection is required to generate an offline OTP.

An OTP is a six-digit pin you will need to enter when transacting in Citi Online. An OTP will be sent instantly via SMS or can be generated through the Citi Mobile^® App. An OTP expires after 8 minutes. You are only required to enter one OTP per session.

An Online Authorisation Code (OAC) is a code you need to obtain and enter, to set up and activate a new Payee for the first time in Citi Online. The OAC is completely separate from an OTP and is sent to you via email, mail and SMS, or can be obtained through the Customer Service Centre. An OAC expires only after 15 days.

No. Please note, the OTP used in Customer Service Centre is different to a Citi Online OTP, and cannot be generated using your Citi Mobile App.

A hard token is a key ring sized plastic token which can be used to generate an OTP. The token includes a small keypad, OTP button and a screen which will display the six digit OTP.

No, the hard token does not support account management through the mobile or tablet app. If using the hard token to generate an OTP, you will only be able to access Citi Online through a browser on your PC or tablet.

To generate an OTP using the hard token, simply press the green OTP button in the bottom right corner of the token.

An OTP will display in the screen which you can then enter into the field provided in Citi Online.

Hard tokens will typically take between five to seven working days to be delivered.

No. Each hard token will arrive already activated and you can start using it as soon as you receive it.

If you lose your hard token, please report it to us immediately on 13 24 84 As your hard token is linked only to your account, the lost token will be cancelled and a new token issued.

No. Hard tokens work totally independent of any network or internet connection and an OTP can be generated at any time.

No. Each hard token is assigned to only one account. Please ensure your token is kept in a secure place and is not shared with anyone else.

No. The damaged hard token will be remotely cancelled by us.

No. A customer will only be issued one hard token.

Please ensure your token is kept in a secure place and is not shared with anyone else. Avoid storing your token with other sensitive information such as account details, PIN numbers or Citi Online Passwords.

Hard tokens will be delivered to the address we have on file for you by mail, within five to seven working days of a request. Please make sure your contact details, including your address are correct. You can update your contact details via the Citi Mobile^® App or Citi Online. Visit our help guide for instructions.

Hard token batteries should last for over five years. Hard token batteries cannot be replaced, and in the case where your hard token battery has been exhausted, please contact us on 13 24 84. to request a replacement hard token.