We're pleased to advise that on 1 June 2022, National Australia Bank Limited (NAB) acquired the consumer banking business from Citigroup Pty Ltd (Citi) and appointed Citi to provide transitional services. "Citi", "Citibank", "Citigroup", the Arc design and all similar trade marks and derivations thereof are used temporarily under licence by NAB from Citigroup Inc. and related group entities.
Log into Citi Online using your User ID and Password. Then when you perform an online transaction, you will be sent an OTP via SMS to enter before proceeding.
You will only be required to enter one One-Time PIN per session.
There are several ways you can receive an OTP overseas.
Through the Citi Mobile® Token
Generate your One-Time PIN via the Citi Mobile® App without your mobile phone requiring an internet connection or network coverage, providing convenient account management especially when traveling abroad.
Simply download the Citi Mobile® App on your mobile device, activate* the Citi Mobile® Token and set up your 4-digit passcode.
*You will only need to receive one SMS 'One-Time PIN' to complete the initial registration process.
Receiving the SMS OTP
If you don't have an iPhone or Android device, you will need to activate global roaming on your mobile phone before travelling, to be able to receive the SMS OTP.
The SMS OTP has been optimised for international delivery and is still delivered instantly.
If you lose or have your phone stolen and it is no longer accessible to you to receive or generate an OTP, please do one of the following:
If using the SMS OTP Solution:
If you want to stop your phone receiving an SMS OTP, please contact your network provider and put a block on your number until you have a replacement phone.
If you are worried about access to your Citi Online accounts, please call Customer Service Centre on 13 24 8413 24 84 (+61 2 8225 0615+61 2 8225 0615 if calling from overseas) and they can put a block on your Citi Online access (this block will apply to Citi Online access on all devices).
When you replace your phone, give Customer Service Centre another call and we will unblock your Citi Online access.
If using Citi Mobile® Token:
If you have a replacement device available, simply download the Citi Mobile® App onto the device and activate the Citi Mobile® Token.
Once you have activated the Citi Mobile® Token on a new device, the Citi Mobile® Token on the previous (lost) device will automatically be deactivated as you can only activate the Citi Mobile® Token on one device.
If you do not have a replacement device available, you should disable your Citi Mobile® Token. Login to your Citi Online account and follow these steps: Services → My Profile → Deactivate Citi Mobile® Token.
Alternatively, call Customer Service Centre on 13 24 8413 24 84 or +61 2 8225 0615+61 2 8225 0615 (if you are calling from overseas) to deactivate your Citi Mobile® Token.
Download the Citi Mobile® App today.
Benefits of OTP
Smarter, more advanced security system to protect you and your money online
Provides a stronger method for authenticating your online transactions
Acts as an extra level of protection should your Card Number and PIN be compromised
It's totally free, secure and easy to use.
How does OTP work?
When you need to perform an online transaction or online query you will be required to enter an OTP as a second level of authentication to confirm that the transaction is authorised by you.
This OTP will be delivered to you via SMS, or can be generated through the Citi Mobile app. You will only need one OTP per session.
Updating your mobile number
To update your mobile number, simply sign on Citi Online and select Services > My Profile > Personal Information > View / update details
Alternatively, call us on 13 24 84 (or +61 2 8225 0615 if calling from overseas) and we'll update it for you.
Frequently Asked Questions
What is the Citi OTP?
The Citi OTP is a randomly generated six digit password, which makes it a stronger method for authenticating your online transactions. Each time you perform online transactions through Citi Online you'll be required to enter a Citi OTP. The Citi OTP is sent via SMS to your mobile phone. You will only be required to enter one OTP per session.
How does the Citi OTP work?
When you need to perform an online transaction or online query, you will be required to enter an OTP as a second level of authentication to confirm that the transaction is authorised by you. This OTP will be delivered to you via SMS. You will only need one OTP per session.
Do I have to enter a Citi OTP for every transaction or every session?
You only need to enter one OTP per online session. Once you have entered your OTP you can perform as many transactions as you like within that session. If you're adding a new payee you'll still need to activate this payee using the Online Authorisation Code (OAC) which will be sent via SMS. The OAC functions separately to the OTP.
What transactions will I need an OTP for?
Online transactions that require an OTP are those that could potentially compromise your security or privacy as a customer of Citi. These transactions include:
Transferring and payments
Viewing My offers
Performing a transfer into or out of the COS (Citibank Online Saver) account
Updating contact details (mobile and address)
Changing user ID
Changing ATM PIN
Changing Nominated Link Account
Closing Nominated Link Account
Why is there a need for the Citi OTP?
The Citi OTP serves as a second-level of authentication when you perform protected transactions at Citi Online. If your card number and PIN are compromised for any reason, the intruder will also need to have your mobile phone to access protected transactions via your account online. This is an additional security measure to protect you so you can enjoy total peace of mind when you manage your accounts online with us.
Can I still manage my account online if I don't have access to my mobile phone?
You will need your mobile phone to manage your account online. A new OTP mobile app feature will provide smartphone users (iPhone and Android) with an alternative to the SMS OTP option. This feature locks your device to your account and removes the need to enter an OTP when managing your accounts through the mobile app. It also allows you to generate an offline OTP for use when managing your accounts on Citi Online. Network coverage or internet connection are not required to generate an offline OTP. A hard token OTP generator will also be available.
Do I have to pay for the Citi OTP?
No, this enhanced security feature is free to all customers. If you are travelling overseas contact your network provider as the SMS may incur an additional cost. Alternatively, you can download the OTP mobile app before travelling. It allows you to generate an offline OTP for use when managing your accounts on Citi Online. Network coverage or internet connection are not required.
What if I don't receive an OTP?
If you don't receive your OTP you can request the OTP to be resent to you through the OTP screen on Citi Online. If you still don't receive your OTP, check that we have your current mobile phone number or phone us on 13 24 8413 24 84.
How long does it take to receive an OTP to my mobile phone?
The OTP will be sent to your mobile phone instantly. The receipt of the OTP will depend on your network coverage. Poor network coverage may cause some delays.
How long is the Citi OTP valid for?
The Citi OTP is valid for five minutes. If the OTP expires, you will need to generate a new OTP. You can do this through the OTP screen on Citi Online. Please note that if you enter an OTP incorrectly three times you will be locked out of your session and your online user ID will be locked.
What happens if I enter an incorrect OTP?
If you enter your OTP incorrectly three times, your online access will be blocked and your online user ID will be locked. If this happens and you receive the OTP via SMS you will need to reset your Citi Online password - have your card number, account number and PIN handy. If the OTP is generated from the mobile app, call us on 13 24 84.13 24 84. to unlock.
Will the sign on process to Citi Online change? Will I need the Citi OTP to sign on to Citi Online?
You'll sign on to Citi Online the same way, using your User ID and Password. You'll no longer need to enter your security question and you'll be taken directly to your account summary page. You'll be prompted to enter an OTP when you perform online transactions.
Can I receive the Citi OTP to an overseas mobile number?
Yes, the Citi OTP can be sent to all international mobile numbers that have the ability to receive an SMS. If you experience any issues receiving the OTP to your international mobile number please contact us on +61 2 8225 0615+61 2 8225 0615.
Make sure you update your overseas mobile phone number on Citi Online and include the country code (without the + sign) and your mobile number. You can start to generate OTP using this number within three working days.
Note: Customers using a US SIM and mobile number may experience some delays in receiving the SMS OTP. Please contact Customer Service Centre on +61 2 8225 0615+61 2 8225 0615 if you experience any issues.
What format does an international mobile numbers need to be in to receive the OTP?
Below are valid mobile international number formats:
NOTE: For Singapore phone numbers, or countries that have numbers with more than 8 digits, customers will need to call Customer Service Centre to update their mobile number. Updating your mobile number on CBOL will not work.
Can I receive an OTP when I'm travelling overseas?
Yes, you'll need to activate international roaming on your mobile phone before you travel overseas. If you have an iPhone or Android smartphone you will also be able to use the OTP feature in the Citi Mobile App where you can generate an offline OTP for use when managing your accounts on Citi Online. This feature is free to use internationally as no network coverage or internet connection is required to generate an offline OTP.
Can I receive a Citi OTP if I have call forwarding activated for my mobile phone?
No, an OTP will not get forwarded. This would compromise your online security. Please ensure you contact details are updated through Citi Online.
Do I have to enrol for Citi OTP?
The OTP system is mandatory.This is to ensure all customers are using stronger authentication to transact online.
I have recently updated my mobile phone number. When can I start receiving The Citi OTP?
You can start to receive the Citi OTP immediately once you have successfully updated your mobile number.
Can I register a second mobile phone number?
No, you can only register one mobile phone number and the Citi OTP will always be sent to the mobile phone number you have provided us with. To update your contact details, simply sign on Citi Online and select Services -> My Profile -> Personal Information -> View / update details
Will I need to enter the Citi OTP when managing my account through the Citi Mobile® App?
Yes. When you manage your accounts using your mobile device’s browser, you will be required to enter an OTP to access protected functions. Mobile OTP feature will also provide iPhone and Android smartphone users with an alternative to the SMS OTP option. This feature locks your device to your account and removes the need to enter an OTP when managing your accounts through the mobile app. It also allows you to generate an offline OTP for use when managing your accounts on Citi Online. No network coverage or internet connection is required to generate an offline OTP.
What is the OTP mobile app feature?
This feature will provide iPhone and Android smartphone users with an alternative to the SMS OTP option. It also locks your device to your account and removes the need to enter an OTP when managing your accounts through the mobile app using your smartphone. It also allows you to generate an offline OTP for use when managing your accounts on Citi Online. This feature is free to use internationally as no network coverage or internet connection is required to generate an offline OTP.
What is the difference between an OTP SMS and the OAC SMS?
An OTP is a six digit pin you will need to enter when transacting in Citi Online. An OTP will be sent instantly via SMS or can be generated through the Citi Mobile app. An OTP expires after 8 minutes. You are only required to enter one OTP per session.
An Online Authorisation Code (OAC) is a code you need to obtain and enter, to set up and activate a new Payee for the first time in Citi Online. This code is totally separate from an OTP and is sent to you via email, mail and SMS, or can be obtained through Customer Service Centre. An OAC expires only after 15 days.
Can I use the OTP generated using the Citi Mobile® App for telephone services?
No. Please note, the OTP used in Customer Service Centre is different to a Citi Online OTP, and cannot be generated using your Citi Mobile App.
Hard Token FAQs
Hard Token FAQs
What is a hard token?
A hard token is a key ring sized plastic token which can be used to generate an OTP. The token includes a small keypad, OTP button and a screen which will display the six digit OTP.
Can I use my hard token to generate an OTP for use on my Mobile or Tablet device?
No, the hard token does not support account management through the mobile or tablet app. If using the hard token to generate an OTP you will only be able to access Citi Online through your a browser on your PC or tablet.
How does a hard token work?
To generate an OTP using the hard token, simply press the green OTP button in the bottom right corner of the token.
An OTP will display in the screen which you can then enter into the field provided in Citi Online.
How long does it take to receive a hard token?
Hard tokens will typically take between five to seven working days to be delivered.
Do I need to activate the hard token once received?
No. Each hard token will arrive already activated and you can start using it as soon as you receive it.
What if I have lost my token?
If you lose your hard token, please report it to Customer Service Centre immediately on 13 24 84.13 24 84 As your hard token is linked only to your account, the lost token will be cancelled and a new token issued.
Do I need mobile or internet reception to generate OTP from hard token?
No. Hard tokens work totally independent of any network or internet connection and an OTP can be generated at any time.
Can I share my hard token with others?
No. Each hard token is assigned to only one account. Please ensure your token is kept in a secure place and is not shared with anyone else.
Do I need to return a damaged hard token when I receive a replacement?
No. The damaged hard token will be remotely cancelled by Customer Service Centre.
Can I have more than one hard token for my Citi Online?
No. A customer will only be issued one hard token.
How secure should I keep my hard token?
Please ensure your token is kept in a secure place and is not shared with anyone else. Avoid storing your token with other sensitive information such as account details, PIN numbers or Citi Online Passwords.
Can I collect a hard token from a Citi branch?
No. Hard tokens will be delivered by mail within five to seven working days of a request.
How long do the hard token batteries last for?
Hard token batteries should last for over five years. Hard token batteries cannot be replaced, and in the case where your hard token battery has been exhausted, please contact Customer Service Centre on 13 24 84.13 24 84. to request a replacement hard token.