Please be aware of scammers posing as Citi asking customers to share their One Time Pin (OTP) over the phone. Citi will never ask you for these details via any of our communications to you. If you think you have fallen victim to a scam, please contact our fraud team immediately on 1300 550 216.
Log into Citibank Online using your User ID and Password. Then when you perform an online transaction, you will be sent an OTP via SMS to enter before proceeding.
You will only be required to enter one One-Time PIN per session.
There are several ways you can receive an OTP overseas.
Through the Citi Mobile® Token
Generate your One-Time PIN via the Citi Mobile® App without your mobile phone requiring an internet connection or network coverage, providing convenient online banking especially when traveling abroad.
Simply download the Citi Mobile® App on your mobile device, activate* the Citi Mobile® Token and set up your 4-digit passcode.
*You will only need to receive one SMS 'One-Time PIN' to complete the initial registration process.
Receiving the SMS OTP
If you don't have an iPhone or Android device, you will need to activate global roaming on your mobile phone before travelling, to be able to receive the SMS OTP.
The SMS OTP has been optimised for international delivery and is still delivered instantly.
If you lose or have your phone stolen and it is no longer accessible to you to receive or generate an OTP, please do one of the following:
If using the SMS OTP Solution:
If you want to stop your phone receiving an SMS OTP, please contact your network provider and put a block on your number until you have a replacement phone.
If you are worried about access to your online banking accounts, please call CitiPhone on 13 24 8413 24 84 (+61 2 8225 0615+61 2 8225 0615 if calling from overseas) and they can put a block on your internet banking access (this block will apply to online banking access on all devices).
When you replace your phone, give CitiPhone another call and we will unblock your online banking access.
If using Citi Mobile® Token:
If you have a replacement device available, simply download the Citi Mobile® App onto the device and activate the Citi Mobile® Token.
Once you have activated the Citi Mobile® Token on a new device, the Citi Mobile® Token on the previous (lost) device will automatically be deactivated as you can only activate the Citi Mobile® Token on one device.
If you do not have a replacement device available, you should disable your Citi Mobile® Token. Login to your Citibank Online account and follow these steps: Services → My Profile → Deactivate Citi Mobile® Token.
Alternatively, call CitiPhone on 13 24 8413 24 84 or +61 2 8225 0615+61 2 8225 0615 (if you are calling from overseas) to deactivate your Citi Mobile® Token.
Download the Citi Mobile® App today.
Benefits of OTP
Smarter, more advanced security system to protect you and your money online
Provides a stronger method for authenticating your online transactions
Acts as an extra level of protection should your Card Number and PIN be compromised
It's totally free, secure and easy to use.
How does OTP work?
When you need to perform an online transaction or online query you will be required to enter an OTP as a second level of authentication to confirm that the transaction is authorised by you.
This OTP will be delivered to you via SMS, or can be generated through the Citi Mobile app. You will only need one OTP per session.
Updating your mobile number
To update your mobile number, simply sign on Citi Online and select Services > My Profile > Personal Information > View / update details
Alternatively, call us on 13 24 84 (or +61 2 8225 0615 if calling from overseas) and we'll update it for you.
Frequently Asked Questions
What is the Citi OTP?
The Citi OTP is a randomly generated six digit password, which makes it a stronger method for authenticating your online transactions. Each time you perform online transactions through Citi Online you'll be required to enter a Citi OTP. The Citi OTP is sent via SMS to your mobile phone. You will only be required to enter one OTP per session.
How does the Citi OTP work?
When you need to perform an online transaction or online query, you will be required to enter an OTP as a second level of authentication to confirm that the transaction is authorised by you. This OTP will be delivered to you via SMS. You will only need one OTP per session.
Do I have to enter a Citi OTP for every transaction or every session?
You only need to enter one OTP per online session. Once you have entered your OTP you can perform as many transactions as you like within that session. If you're adding a new payee you'll still need to activate this payee using the Online Authorisation Code (OAC) which will be sent via SMS. The OAC functions separately to the OTP.
What transactions will I need an OTP for?
Online transactions that require an OTP are those that could potentially compromise your security or privacy as a customer of Citi. These transactions include:
Transferring and payments
Viewing My offers
Performing a transfer into or out of the COS (Citi Online Saver) account
Updating contact details (mobile and address)
Changing user ID
Changing ATM PIN
Changing Nominated Link Account
Closing Nominated Link Account
Why is there a need for the Citi OTP?
The Citi OTP serves as a second-level of authentication when you perform protected transactions at Citi Online. If your card number and PIN are compromised for any reason, the intruder will also need to have your mobile phone to access protected transactions via your account online. This is an additional security measure to protect you so you can enjoy total peace of mind when you bank online with us.
Can I still bank online if I don't have access to my mobile phone?
You will need your mobile phone to bank online. A new OTP mobile app feature will provide smartphone users (iPhone and Android) with an alternative to the SMS OTP option. This feature locks your device to your account and removes the need to enter an OTP when banking through the mobile app. It also allows you to generate an offline OTP for use when banking on Citi Online. Network coverage or internet connection are not required to generate an offline OTP. A hard token OTP generator will also be available.
Do I have to pay for the Citi OTP?
No, this enhanced security feature is free to all customers. If you are travelling overseas contact your network provider as the SMS may incur an additional cost. Alternatively, you can download the OTP mobile app before travelling. It allows you to generate an offline OTP for use when banking on Citi Online. Network coverage or internet connection are not required.
What if I don't receive an OTP?
If you don't receive your OTP you can request the OTP to be resent to you through the OTP screen on Citi Online. If you still don't receive your OTP, check that we have your current mobile phone number or phone us on 13 24 8413 24 84.
How long does it take to receive an OTP to my mobile phone?
The OTP will be sent to your mobile phone instantly. The receipt of the OTP will depend on your network coverage. Poor network coverage may cause some delays.
How long is the Citi OTP valid for?
The Citi OTP is valid for five minutes. If the OTP expires, you will need to generate a new OTP. You can do this through the OTP screen on Citi Online. Please note that if you enter an OTP incorrectly three times you will be locked out of your session and your online user ID will be locked.
What happens if I enter an incorrect OTP?
If you enter your OTP incorrectly three times, your online access will be blocked and your online user ID will be locked. If this happens and you receive the OTP via SMS you will need to reset your online banking password - have your card number, account number and PIN handy. If the OTP is generated from the mobile app, call us on 13 24 84.13 24 84. to unlock.
Will the sign on process to Citi Online change? Will I need the Citi OTP to sign on to Citi Online?
You'll sign on to Citi Online the same way, using your User ID and Password. You'll no longer need to enter your security question and you'll be taken directly to your account summary page. You'll be prompted to enter an OTP when you perform online transactions.
Can I receive the Citi OTP to an overseas mobile number?
Yes, the Citi OTP can be sent to all international mobile numbers that have the ability to receive an SMS. If you experience any issues receiving the OTP to your international mobile number please contact us on +61 2 8225 0615+61 2 8225 0615.
Make sure you update your overseas mobile phone number on Citi Online and include the country code (without the + sign) and your mobile number. You can start to generate OTP using this number within three working days.
Note: Customers using a US SIM and mobile number may experience some delays in receiving the SMS OTP. Please contact Citiphone on +61 2 8225 0615+61 2 8225 0615 if you experience any issues.
What format does an international mobile numbers need to be in to receive the OTP?
Below are valid mobile international number formats:
NOTE: For Singapore phone numbers, or countries that have numbers with more than 8 digits, customers will need to call CitiPhone to update their mobile number. Updating your mobile number on CBOL will not work.
Can I receive an OTP when I'm travelling overseas?
Yes, you'll need to activate international roaming on your mobile phone before you travel overseas. If you have an iPhone or Android smartphone you will also be able to use the OTP feature in the Citi Mobile App where you can generate an offline OTP for use when banking on Citi Online. This feature is free to use internationally as no network coverage or internet connection is required to generate an offline OTP.
Can I receive a Citi OTP if I have call forwarding activated for my mobile phone?
No, an OTP will not get forwarded. This would compromise your online security. Please ensure you contact details are updated through Citi Online.
Do I have to enrol for Citi OTP?
The OTP system is mandatory.This is to ensure all customers are using stronger authentication to transact online.
I have recently updated my mobile phone number. When can I start receiving The Citi OTP?
You can start to receive the Citi OTP immediately once you have successfully updated your mobile number.
Can I register a second mobile phone number?
No, you can only register one mobile phone number and the Citi OTP will always be sent to the mobile phone number you have provided us with. To update your contact details, simply sign on Citi Online and select Services -> My Profile -> Personal Information -> View / update details
Will I need to enter the Citi OTP when banking through Citi Mobile?
Yes. When you bank on through your mobile device's browser, you will be required to enter an OTP to access protected functions. Mobile OTP feature will also provide iPhone and Android smartphone users with an alternative to the SMS OTP option. This feature locks your device to your account and removes the need to enter an OTP when banking through the mobile app. It also allows you to generate an offline OTP for use when banking on Citi Online. No network coverage or internet connection is required to generate an offline OTP.
What is the OTP mobile app feature?
This feature will provide iPhone and Android smartphone users with an alternative to the SMS OTP option. It also locks your device to your account and removes the need to enter an OTP when banking through the mobile app using your smartphone. It also allows you to generate an offline OTP for use when banking on Citi Online. This feature is free to use internationally as no network coverage or internet connection is required to generate an offline OTP.
What is the difference between an OTP SMS and the OAC SMS?
An OTP is a six digit pin you will need to enter when transacting in Citi Online. An OTP will be sent instantly via SMS or can be generated through the Citi Mobile app. An OTP expires after 8 minutes. You are only required to enter one OTP per session.
An Online Authorisation Code (OAC) is a code you need to obtain and enter, to set up and activate a new Payee for the first time in Citi Online. This code is totally separate from an OTP and is sent to you via email, mail and SMS, or can be obtained through Citiphone. An OAC expires only after 15 days.
Can I use the OTP generated using the Citi mobile app for phone banking?
No. Please note, the OTP used in Citiphone Banking is different to a Citi Online OTP, and cannot be generated using your Citi Mobile App.
OTP Mobile App Feature: Citi Mobile® Token FAQs
OTP Mobile App Feature: Citi Mobile® Token FAQs
What is the OTP feature of the Citi Mobile app?
OTP is a mobile app feature providing iPhone and Android users with an alternative to the SMS OTP option. The OTP mobile app feature locks your device to your account and once you have registered, you will never be asked for an OTP when banking through the app. This feature also allows you to generate an offline OTP for use when banking online. To download the Citi Mobile App, Simply visit the App Store or Google Play TM store on your iPhone or Android and search for "Citi AU".
Where can I download the Citi Mobile app from?
The Citi Mobile app can be downloaded from either the App Store (iPhone) or the Google Play store (Android). Simply search for 'Citi AU' and the Citi Mobile app will display and be available for download.
This is not currently available for Blackberry users.
Does my smartphone need to have reception or an active internet connection to use OTP?
No. Once you have downloaded and registered for OTP, you can generate an offline OTP without the need for an active internet connection or mobile reception.
How do I activate Citi Mobile® Token?
Click on "Activate Citi Mobile® Token" on the sign in page of your Citi Mobile® App and create your 4-digit passcode.
How do I generate an OTP?
To generate an OTP through your Citi Mobile® App, simply click on "Citi Mobile® Token" on the sign in page and enter your 4-digit passcode.
Once I've generated an OTP, how long is it valid for?
OTPs generated through OTP are valid for eight minutes. If your OTP expires, you will need to generate a new OTP.
Can I deactivate Citi Mobile® Token from my device?
Yes. To deactivate, simply sign into the app, go to your settings, select 'Citi Mobile® App' and select 'Deactivate Citi Mobile® Token'.
If you have entered the OTP correctly on Citibank Online, but it says it is incorrect, please re-sync your Citi Mobile® Token
To re-sync your Citi Mobile® Token simply sign into the app, go to your settings, select Citi Mobile® Token and select 'Re-sync'.
Can I use an OTP generated through Citi Mobile app to transact on my PC?
Yes. If you would prefer to generate an OTP through the OTP mobile app feature rather than receive an OTP via SMS, you can generate an offline OTP through the Citi Mobile app, and enter that OTP when transacting in Citi Online on your computer. Simply select the 'Generate Mobile OTP' option from the Sign On Screen of the mobile app.
What alternatives are there to OTP to generate an OTP?
When transacting in Citi Online, customers can opt to receive an OTP by SMS. If they don't have a mobile phone or a smartphone, or travel regularly to countries with limited coverage, a hard token can be offered in these circumstances.
What do I do if OTP doesn't generate an OTP?
If the OTP mobile app doesn't generate an OTP for some reason, you can choose to receive an SMS OTP by selecting the 'Send me a SMS OTP' option from the OTP entry screen in Citi Online. You will then be sent an OTP to your mobile phone which you can enter to proceed.
How does OTP work if I was to access Citi Online through my mobile device's browser?
Banking through mobile phone's browser works exactly the same as if you were banking online on your PC.
You will be sent as OTP via SMS to enter when accessing protected functions, or if you are registered for OTP, you will have the option to enter an OTP generated via the app.
Do I need to reactivate Citi Mobile® Token if I change my phone number?
No, your Citi Mobile® Token is locked to your mobile device, rather than your phone number. That means you can do your online banking even when traveling overseas.
To minimise any inconvenience, it is important that you ensure we have your correct mobile number at all times.
What do I need to do if I have lost my mobile phone?
If you have lost your mobile phone and it's registered to OTP, please call CitiPhone on 13 24 84.13 24 84 to unregister your phone from OTP. You will need to re-register to OTP function once you have a new phone and advise us of your new phone number should there be change.
Hard Token FAQs
Hard Token FAQs
What is a hard token?
A hard token is a key ring sized plastic token which can be used to generate an OTP. The token includes a small keypad, OTP button and a screen which will display the six digit OTP.
Can I use my hard token to generate an OTP for use on my Mobile or Tablet device?
No, the hard token does not support banking through the mobile or tablet app. If using the hard token to generate an OTP you will only be able to access online banking through your a browser on your PC or tablet.
How does a hard token work?
To generate an OTP using the hard token, simply press the green OTP button in the bottom right corner of the token.
An OTP will display in the screen which you can then enter into the field provided in Citi Online.
How long does it take to receive a hard token?
Hard tokens will typically take between five to seven working days to be delivered.
Do I need to activate the hard token once received?
No. Each hard token will arrive already activated and you can start using it as soon as you receive it.
What if I have lost my token?
If you lose your hard token, please report it to CitiPhone immediately on 13 24 84.13 24 84 As your hard token is linked only to your account, the lost token will be cancelled and a new token issued.
Do I need mobile or internet reception to generate OTP from hard token?
No. Hard tokens work totally independent of any network or internet connection and an OTP can be generated at any time.
Can I share my hard token with others?
No. Each hard token is assigned to only one account. Please ensure your token is kept in a secure place and is not shared with anyone else.
Do I need to return a damaged hard token when I receive a replacement?
No. The damaged hard token will be remotely cancelled by CitiPhone.
Can I have more than one hard token for my Internet Banking?
No. A customer will only be issued one hard token to allow them to bank online.
How secure should I keep my hard token?
Please ensure your token is kept in a secure place and is not shared with anyone else. Avoid storing your token with other sensitive information such as account details, PIN numbers or Internet Banking Passwords.
Can I collect a hard token from a Citi branch?
No. Hard tokens will be delivered by mail within five to seven working days of a request.
How long do the hard token batteries last for?
Hard token batteries should last for over five years. Hard token batteries cannot be replaced, and in the case where your hard token battery has been exhausted, please contact CitiPhone on 13 24 84.13 24 84. to request a replacement hard token.