The Citibank OTP (One-Time PIN) is a randomly generated six digit password, which makes it a stronger method for authenticating your online transactions. Each time you perform online transactions through Citibank Online you'll be required to enter a Citibank OTP. The Citibank OTP is sent via SMS to your mobile phone. You will only be required to enter one OTP per session.
When you need to perform an online transaction or online query, you will be required to enter an OTP as a second level of authentication to confirm that the transaction is authorised by you. This OTP will be delivered to you via SMS. You will only need one OTP per session. For a full list of transactions click here.
You only need to enter one OTP per online session. Once you have entered your OTP you can perform as many transactions as you like within that session. If you're adding a new payee you'll still need to activate this payee using the Online Authorisation Code (OAC) which will be sent via SMS. The OAC functions separately to the OTP.
Online transactions that require an OTP are those that could potentially compromise your security or privacy as a customer of Citibank. These transactions include:
• Viewing account details and activity
• Downloading account activity
• Viewing statements
• Transferring and payments
• Managing payees
• Viewing My offers
• Viewing and redeeming Rewards
• Performing a transfer into or out of the COS (Citibank Online Saver) account
• Updating contact details (mobile and address)
• Changing user ID
• Changing ATM PIN
• Changing password
• Changing Nominated Link Account
• Closing Nominated Link Account
• Enrolling into eStatement
The Citibank OTP serves as a second-level of authentication when you perform protected transactions at Citibank Online. If your card number and PIN are compromised for any reason, the intruder will also need to have your mobile phone to access protected transactions via your account online. This is an additional security measure to protect you so you can enjoy total peace of mind when you bank online with us.
No. The security questions will be removed in April 2013 and OTP will become the new way to log into Citibank Online to ensure all customers are using stronger authentication to transact online. You'll be notified when this will occur.
Once the security questions are removed and OTP is fully implemented, you will need your mobile phone to bank online. A new One-Time PIN mobile app feature will provide smartphone users (iPhone and Android) with an alternative to the SMS OTP option. This feature locks your device to your account and removes the need to enter an OTP when banking through the mobile app. It also allows you to generate an offline OTP for use when banking on Citibank Online. Network coverage or internet connection are not required to generate an offline OTP. A hard token OTP generator will also be available.
No, this enhanced security feature is free to all customers. If you are travelling overseas contact your network provider as the SMS may incur an additional cost. Alternatively, you can download the One-Time-PIN mobile app before travelling. It allows you to generate an offline OTP for use when banking on Citibank Online. Network coverage or internet connection are not required.
If you don't receive your OTP you can request the OTP to be resent to you through the OTP screen on Citibank Online. If you still don't receive your OTP, check that we have your current mobile phone number or phone us on 13 24 84.
The Citibank OTP is valid for eight minutes. If the OTP expires, you will need to generate a new OTP. You can do this through the OTP screen on Citibank Online. Please note that if you enter an OTP incorrectly three times you will be locked out of your session and your online user ID will be locked.
If you enter your OTP incorrectly three times, your online access will be blocked and your online user ID will be locked. If this happens and you receive the One-Time-PIN via SMS you will need to reset your online banking password - have your card number, account number and PIN handy. If the One-Time-PIN is generated from the mobile app, call us on 13 24 84 to unlock.
You'll sign on to Citibank Online the same way, using your User ID and Password. You'll no longer need to enter your security question and you'll be taken directly to your account summary page. You'll be prompted to enter an OTP when you perform online transactions.
Yes, the Citibank OTP can be sent to most international mobile numbers and is optimised for the following ten countries. If you experience any issues receiving the OTP to your international mobile number please contact us on +61 2 8225 0615.
Make sure you update your overseas mobile phone number on Citibank Online and include the country code (without the + sign) and your mobile number. You can start to generate OTP using this number within three working days.
Note: Customers using a US SIM and mobile number may experience some delays in receiving the SMS OTP. Please contact Citiphone on +61 2 8225 0615 if you experience any issues.
Below are valid mobile international number formats:
NOTE: For Singapore phone numbers, or countries that have numbers with more than 8 digits, customers will need to call CitiPhone to update their mobile number. Updating your mobile number on CBOL will not work.
Yes, you'll need to activate international roaming on your mobile phone before you travel overseas. If you have an iPhone or Android smartphone you will also be able to use the OTP feature in the Citibank Mobile App where you can generate an offline OTP for use when banking on Citibank Online. This feature is free to use internationally as no network coverage or internet connection is required to generate an offline OTP.
Yes. Once the security questions are removed the OTP system will become mandatory. This is to ensure all customers are using stronger authentication to transact online. You'll be notified when this will occur.
No, you can only register one mobile phone number and the Citibank OTP will always be sent to the mobile phone number you have provided us with. To update your contact details, sign on to Citibank Online and select 'Update Contact Details' from the Account Services menu.
Yes. When you bank on through your mobile device's browser, you will be required to enter an OTP to access protected functions. A new One-Time PIN mobile app feature will provide iPhone and Android smartphone users with an alternative to the SMS OTP option. This feature locks your device to your account and removes the need to enter an OTP when banking through the mobile app. It also allows you to generate an offline OTP for use when banking on Citibank Online. Not network coverage or internet connection is required to generate an offline OTP.
One-Time PIN is a new feature which will be available in the next release of the Citibank mobile app. This feature will provide iPhone and Android smartphone users with an alternative to the SMS OTP option. It also locks your device to your account and removes the need to enter an OTP when banking through the mobile app using your smartphone. It also allows you to generate an offline OTP for use when banking on Citibank Online. This feature is free to use internationally as no network coverage or internet connection is required to generate an offline OTP.
A One-Time PIN (OTP) is a six digit pin you will need to enter when transacting in Citibank Online. An OTP will be sent instantly via SMS or can be generated through the Citibank Mobile app. A OTP expires after 8 minutes. You are only required to enter one OTP per session.
An Online Authorisation Code (OAC) is a code you need to obtain and enter, to set up and activate a new Payee for the first time in Citibank Online. This code is totally separate from an OTP and is sent to you via email, mail and SMS, or can be obtained through Citiphone. An OAC expires only after 15 days.
One-Time-PIN (OTP) is a new feature in an upcoming release of the Citibank mobile app which locks your account to your mobile device and allows you to generate an OTP for use online. One-Time-PIN is an alternative to the OTP sent via SMS.
The Citibank mobile app can be downloaded from either the App Store (iPhone) or the Google Play store (Android). Simply search for 'Citibank AU' and the Citibank mobile app will display and be available for download.
This is not currently available for Blackberry users.
Yes. To unregister your device from One-Time-PIN, simply sign into the app, select 'Self Service Functions', and then select the 'Unregister' option from the menu. You will be sent an OTP via SMS which you will need to enter to confirm you want to unregister your device.
Yes. If you would prefer to generate an OTP through the One-Time-PIN mobile app feature rather than receive an OTP via SMS, you can generate an offline OTP through the Citibank mobile app, and enter that OTP when transacting in Citibank Online on your computer. Simply select the 'Generate One-Time PIN' option from the home screen of the mobile app.
When transacting in Citibank Online, customers can opt to receive an OTP by SMS. If they don't have a mobile phone or a smartphone, or travel regularly to countries with limited coverage, a hard token can be offered in these circumstances.
If the One-Time-PIN mobile app doesn't generate an OTP for some reason, you can choose to receive an SMS OTP by selecting the 'Send me a SMS One-Time PIN' option from the OTP entry screen in Citibank Online. You will then be sent an OTP to your mobile phone which you can enter to proceed.
No. Your account is locked to your device rather than your phone number. You can continue to bank online as you normally would however you will need to log in to Citibank Online and update your mobile number
The same applies if you are travelling overseas and use a local SIM card while in a particular country.
If you have lost your mobile phone and it’s registered to One-Time-PIN, please call CitiPhone on 13 24 84 to unregister your phone from One-Time-PIN. You will need to re-register to One-Time-PIN function once you have a new phone and advise us of your new phone number should there be change.
No, the hard token does not support banking through the mobile or tablet app. If using the hard token to generate a One-Time PIN you will only be able to access online banking through your a browser on your PC or tablet.
Please ensure your token is kept in a secure place and is not shared with anyone else. Avoid storing your token with other sensitive information such as account details, PIN numbers or Internet Banking Passwords.
Hard token batteries should last for over five years. Hard token batteries cannot be replaced, and in the case where your hard token battery has been exhausted, please contact CitiPhone on 13 24 84 to request a replacement hard token.