Citi Security Centre - Security Update

Using Citi Mobile® Token for Online Shopping

Use the Citi Mobile® Token in the Citi Mobile® UK App to authenticate many of your online transactions.

Using the Citi Mobile® Token is the easiest and quickest way to securely authenticate your online purchases, with minimal disruption to your online purchasing experience.

The Citi Mobile® UK App

To download the Citi Mobile® UK App visit the App Store on your Apple Device or Google Play Store on your Android device and search for “Citi Mobile UK”.

The Citi Mobile® UK App is supported by iOS 9.0 and Android 4.4 and above.

A secure authentication method for your online transactions with Citi Mobile® Token.

Citi UK customer receiving notification on his mobile to complete their transaction using the Citi Mobile Token Citi UK customer can authorise their purchases using the 6-digit unlock code using the Citi Mobile Token Purchase complete notification on the app using Citi Mobile Token

To authenticate your online transactions securely, it is advised you have the Citi Mobile UK app.

If you are not registered for Citi Online and do not have Citi Mobile® Token enabled, please follow the steps below to ensure there is no disruption to your online purchasing experience:

Take these simple steps to making seamless online payments:

  1. Ensure you are registered for Citi Online

    - If you are not yet registered for Citi Online, please click here. Follow the onscreen instructions – you will need your mobile phone and Citi Debit Card to hand.

  2. Download the Citi Mobile® UK App:
  3. Register for the Citi Mobile® Token:

    - You will be prompted to enable Citi Mobile® Token when you first launch your Citi Mobile® UK App. If you haven’t enabled Citi Mobile® Token from this prompt, please click here to find out more information on how to enable.

  4. Enable Push Notifications:

    - Tap ‘Enable’ when you see the Push Notification pop-up and then tap ‘Allow’ on your device.

How to authenticate your online purchases securely with Citi


  • How do you download the Citi Mobile® UK App?

    On your Apple or Android device, click on the App store or Google play store icon to download the Citi Mobile® UK App directly. Alternatively, you can download the app via one of the following methods: * Search for "Citi Mobile UK" in the App Store or Google Play on your Apple or Android device.

  • What iOS/Android versions are compatible with the Citi Mobile® UK App?

    Citi Mobile® UK App is supported by iOS/Android version: iOS 9.0, Android 4.4 and above.

  • Can I remove the User ID tagged to the mobile app?

    You can remove your User ID tagged to your mobile app by clearing cache in android phone. For apple devices, you can do so by deleting and re-installing the app.

  • I live in a country where I am unable to download the Citi Mobile® UK App. How can I authorise my online transactions?

    If you are unable to download the Citi Mobile® UK App, you will still be able to complete your online transactions by following the Deeplink solution. This will require you to enter your Citi Online and Citi Mobile username and password to proceed with completing your transaction.

  • I have changed my mobile phone, what happens now?

    If you have changed your mobile phone, download the Citi Mobile® UK App onto your new device and activate the Citi Mobile® Token on it. This will ensure that you receive all notifications to your new mobile phone.

  • My mobile phone is broken, what happens now?

    If your mobile phone is broken, your Citi Mobile® Token is still activated, and you will continue to receive notifications from the system. Therefore, we recommend installing the Citi Mobile® UK App again on an alternative mobile phone as soon as possible. If you do not have an alternative mobile phone but you are still able to deactivate the Citi Mobile® Token, we recommend you do so before sending your mobile phone into repair. Once you retrieve the mobile phone after repair, you can reactivate your Citi Mobile® Token.

Citi Mobile® Token

  • What is Citi Mobile® Token?

    Citi Mobile® Token is a feature within the Citi Mobile® App. This is used to generate a One-Time Password (OTP) which is required to authenticate online and mobile transactions. It is an alternative authentication method to SMS OTP. It is a more secure method of authentication. The Citi Mobile® Token can only be activated within the Citi Mobile® UK App. You can only enable their token on ONE mobile device at a time.

  • The benefits of Citi Mobile® Token?

    SECURE: You can create their own unique 6-digit unlock code.
    INSTANT: You can enter their unique unlock code to instantly authenticate transactions.
    EASY: Authenticates all online transactions (payments and transfers), adding a new payee and updating contact details.

Push Notifications

  • What is a Push Notification?

    A push notification is a message that pops up on a mobile device. These are sent by the Citi Mobile® UK App and can only reach you if you have installed the App and enabled notifications; both on your device and Citi Mobile® UK App.

  • Where can I find the Push Notification alerts they receive?

    ‘Notification Centre', which is an in-app repository in Citi Mobile® UK App, stores all your push notifications that were received on your mobile phone.
    'Notification Centre' can be found in the Top right corner of the dashboard page.

  • Will I still receive SMS alerts after enabling Push Notifications?

    When you enable push notifications, they will no longer receive the optional alerts they can sign up for. Mandatory alerts will continue via SMS.

  • An error message pops up every time I try to enable push notifications, what do I do?

    Go to the settings on your phone and make sure that you have provided your consent to receive notifications for the Citi Mobile® UK App. If you haven’t done this, enable the notifications for this application.


  • Will online card payments with a one-time passcode (OTP) sent by SMS text message be no longer available?

    SMS OTP will still be an option for certain transaction types and will depend on how the merchant chooses to process the transaction. This change results from Payment Service Regulations and the introduction of Strong Customer Authentication, which aims at increasing the security of your payments. If you pay for your online shopping with a card, you will likely be asked to confirm the transaction using Citi Mobile® Token or Deeplink Authorisation, with a single-use code received by text message gradually becoming less common.

  • Do I have to be registered for Citibank Online to make 3D Secure payments?

    Yes, you will need to be registered for Citibank Online to be able to authorise online purchases

  • Will all online transactions require SCA (Strong Customer Authentication)?

    No, there are various exemptions that banks can apply and not all transactions are in scope.

  • When confirming a transaction, I entered the incorrect information, what do I do now?

    After entering your username and password incorrectly three times, your Citibank Online and Citi Mobile password is blocked. To unblock the password, go to and select the “I forgot my password” link on the login page.


  1. Log in to Citi Online and try a demographic change. If you receive an SMS OTP, then your Citi Mobile® Token is not set up correctly
  2. Enable your Citi Mobile® Token on the Citi Mobile® UK App if it is disabled
  3. Re-sync the Citi Mobile® Token on your Citi Mobile® UK App
  4. Enable push notifications on the Citi Mobile® UK App
  5. If you have taken the above steps and you are still facing issues, delete and reinstall the Citi Mobile® UK App and repeat the payment process again


  1. What is Touch ID® / Face ID®?

    Touch ID® / Face ID® is a feature that enables login authentication based on fingerprints and Face Identification stored on your Apple iPhone device, which is an alternative login mechanism to Citi's User ID and Password.

  2. What is Fingerprint login?

    Fingerprint Login is a feature that enables login authentication based on fingerprints stored on your Android™ device. It is an alternative login mechanism to Citibank Online User ID and Password.

  3. Can I enable Touch ID® / Face ID® for the Citi Mobile® UK App?

    You can enable this by navigating to the “Profile” button located in the top left-hand corner of the App > Under Security Settings they can select “Touch ID® / Face ID®” and select enable.

Other important questions:

  1. I have lost my mobile phone. How can I deactivate my Citi Mobile® UK Token?

    You can deactivate your Citi Mobile® Token by doing the following:
    1. Log in to your Citi Online and follow the path: My Profile > Disable Citi Mobile® Token
    2. Contact CitiPhone to disable your Citi Mobile® Token

 Two people shaking hands
A Citi UK customer working on his smart device
A man talking on his mobile phone


If you have any concerns regarding security please call
the Citi Security Team on:


0800 096 68 00

+44 203 569 99 98
If calling from outside the UK