Login Requirement
The CitiDirect BE® employs secure login processes to ensure that data is safe and accessible only to authorized users.
In order to login to CitiDirect BE® your Login ID is needed along with a Secure Password and/or a SafewordTM Card that generates dynamic passwords, or a Digital Certificate.
You will need to choose one of the login methods below :
 |
Challenge Response – Host 9: A SafewordTM card and Personal Identification Number (PIN) are required to login using Host 9. (Most CitiDirect clients use this login method)
Multi-factor– Host 9 & Login ID: A SafewordTM card with Personal Identification Number (PIN), along with a password are required to login using Host 9. (*Primarily Singapore Clients and clients with Singapore accounts)
SafewordTM Card - Host 2: A SafewordTM card and Personal Identification Number (PIN) are required to login using Host 2.
Secure Password: A Login ID and password are required to login.
Digital Certificate: You can login with a digital certificate only after you have downloaded a valid portal logon certificate into your Citi authorized Smartcard / USB Token. |
System Requirements
While you can use any browser to access CitiDirect, we recommend you use a modern one that has the latest security patches applied.
Please note: some content on the site can be downloaded in PDF or Excel* format, which require an appropriate application to view.
* Excel is a registered trademark of Microsoft Corporation
Browser Security Settings
Users need to ensure their browser security settings are set correctly so CitiDirect BE® services run properly.
These settings can be found and set in your browser as follows:
Internet Explorer browser versions –from the Internet Explorer Browser window, go to the "Tools" menu, select "Internet Options", then select the "Security" tab.
Listed below are the Security Settings that must be enabled.
- Enable - initialize and script ActiveX controls not marked as safe
- Enable - Run ActiveX controls and plug-ins
- Enable - Active Scripting
- Enable – Allow Programmatic clipboard access
If you have an Internet Zone set below "High", these security settings will be set properly for CitiDirect BE®.
If you have an Internet Zone set as "High", these security settings will need to be enabled under "Custom Settings"
Firefox browser versions – from Firefox Browser "Tools" menu go to Options and select the "Content" tab, ensure the setting "Enable JavaScript" is checked.
All other security settings are enabled by default in Firefox and do not require any user actions.
Login with Challenge Response (Host 9)
A SafewordTM card and Personal Identification Number (PIN) are required to login via challenge response.
- Select Challenge Response as your Login Method
- If your Login ID does not appear in the Login ID field, click the dropdown and select "A different user", then type your Login ID in the Login ID field.
- Your Login ID can be located on the back of the SafeWord card as displayed below

- If your Login ID appears already in the Login ID field, go to the step below (Note: Your Login ID is auto populated in the Login ID field if you previously selected "Remember Me" during your previous login).
- Click Continue, a challenge will be presented.
- Press ON to activate your SafewordTM card.

- At the ENTR PIN prompt, enter your 4-digit PIN
- At the HOST? prompt, enter the number "9." (*Note - CitiDirect BE® does not include the Host "9" in the challenge and response as legacy CitiDirect)
- At the CHALLNG? prompt, enter the Challenge that appears in the Challenge field of the Challenge/Response window on your CitiDirect BE® login screen.
- In the Response field on your computer screen, enter the response displayed on the Safe Word card.
- Click Login. CitiDirect BE® will open.
SafewordTM Card Tips:
Using a SafewordTM Card to generate a dynamic password
When you received your SafewordTM card, you also received a unique PIN with your host number. You will need that information to generate a dynamic password that is required to login.
Please follow these steps:
- Press ON to activate your SafewordTM Card
- At the prompt, enter your unique PIN
- Now enter your host number
- A password is generated - key in this password in the password field on the CitiDirect BE® login screen.
Please note that for some users the displayed dynamic password will contain a hyphen (-). The hyphen should not be entered as part of the password.
New SafewordTM card Issuance:
Citigroup SafewordTM Administrators will issue new card and PIN mailer for the users created on CitiDirect BE® within a period of 10 US business days after receipt of "Important User Information" email notification.
Existing SafewordTM card Enablement:
Citigroup SafewordTM Administrators will enable access to existing SafewordTM card for the users created on CitiDirect BE® within a period of 3 US business days after receipt of "Important User Information" email notification. If you have not received your SafewordTM card and PIN mailer or you encounter any problems accessing CitiDirect BE®, please contact your Implementer or Customer Support Representative.
Login with Multi-factor Authentication (Host 9)
A SafewordTM card with Personal Identification Number (PIN), along with a Login ID and password are required to login with Multi-factor authentication (MFA).
Please use these steps to login:
- Select Multi-factor as your Login Method.
- If your Login ID does not appear in the Login ID field, click the dropdown and select "A different user", then type your Login ID in the Login ID field.
- For most users, the Login ID is located on the back of the SafeWord card as displayed below

- Enter your Login ID in the space provided. Select "Remember Me" if you would like this information stored on your computer.
- If your Login ID appears already in the Login ID field, go to the step below (Note: Your Login ID is auto populated in the Login ID field if you previously selected "Remember Me" during your previous login).
- Click Continue, a challenge will be presented.
- Press ON to activate your SafewordTM card.

- At the ENTR PIN prompt, enter your 4-digit PIN
- At the HOST? prompt, enter the number "9."
- Enter the Challenge into the SafeWord card to obtain the response
- Enter the dynamically generated password in the appropriate spaces provided.
- Click Continue
- Enter your Secure Password in the appropriate space provided.
- Click Login to access CitiDirect BE®.
SafewordTM Card Tips:
Using a SafewordTM Card to generate a dynamic password
When you received your SafewordTM card, you also received a unique PIN with your host number. You will need that information to generate a dynamic password that is required to login.
Please follow these steps:
- Press ON to activate your SafewordTM Card
- At the prompt, enter your unique PIN
- Now enter your host number
- A password is generated - key in this password in the password field on the CitiDirect BE® login screen.
Please note that for some users the displayed dynamic password will contain a hyphen (-). The hyphen should not be entered as part of the password.
New SafewordTM card Issuance:
Citigroup SafewordTM Administrators will issue new card and PIN mailer for the users created on CitiDirect BE® within a period of 10 US business days after receipt of "Important User Information" email notification.
Existing SafewordTM card Enablement:
Citigroup SafewordTM Administrators will enable access to existing SafewordTM card for the users created on CitiDirect BE® within a period of 3 US business days after receipt of "Important User Information" email notification. If you have not received your SafewordTM card and PIN mailer or you encounter any problems accessing CitiDirect BE®, please contact your Implementer or Customer Support Representative.
Secure Password tools:
Forgotten Secure Password - If you have forgotten your password click here
You will receive a temporary Secure password via e-mail.
Change Secure Password - If you know your password and want to change it click here
Secure Password Policies:
Expiration
- A warning will appear the last five days before a password expires
- Once the password expires, the user will be forced to change their password before continuing.
- Password expires if not changed within 180 days.
Locking
- Access to CitiDirect BE® will be disabled after 6 successive incorrect passwords.
Password rules
- The minimum password length is 8 characters.
- The maximum password length is 15 characters.
- The maximum repeating character length is 2.
- Password should have at least 1 alphabet and 1 number.
- Password must contain at least 1 uppercase and 1 lowercase character
Restrictions
- The minimum number of days before a password can be reused is 90.
- The minimum number of passwords before reuse is 6.
Login with a SafewordTM Card - Host 2
A SafewordTM card and Personal Identification Number (PIN) are required to login using Host 2.
- Select SafewordTM as your Login Method.
- If your Login ID does not appear in the Login ID field, click the dropdown and select "A different user", then type your Login ID in the Login ID field.
- If your Login ID appears already in the Login ID field, go to the step below (Note: Your Login ID is auto populated in the Login ID field if you previously selected "Remember Me" during your previous login).
- Press ON to activate your SafewordTM card.

- At the ENTR PIN prompt, enter your 4-digit PIN
- At the HOST? prompt, enter the number "2."
- Enter your Login ID and the generated dynamic password in the appropriate space provided.
- Click Login
SafewordTM Card Tips:
Using a SafewordTM Card to generate a dynamic password
When you received your SafewordTM card, you also received a unique PIN with your host number. You will need that information to generate a dynamic password that is required to login.
Please follow these steps:
- Press ON to activate your SafewordTM Card
- At the prompt, enter your unique PIN
- Now enter your host number
- A password is generated - key in this password in the password field on the CitiDirect BE® login screen.
Please note that for some users the displayed dynamic password will contain a hyphen (-). The hyphen should not be entered as part of the password.
New SafewordTM card Issuance:
Citigroup SafewordTM Administrators will issue new card and PIN mailer for the users created on CitiDirect BE® within a period of 10 US business days after receipt of "Important User Information" email notification.
Existing SafewordTM card Enablement:
Citigroup SafewordTM Administrators will enable access to existing SafewordTM card for the users created on CitiDirect BE® within a period of 3 US business days after receipt of "Important User Information" email notification. If you have not received your SafewordTM card and PIN mailer or you encounter any problems accessing CitiDirect BE®, please contact your Implementer or Customer Support Representative.
Login with Secure Password
A Login ID and password are required to login via Secure Password.
After you have received your Login ID and Password from the "Important User Information" email notification, please follow these steps to login:
- Select Secure Password as your Login Method.
- If your Login ID does not appear in the Login ID field, click the dropdown and select "A different user", then type your Login ID in the Login ID field.
- If your Login ID appears already in the Login ID field, go to the step below (Note: Your Login ID is auto populated in the Login ID field if you previously selected "Remember me" during your previous login).
- Enter your Secure Password in the appropriate space provided.
- Click Login
Secure Password tools:
Forgotten Secure Password - If you have forgotten your password click here
You will receive a temporary Secure password via e-mail.
Change Secure Password - If you know your password and want to change it click here
Secure Password Best Practice:
Periodically changing your password (e.g. every 90 days) is recommended for stronger security
Secure Password Policies:
Expiration
- A warning will appear the last five days before a password expires
- Once the password expires, the user will be forced to change their password before continuing.
- Password expires if not changed within 180 days.
Locking
- Access to CitiDirect BE® will be disabled after 6 successive incorrect passwords.
Password rules
- The minimum password length is 8 characters.
- The maximum password length is 15 characters.
- The maximum repeating character length is 2.
- The maximum sequential character length is 3.
- Password should have at least 1 alphabet and 1 number.
- Password must contain at least 1 uppercase and 1 lowercase character
- Password must not contain bank names such as ‘Citi’ , ‘Citigroup’, ‘Citibank’, ‘Citibanamex’, ‘Banamex’
Restrictions
- The minimum number of days before a password can be reused is 90.
- The minimum number of passwords before reuse is 6.
Login with a Digital Certificate
You can logon with a digital certificate only after you have downloaded a valid portal logon certificate into your Citi authorized Smartcard / USB Token. If you do not know which certificate is your logon certificate, contact your Customer Support Representative.
- Select digital certificate as your authentication mode
- You will be prompted with a window displaying a list of digital certificates on your device

- Select the appropriate logon certificate and click OK
Note: To verify that you are using the correct certificate click on view certificate details. The details tab of the dialog box will contain the certificate serial number

- The certificate will be verified and you will be prompted with a window to enter your PIN
- Enter PIN and click OK
Security Best Practices on CitiDirect BE®
At Citi, security for our clients is our utmost concern. As hackers and others, such as organized criminals, continue to try to get unauthorized access to funds, we would like to highlight some best practices to help make sure you are secure.
Social engineering attack
Citi has received business intelligence reports advising that there have been a few incidents of organized criminals calling bank clients and falsely advising them that they are the bank’s representatives.
Typically, when this happens, the client receives an unsolicited call from “Bank Technical Support.” The client is then asked for technical information about how the system works, how transactions are input and who authorizes them. The criminals often ask if the user can take them through the transaction by sharing their screens. They could even ask users to share passwords, token / authentication device information or other credentials.
Please note that Citi will never call you on an unsolicited basis and ask you for PINs, passwords or any other such security information.
The goal of these criminals is to understand the banking system and then try to create a fraudulent transaction.
If you receive any suspicious calls (such as unsolicited or unexpected contact asking for information), please contact your Security Manager and Citi Client Service person immediately.
CitiDirect BE® Best Practices
In order to maintain the best level of security, please ensure that you regularly review your controls.
- CitiDirect BE® supports up to nine levels of approval. It is strongly recommended that your organization set one or more levels of approval
- Ensure that high risk or high value transactions go through more stringent approval flows
- Leverage the CitiDirect BE® pre-format functionality to ensure you are only paying known or pre-approved beneficiaries
- For payments to be made by your organization, please ensure that your organization implements a robust process to prevent fraudulent attempts to change the beneficiary bank account details. Such attempts, if successful, would result in your money ending up in the wrong hands.
For assistance with implementing the above best practices please utilize the client academy training or contact your client service representative
Never share your SafeWord Card
SafeWord Cards should never be shared. Sharing a Safeword card increases the risk of fraud. Because you have agreed to keep your SafeWord card secret, any transaction that utilizes that card will be attributable to you. CitiDirect’s key security mechanism is to distinguish between the person inputting a transaction and the authorizer of the transaction. If SafeWord cards are shared, it becomes easier for one person to both input and authorize a transaction.
You can use CitiDirect BE® mobile to approve payments and monitor your intraday balances when roaming. Alerts also can be set on large value transactions or when balance limits are reached.
Keep your PIN secret
Similarly, it is very important to keep your PIN secret. Your PIN is your first line of defense against someone using your SafeWord card to input or authorize a transaction in your name. Treat your PIN the same as you would your own Banking card PIN and do not store the PIN in a visible location such as the sleeve of the card. Do note that the PIN on your Safeword card can be changed and Citi recommends that users change PINs periodically. Please review the below instructions:
Change your SafeWord PIN as follows (you can cancel the following procedure at any time by pressing Clr):
1. Press ON to turn your SafeWord card on.
2. At the Enter Pin prompt, type your existing PIN.
3. The host? prompt is displayed. Since you are not entering a Challenge, ignore this prompt and continue with the next step.
4. Press Pin to indicate that you want to change your PIN.
Note: Please ensure that you remember the new PIN that you enter in Step 5 below as this PIN will be known only to you. If you forget your new PIN, Citibank cannot reset it. You must contact Citibank to have a new SafeWord card issued to you.
5. At the new Pin prompt, type your new PIN on the keypad. You can change the digits in your PIN but not the length. It must be four digits long. After you type the last digit, your new PIN is stored in the SafeWord card.
Note: The display area on your card may contain the following alpha-numerics:
• 0 is zero not O as in Oscar
• 8 is eight not B as in Bravo
• 5 is five not S as in Sierra
• A is A as in Alpha not R as in Romeo
• l is one not I as in India
6. At the AGAIN prompt, retype your new PIN.
7. At the SUCCESS prompt, you may turn OFF your SafeWord card. You have successfully changed your PIN.
IMPORTANT: Citi will not on an unsolicited basis request users to provide their electronic banking credentials such as PINs, passwords or any other such security information.
Delete former employees
Ensure that when employees leave or transfer to other roles they are deleted from the system and that their Safeword card is deleted. It is important that cards are not reassigned to new users. Also note that users can be scheduled automatically to expire on a future date to ensure cards are not used inappropriately.
Entitlement reviews
Perform regular user and entitlement reviews on the system to ensure access is appropriate and current.
Ensure the CitiDirect User has received both the Safeword Card and PIN prior to enabling* on the system.
Users that are “out of office” for extended periods should be disabled* until returning to the office (e.g. vacations, extended leave, etc.)
*How is this done? Under the user’s profile check the box titled “enable” to enable user; uncheck the enable box to disable the user — make sure you save your changes (also refer to the Security Manager Guide for more information).
Other tips
Intraday reporting can be used to monitor transaction initiation during your business day, AFRD (Automated File and Reports Delivery) can be used to automate the generation and delivery of these reports.
PC Best Practices
Beware of Malware — Malware can be downloaded under various circumstances, such as when visiting a malicious or vulnerable website, viewing an email message or by clicking on a deceptive pop-up window. Malware is malicious software installed on your computer which has a harmful intent that can, among other things, capture your login passwords and other personal data. Examples of malware include software such as spyware, adware and viruses. One way to help protect you from Malware is to exercise caution before installing programs on your computer or opening email attachments. Here are some precautions that are important to take:
- Only install applications and software from well-known companies you trust
- Make sure your computer is cleansed from viruses/spyware and has up-to-date anti-virus and anti-spyware software installed
- Keep your operating system and browser up-to-date with the latest security updates and patches
Install anti-virus, anti-spyware and malware detection software — one way to defend against computer attacks is to utilize preventative software. You will need to update the software regularly to guard against new risks so set the software to update automatically.
Use a pop-up blocker — set your browser preferences to block pop–ups—aside from being annoying, these pop-ups can contain inappropriate content or have malicious intentions
Log Out - Make sure users log out and exit browser or close browser window when finished using CitiDirect
Update - Keep browser and Java plug-in updated to the latest version
Protect - Ensure devices (PCs, Desktops, Laptops, etc.) used to access CitiDirect are password protected
Additionally, you may need to engage your IT department to assist with the PC best practices and perform related risk assessment along with controls evaluation periodically.
Please contact your Citi Representative immediately if you notice suspicious account activity or experience information security-related events.
Client Support Assistance
If you encounter any of the following problems please contact your CitiDirect BE® Customer Support Representative:
- Unable to generate dynamic password.
- Lost your SafewordTM Card
- Forgot your PIN
- Forgot your Login ID
- User locked
- Unable to login
Mobile App Login with CitiDirect BE® Biometrics Authentication
CitiDirect BE® biometrics authentication lets you use the built-in fingerprint or facial recognition technology on your mobile device to log in to CitiDirect BE®.
Biometrics Authentication is a digital authentication method that utilizes your unique physical traits and the built-in biometric technology on your mobile device. Physical trait data is not transferred to Citi when this authentication method is used.
First-time setup
- Download & launch the CitiDirect BE App on your smartphone
- Review and accept the Terms & Conditions (if you haven’t already done so)
- Enter your User ID and Password
- Select your authentication method and complete the login steps
- Challenge (generate dynamic passcode using MobilePASS or SafeWord card)
- SMS One-Time Password
- Voice One-Time Password
- When prompted to allow biometrics, tap OK. If you are not prompted, you can check the “Enable biometrics” option in the Settings menu of the app.
- Now you’re ready to indicate which biometrics authentication method you would like to use.
- Select either fingerprint or facial recognition depending on the configuration of your mobile device.
After First-Time Setup
- Launch the CitiDirect BE app.
- If your device is configured for Fingerprint, press your finger on your mobile phone's sensor/home key.
- If your device is configured for Facial Recognition, hold your face up to the phone
- When using biometric authentication, you will not need to input your User ID or password.
Biometrics Authentication Tips:
- Your organization’s Security Manager must first enable biometrics authentication in the Client Preferences on CitiDirect BE
- Set up the built-in fingerprint or facial recognition technology on your mobile device
- If you change your biometrics authentication setting on your phone’s settings, you must go through the first-time setup again as prompted on the screen
- You can enable or disable the built-in fingerprint and/or facial recognition technology in the settings on your mobile device. Separately, you can enable or disable Biometrics Authentication in the settings for use with the CitiDirect BE App
- After 6 unsuccessful attempts to log in to CitiDirect BE using biometrics authentication, you must enter UserID/Password plus a secondary authentication method (Challenge or SMS One-Time Password or Voice One-Time Password).
- If you have forgotten your password, reset it by clicking on “Forgot Password?” on the CitiDirect BE website
- If you don’t have a password, ask your organization’s Security Manager to add a Secure Password credential to your CitiDirect BE user profile.
Redesigned Login
CitiDirect supports a number of secure login credentials to ensure that your information is safe and accessible only to authorized users. We have redesigned the login flow so that, instead of having to select your login method, you will be guided through the flow based on the credentials we know you have. Currently CitiDirect supports the following methods:
Challenge/Response (Host 9): Log in using a Host 9 code from your SafeWord card, MobilePASS app, or VASCO token.
Multi-Factor Authentication (MFA) (Host 9): Log in using a static password and a Host 9 code from your SafeWord card, MobilePASS app, or VASCO token
Biometric: Log in using the biometric-enabled CitiDirect BE Mobile app.
Secure Password: Log in using a static password.
Voice/SMS One Time Password (OTP): Log in using a static password and a one time code sent via SMS or voice to your phone.
Host 2: Log in using a Host 2 code from your SafeWord card, VASCO token, or MobilePASS app.
Digital Certificate: Log in using a valid certificate installed on your Citi-authorized Smartcard or USB Token.
If you are unsure about which login credentials you have, you can use the following table to guide you based on the screen you see after you enter your User ID:
If, for any reason, you are unable to log in using the new screens, you can log in via the old login page
Challenge/Response (Host 9) Login
This method requires a User ID and one of the following tokens: SafeWord card, VASCO token, or MobilePASS app.
To log in, please use the following steps:
- Enter your user ID in the User ID field
- Click the CONTINUE button
- An 8-digit Challenge number will display
- Activate your token / app
- At the ENTER PIN prompt, enter your 4-digit PIN
- [If prompted for a HOST?, enter the number 9]
- At the CHALLENGE? prompt, enter the 8-digit Challenge number that appears on your CitiDirect BE login screen
- An 8-character Response code will be displayed on the token / app
- Enter the 8-digit Response code in the Enter Response field
- Click the SIGN IN button
Go back to the Top
Multi-Factor Authentication (MFA) (Host 9) Login
This method requires a User ID, a static password, and one of the following tokens: SafeWord card, VASCO token, or MobilePASS app.
To log in, please use the following steps:
- Enter your user ID in the User ID field
- Click the CONTINUE button
- Enter your password in the Password field
- Click the CONTINUE button
- An 8-digit Challenge number will display
- Activate your token / app
- At the ENTER PIN prompt, enter your 4-digit PIN
- [If prompted for a HOST?, enter the number 9]
- At the CHALLENGE? prompt, enter the 8-digit Challenge number that appears on your CitiDirect BE login screen
- An 8-character Response code will be displayed on the token / app
- Enter the 8-digit Response code in the Enter Response field
- Click the SIGN IN button
Go back to the Top
Biometrics Login using the Mobile App
This method requires a User ID and the CitiDirect BE mobile app with biometrics for desktop login enabled.
To log in, please use the following steps:
- On the desktop login page, enter your user ID in the User ID field
- Click the Sign In Using Mobile App button
- A 4-digit Confirmation Code will be displayed
- On your mobile device, you will receive a push notification
- Tap the notification to open the CitiDirect mobile app
- Verify the 4-digit Confirmation Code displayed on the mobile app matches the code displayed on the desktop login page
- On your mobile device, press the Allow button
- On your mobile device, sign in using your fingerprint or face
- The CitiDirect BE dashboard will load
Please note: The CitiDirect BE mobile app and biometric authentication are available in the following markets:
North America |
Latin America |
Europe, Middle East, & Africa |
Asia Pacific |
Canada |
Argentina |
Austria |
Australia |
United States |
Bahamas |
Bahrain |
Bangladesh |
|
Barbados |
Belgium |
China |
|
Brazil |
Bulgaria |
Hong Kong SAR |
|
Colombia |
Cameroon |
India |
|
Costa Rica |
Congo (DRC) |
Indonesia |
|
Dominican Republic |
Channel Islands |
Japan |
|
Ecuador |
Czech Republic |
Malaysia |
|
El Salvador |
Denmark |
New Zealand |
|
Guatemala |
Finland |
Philippines |
|
Haiti |
France |
Singapore |
|
Honduras |
Germany |
Thailand |
|
Jamaica |
Greece |
Vietnam |
|
Nicaragua |
Hungary |
|
|
Paraguay |
Ireland |
|
|
Peru |
Israel |
|
|
Puerto Rico |
Italy |
|
|
Trinidad and Tobago |
Ivory Coast |
|
|
Uruguay |
Jordan |
|
|
Venezuela |
Kazakhstan |
|
|
|
Kenya |
|
|
|
Kuwait |
|
|
|
Lebanon |
|
|
|
Luxembourg |
|
|
|
Morocco |
|
|
|
Netherlands |
|
|
|
Nigeria |
|
|
|
Norway |
|
|
|
Portugal |
|
|
|
Romania |
|
|
|
Senegal |
|
|
|
Slovakia |
|
|
|
South Africa |
|
|
|
Spain |
|
|
|
Sweden |
|
|
|
Switzerland |
|
|
|
Tanzania |
|
|
|
Tunisia |
|
|
|
Uganda |
|
|
|
United Arab Emirates |
|
|
|
United Kingdom |
|
|
|
Zambia |
|
Go back to the Top
Secure Password Login
This method requires a User ID and static password.
To log in, please use the following steps:
- Enter your user ID in the User ID field
- Click the CONTINUE button
- Enter your password in the Password field
- Click the SIGN IN button
Go back to the Top
Voice/SMS One Time Password (OTP)
Voice and/or SMS OTP can be used as an alternative mechanism for users who typically log in using either a Challenge/Response or Multi-factor Authentication (MFA) flow. It requires a User ID, a static password, and either a registered mobile phone (SMS) or registered desk phone (Voice).
If you want to use Voice OTP as an alternative to Challenge/Response, please follow these steps:
- Enter your user ID in the User ID field
- Click the CONTINUE button
- Click the Dont have a token? link
- Enter your password in the Password field
- Click the CONTINUE button
- [If you are enabled for both Voice OTP and SMS OTP, click the Call me link]
- You will receive an automated call on your phone that will give you an 8-digit one time code
- Enter the 8-digit code from your phone in the Enter One Time Code field
- Click the SIGN IN button
- Enter the answer to the security question in the Answer field
If you want to use SMS OTP as an alternative to Challenge/Response, please follow these steps:
- Enter your user ID in the User ID field
- Click the CONTINUE button
- Click the Dont have a token? link
- Enter your password in the Password field
- Click the CONTINUE button
- [If you are enabled for both Voice OTP and SMS OTP, click the Send SMS link]
- You will receive a text message on your mobile phone with an 8-digit one time code
- Enter the 8-digit code from your mobile phone in the Enter One Time Code field
- Click the SIGN IN button
If you want to use Voice OTP as an alternative to Multi-Factor Authentication, please follow these steps:
- Enter your user ID in the User ID field
- Click the CONTINUE button
- Enter your password in the Password field
- Click the CONTINUE button
- Click the Dont have a token? link
- [If you are enabled for both Voice OTP and SMS OTP, click the Call me link]
- You will receive an automated call on your phone that will give you an 8-digit one time code
- Enter the 8-digit code from your phone in the Enter One Time Code field
- Click the SIGN IN button
- Enter the answer to the security question in the Answer field
If you want to use SMS OTP as an alternative to Multi-Factor Authentication, please follow these steps:
- Enter your user ID in the User ID field
- Click the CONTINUE button
- Enter your password in the Password field
- Click the CONTINUE button
- Click the Dont have a token? link
- [If you are enabled for both Voice OTP and SMS OTP, click the Send SMS link]
- You will receive a text message on your mobile phone with an 8-digit one time code
- Enter the 8-digit code from your mobile phone in the Enter One Time Code field
- Click the SIGN IN button
Go back to the Top
Host 2 Login
This method requires a User ID and one of the following tokens: SafeWord card, VASCO token, or MobilePASS app.
To log in, please use the following steps:
- Enter your user ID in the User ID field
- Click the CONTINUE button
- Activate your token / app
- At the ENTER PIN prompt, enter your 4-digit PIN
- [If prompted for a HOST?, enter the number 2]
- A 6-character Response code will be displayed on the token / app
- Enter the 6-character Response code in the Enter Host2 Response field
- Click the SIGN IN button
Go back to the Top
Digital Certificate
Digital Certificate Users have a dedicated URL for logging in because they do not require a User ID:
https://www.citidirect.com/login/digitalcertificate
This method requires a USB token or smart card with the appropriate software installed. Contact your Citi Service Representative if you need help installing configuring the token.
To use a digital certificate to log in, please use the following steps:
- Click the CONTINUE button
- Select your digital certificate from the list
- Click the OK button
- Enter you digital certificate PIN in the PIN field
- Click the OK button
- [If you are prompted to run the Java application, click the Run button]
- Enter the password for the digital certificate token in the Token Password field
- Click the SUBMIT button
Go back to the Top
If, for any reason, you are unable to log in using the new screens, you can log in via the old login page
Go back to the Top