Login Requirement
The CitiDirect BE® employs secure login processes to ensure that data is safe and accessible only to authorized users.
In order to login to CitiDirect BE® your Login ID is needed along with a Secure Password and/or a SafewordTM Card that generates dynamic passwords, or a Digital Certificate.
You will need to choose one of the login methods below :
 |
Challenge Response – Host 9: A SafewordTM card and Personal Identification Number (PIN) are required to login using Host 9. (Most CitiDirect clients use this login method)
Multi-factor– Host 9 & Login ID: A SafewordTM card with Personal Identification Number (PIN), along with a password are required to login using Host 9.
(*Primarily Singapore Clients and clients with Singapore accounts)
SafewordTM Card - Host 2: A SafewordTM card and Personal Identification Number (PIN) are required to login using Host 2.
Secure Password: A Login ID and password are required to login.
Digital Certificate: You can login with a digital certificate only after you have downloaded a valid portal logon certificate into your Citi authorized Smartcard / USB Token. |
System Requirements
While you can use any browser to access CitiDirect, we recommend you use a modern one that has the latest security patches applied.
Please note: some content on the site can be downloaded in PDF or Excel* format, which require an appropriate application to view.
* Excel is a registered trademark of Microsoft Corporation
Browser Security Settings
Users need to ensure their browser security settings are set correctly so CitiDirect BE® services run properly.
These settings can be found and set in your browser as follows:
Internet Explorer browser versions –from the Internet Explorer Browser window, go to the "Tools" menu, select "Internet Options", then select the "Security" tab.
Listed below are the Security Settings that must be enabled.
- Enable - initialize and script ActiveX controls not marked as safe
- Enable - Run ActiveX controls and plug-ins
- Enable - Active Scripting
- Enable – Allow Programmatic clipboard access
If you have an Internet Zone set below "High", these security settings will be set properly for CitiDirect BE®.
If you have an Internet Zone set as "High", these security settings will need to be enabled under "Custom Settings"
Firefox browser versions – from Firefox Browser "Tools" menu go to Options and select the "Content" tab, ensure the setting "Enable JavaScript" is checked.
All other security settings are enabled by default in Firefox and do not require any user actions.
Login with Challenge Response (Host 9)
A SafewordTM card and Personal Identification Number (PIN) are required to login via challenge response.
- Select Challenge Response as your Login Method
- If your Login ID does not appear in the Login ID field, click the dropdown and select "A different user", then type your Login ID in the Login ID field.
- Your Login ID can be located on the back of the SafeWord card as displayed below
- If your Login ID appears already in the Login ID field, go to the step below (Note: Your Login ID is auto populated in the Login ID field if you previously selected "Remember Me" during your previous login).
- Click Continue, a challenge will be presented.
- Press ON to activate your SafewordTM card.
- At the ENTR PIN prompt, enter your 4-digit PIN
- At the HOST? prompt, enter the number "9." (*Note - CitiDirect BE® does not include the Host "9" in the challenge and response as legacy CitiDirect)
- At the CHALLNG? prompt, enter the Challenge that appears in the Challenge field of the Challenge/Response window on your CitiDirect BE® login screen.
- In the Response field on your computer screen, enter the response displayed on the Safe Word card.
- Click Login. CitiDirect BE® will open.
SafewordTM Card Tips:
Using a SafewordTM Card to generate a dynamic password
When you received your SafewordTM card, you also received a unique PIN with your host number. You will need that information to generate a dynamic password that is required to login.
Please follow these steps:
- Press ON to activate your SafewordTM Card
- At the prompt, enter your unique PIN
- Now enter your host number
- A password is generated - key in this password in the password field on the CitiDirect BE® login screen.
Please note that for some users the displayed dynamic password will contain a hyphen (-). The hyphen should not be entered as part of the password.
New SafewordTM card Issuance:
Citigroup SafewordTM Administrators will issue new card and PIN mailer for the users created on CitiDirect BE® within a period of 10 US business days after receipt of "Important User Information" email notification.
Existing SafewordTM card Enablement:
Citigroup SafewordTM Administrators will enable access to existing SafewordTM card for the users created on CitiDirect BE® within a period of 3 US business days after receipt of "Important User Information" email notification. If you have not received your SafewordTM card and PIN mailer or you encounter any problems accessing CitiDirect BE®, please contact your Implementer or Customer Support Representative.
Login with Multi-factor Authentication (Host 9)
A SafewordTM card with Personal Identification Number (PIN), along with a Login ID and password are required to login with Multi-factor authentication (MFA).
Please use these steps to login:
- Select Multi-factor as your Login Method.
- If your Login ID does not appear in the Login ID field, click the dropdown and select "A different user", then type your Login ID in the Login ID field.
- For most users, the Login ID is located on the back of the SafeWord card as displayed below
- Enter your Login ID in the space provided. Select "Remember Me" if you would like this information stored on your computer.
- If your Login ID appears already in the Login ID field, go to the step below (Note: Your Login ID is auto populated in the Login ID field if you previously selected "Remember Me" during your previous login).
- Click Continue, a challenge will be presented.
- Press ON to activate your SafewordTM card.
- At the ENTR PIN prompt, enter your 4-digit PIN
- At the HOST? prompt, enter the number "9."
- Enter the Challenge into the SafeWord card to obtain the response
- Enter the dynamically generated password in the appropriate spaces provided.
- Click Continue
- Enter your Secure Password in the appropriate space provided.
- Click Login to access CitiDirect BE®.
SafewordTM Card Tips:
Using a SafewordTM Card to generate a dynamic password
When you received your SafewordTM card, you also received a unique PIN with your host number. You will need that information to generate a dynamic password that is required to login.
Please follow these steps:
- Press ON to activate your SafewordTM Card
- At the prompt, enter your unique PIN
- Now enter your host number
- A password is generated - key in this password in the password field on the CitiDirect BE® login screen.
Please note that for some users the displayed dynamic password will contain a hyphen (-). The hyphen should not be entered as part of the password.
New SafewordTM card Issuance:
Citigroup SafewordTM Administrators will issue new card and PIN mailer for the users created on CitiDirect BE® within a period of 10 US business days after receipt of "Important User Information" email notification.
Existing SafewordTM card Enablement:
Citigroup SafewordTM Administrators will enable access to existing SafewordTM card for the users created on CitiDirect BE® within a period of 3 US business days after receipt of "Important User Information" email notification. If you have not received your SafewordTM card and PIN mailer or you encounter any problems accessing CitiDirect BE®, please contact your Implementer or Customer Support Representative.
Secure Password tools:
Forgotten Secure Password - If you have forgotten your password click here
You will receive a temporary Secure password via e-mail.
Change Secure Password - If you know your password and want to change it click here
Secure Password Policies:
Expiration
- A warning will appear the last five days before a password expires
- Once the password expires, the user will be forced to change their password before continuing.
- Password expires if not changed within 180 days.
Locking
- Access to CitiDirect BE® will be disabled after 6 successive incorrect passwords.
Password rules
- The minimum password length is 8 characters.
- The maximum password length is 15 characters.
- The maximum repeating character length is 2.
- Password should have at least 1 alphabet and 1 number.
- Password must contain at least 1 uppercase and 1 lowercase character
Restrictions
- The minimum number of days before a password can be reused is 90.
- The minimum number of passwords before reuse is 6.
Login with a SafewordTM Card - Host 2
A SafewordTM card and Personal Identification Number (PIN) are required to login using Host 2.
- Select SafewordTM as your Login Method.
- If your Login ID does not appear in the Login ID field, click the dropdown and select "A different user", then type your Login ID in the Login ID field.
- If your Login ID appears already in the Login ID field, go to the step below (Note: Your Login ID is auto populated in the Login ID field if you previously selected "Remember Me" during your previous login).
- Press ON to activate your SafewordTM card.
- At the ENTR PIN prompt, enter your 4-digit PIN
- At the HOST? prompt, enter the number "2."
- Enter your Login ID and the generated dynamic password in the appropriate space provided.
- Click Login
SafewordTM Card Tips:
Using a SafewordTM Card to generate a dynamic password
When you received your SafewordTM card, you also received a unique PIN with your host number. You will need that information to generate a dynamic password that is required to login.
Please follow these steps:
- Press ON to activate your SafewordTM Card
- At the prompt, enter your unique PIN
- Now enter your host number
- A password is generated - key in this password in the password field on the CitiDirect BE® login screen.
Please note that for some users the displayed dynamic password will contain a hyphen (-). The hyphen should not be entered as part of the password.
New SafewordTM card Issuance:
Citigroup SafewordTM Administrators will issue new card and PIN mailer for the users created on CitiDirect BE® within a period of 10 US business days after receipt of "Important User Information" email notification.
Existing SafewordTM card Enablement:
Citigroup SafewordTM Administrators will enable access to existing SafewordTM card for the users created on CitiDirect BE® within a period of 3 US business days after receipt of "Important User Information" email notification. If you have not received your SafewordTM card and PIN mailer or you encounter any problems accessing CitiDirect BE®, please contact your Implementer or Customer Support Representative.
Login with Secure Password
A Login ID and password are required to login via Secure Password.
After you have received your Login ID and Password from the "Important User Information" email notification, please follow these steps to login:
- Select Secure Password as your Login Method.
- If your Login ID does not appear in the Login ID field, click the dropdown and select "A different user", then type your Login ID in the Login ID field.
- If your Login ID appears already in the Login ID field, go to the step below (Note: Your Login ID is auto populated in the Login ID field if you previously selected "Remember me" during your previous login).
- Enter your Secure Password in the appropriate space provided.
- Click Login
Secure Password tools:
Forgotten Secure Password - If you have forgotten your password click here
You will receive a temporary Secure password via e-mail.
Change Secure Password - If you know your password and want to change it click here
Secure Password Best Practice:
Periodically changing your password (e.g. every 90 days) is recommended for stronger security
Secure Password Policies:
Expiration
- A warning will appear the last five days before a password expires
- Once the password expires, the user will be forced to change their password before continuing.
- Password expires if not changed within 180 days.
Locking
- Access to CitiDirect BE® will be disabled after 6 successive incorrect passwords.
Password rules
- The minimum password length is 8 characters.
- The maximum password length is 15 characters.
- The maximum repeating character length is 2.
- The maximum sequential character length is 3.
- Password should have at least 1 alphabet and 1 number.
- Password must contain at least 1 uppercase and 1 lowercase character
- Password must not contain bank names such as ‘Citi’ , ‘Citigroup’, ‘Citibank’, ‘Citibanamex’, ‘Banamex’
Restrictions
- The minimum number of days before a password can be reused is 90.
- The minimum number of passwords before reuse is 6.
Login with a Digital Certificate
You can logon with a digital certificate only after you have downloaded a valid portal logon certificate into your Citi authorized Smartcard / USB Token. If you do not know which certificate is your logon certificate, contact your Customer Support Representative.
- Select digital certificate as your authentication mode
- You will be prompted with a window displaying a list of digital certificates on your device
- Select the appropriate logon certificate and click OK
Note: To verify that you are using the correct certificate click on view certificate details. The details tab of the dialog box will contain the certificate serial number
- The certificate will be verified and you will be prompted with a window to enter your PIN
- Enter PIN and click OK
Security Best Practices on CitiDirect®
At Citi, security for our clients is our utmost concern. As hackers and others, such as organized criminals, continue to try to get unauthorized access to funds, we would like to highlight some typologies and best practices for you to consider in helping to make sure your organization remains secure.
Types of fraud and cyber-attacks:
Business Email Compromise and Payment Redirection
In this scenario, a fraudster e-mails a company's finance team, impersonating a supplier, creditor, or an executive. The e-mail might appear to be from senior management, requesting a payment be made, or from a supplier, requesting that payments go to a new account. Fraudsters will use a hacked or look-alike email that closely matches a known address to ensure this type of fraud is difficult to detect.
How to help keep your business safe:
- Make sure your employees are aware of this type of fraud.
- Implement an internal two-step payments verification process that includes a non-e-mail check with the requester.
- Phone the requester using a verified phone number to follow up an e-mail request.
- DO NOT reply directly to the initial e-mail.
- DO NOT rely on emails as these can be intercepted.
- Be on guard for payment requests that are unexpected or irregular, whatever the amount involved. If in doubt, don't make the payment.
Phishing, Smishing, and Vishing
Fraudsters use the following techniques, commonly referred to as “Social Engineering”, to obtain information:
Phishing: Emails that lure potential victims to click on malicious links, or open malicious attachments which can serve as the delivery platform for malware such as a Ransomware attack.
Vishing (telephone scams): A form of fraud using social engineering to impersonate trusted officials over the phone or via text message. One example of vishing is criminals impersonating bank staff by phone and requesting the victim’s online banking login details and passcodes to address a fictional ‘security or fraud incident’. The details provided by the victim are used to execute fraudulent payments.
Smishing (SMS text scams): Text messages may claim that your bank suspects there has been fraudulent activity on your account, you may have won a prize or even have issues with the local authorities.
Best practices to help your organization stay safe from social engineering:
- Do not disclose personal information to anyone that you do not know or recognize.
- Try to stay calm; fraudsters intentionally create stressful, or time-sensitive, situations to pressure their victims into making a mistake.
- Never click on links in text messages or e-mails, or open or download attachments, unless you are sure they are safe.
- Be careful about the information you share on social media as this can provide fraudsters with useful information to manipulate you or your employees.
- If something does not feel right, terminate the call, and contact your Citi Representative. Do not use any telephone numbers provided by the suspicious caller.
Malware
Malware can be downloaded under various circumstances, such as when visiting a malicious or vulnerable website, viewing an email message or by clicking on a deceptive pop-up window. Malware is malicious software installed on your computer which has a harmful intent that can, among other things, capture your login passwords and other personal data. Examples of malware include software such as spyware, adware, and viruses. One way to help protect your organization from Malware is to exercise caution before installing programs on your computer or opening email attachments.
Here are some precautions that are important to take:
- Only install applications and software from well-known companies you trust.
- Make sure your computer is cleansed from viruses/spyware and has up-to-date anti-virus and anti-spyware software installed.
- Keep your operating system and browser up to date with the latest security updates and patches.
- Install anti-virus, anti-spyware and malware detection software — You will need to update the software regularly to guard against new risks so set the software to update automatically.
- Use a pop-up blocker — set your browser preferences to block pop-ups (aside from being annoying, these pop-ups can contain inappropriate content or have malicious intentions).
- Log out - Make sure users log out and close the browser window when finished using CitiDirect.
- Keep your PCs, servers, and associated hardware up to date, installing the latest security patches as they become available.
- Ensure devices (PCs, Desktops, Laptops, etc.) used to access CitiDirect are password protected.
Additionally, you should engage your organization’s IT department to assist with the PC best practices and perform related risk assessment along with controls evaluation periodically.
Please contact your Citi Representative immediately if you notice suspicious account activity or experience information security-related events.
CitiDirect® Best Practices
To help maintain a high level of security, please ensure that you regularly review your controls and follow the below best practices:
- Use anti-virus and other detection tools.
- Keep your systems up to date.
- Never share or write down the passcodes.
- When creating the passcodes, use random numbers and unique patterns that you can remember.
- Use mobile token & biometrics authentication if available.
- Enable multiple approval levels (CitiDirect® supports up to nine levels of approval).
- Segregate duties and increase approval levels for sensitive, high risk or high value transactions.
- Leverage the CitiDirect® payment template functionality to help ensure you are only paying known or pre-approved beneficiaries.
- Validate instructions for any counterparty updates.
- Implement robust controls around the beneficiary bank account details changes. Such attempts, if successful, would result in your money ending up in the wrong hands.
- Monitor and review exception items daily.
- Use the CitiDirect® mobile app to approve payments and monitor your intraday balances when travelling.
For assistance with implementing the above best practices, please utilize the Client Service Academy training or contact your Citi service representative.
Physical Token Users (SafeWord card or VASCO token)
Never share your physical token
Physical tokens should never be shared. Sharing a physical token increases the risk of fraud. Because you have agreed to keep your physical token secure, any transaction that utilizes that token will be attributable to you.
Keep your PIN secret
Similarly, it is very important to keep your PIN secret. Your PIN is your first line of defense against someone using your physical token to input or authorize a transaction in your name. Treat your PIN the same as you would your own Banking card PIN and do not store the PIN in a visible location such as the sleeve of the card. Never write down the PIN.
The PIN on your physical token can be changed and Citi recommends that users change PINs periodically.
Note: Please ensure that you remember the new PIN that you enter in Step 4 below as this PIN will be known only to you. If you forget your new PIN Citi cannot reset it; the physical token will be unusable and you will need to contact Citi to have a new token issued to you.
To change your SafeWord card PIN:
(Press [Clr] at any time in the process to cancel)
- Press
[ON] to turn your SafeWord card on.
- At the
ENTR PIN prompt, type your existing PIN.
- At the
HOST? prompt, press [Pin] to indicate that you want to change your PIN.
- At the
NEW PIN prompt, type your new four-digit PIN on the keypad. After you type the fourth digit, your new PIN will be stored in the SafeWord card.
- At the
AGAIN prompt, retype your new PIN.
- The SafeWord card will display
SUCCESS to indicate that you have successfully changed your PIN.
To change your VASCO token PIN:
- Turn on your VASCO token by pressing
[F2] for 2 seconds
- At the
SELECT prompt, press [8] to change the PIN
- At the
______ PIN prompt, enter your existing six-digit PIN, then press [F2]
- At the
New PIN 1 prompt, enter you new six-digit PIN, then press [F2]
- At the
PIN CONF 2 prompt, retype your new PIN and press [F2]
- The VASCO token will display
NEW PIN CONF to indicate the you have successfully changed your PIN. Press [F2]
IMPORTANT: Citi will not on an unsolicited basis request users to provide their electronic banking credentials such as PINs, passwords or any other such security information.
CitiDirect Mobile App Users
Keep your device secure
Make sure to keep your operating system and CitiDirect mobile app up-to-date. Ensure that your device is protected with a strong password/PIN/pattern and enable biometrics where available.
Biometric login
Where available, enable biometrics on the CitiDirect Mobile App. When you log in with biometrics to CitiDirect on your computer, you will see a code on the computer screen and on your device. Ensure these codes match before you authenticate.
User Management
Delete former employees' user accounts
Ensure that when employees leave or transfer to other roles their user accounts are deleted from the system and that their credentials are revoked. It is important that physical tokens are not reassigned to new users. Also note that users' access can be scheduled automatically to expire on a future date to ensure credentials are not used inappropriately.
Entitlement reviews
Perform regular user entitlement reviews on the system to ensure access is appropriate and current. Ensure the CitiDirect user has received their credentials prior to enabling* on the system. Users who are “out of office” for extended periods (e.g. vacations, extended leave, etc.) should be disabled* until they return to the office.
* Security Managers can enable or disable a user by checking or unchecking the “Enable” check box on the user's profile. Refer to the Security Manager Guide for more information.
This information and materials linked herein are provided for educational and illustrative purposes only and not as a solicitation by Citi for any particular product or service. Citi reminds you that Citi's clients are responsible for their organizations' cybersecurity and all matters relating thereto. This information and materials linked herein should not be viewed as any intention or commitment from Citi to replace your organization's cybersecurity-related responsibilities. Furthermore, although the information contained herein is believed to be reliable, the information does not constitute legal advice and Citi makes no representation or warranty as to the accuracy or completeness of any information contained herein or otherwise provided by it.
Client Support Assistance
If you encounter any of the following problems please contact your CitiDirect BE® Customer Support Representative:
- Unable to generate dynamic password.
- Lost your SafewordTM Card
- Forgot your PIN
- Forgot your Login ID
- User locked
- Unable to login
Mobile App Login with CitiDirect BE® Biometrics Authentication
CitiDirect BE® biometrics authentication lets you use the built-in fingerprint or facial recognition technology on your mobile device to log in to CitiDirect BE®.
Biometrics Authentication is a digital authentication method that utilizes your unique physical traits and the built-in biometric technology on your mobile device. Physical trait data is not transferred to Citi when this authentication method is used.
First-time setup
- Download & launch the CitiDirect BE App on your smartphone
- Review and accept the Terms & Conditions (if you haven’t already done so)
- Enter your User ID and Password
- Select your authentication method and complete the login steps
- Challenge (generate dynamic passcode using MobilePASS or SafeWord card)
- SMS One-Time Password
- Voice One-Time Password
- When prompted to allow biometrics, tap OK. If you are not prompted, you can check the “Enable biometrics” option in the Settings menu of the app.
- Now you’re ready to indicate which biometrics authentication method you would like to use.
- Select either fingerprint or facial recognition depending on the configuration of your mobile device.
After First-Time Setup
- Launch the CitiDirect BE app.
- If your device is configured for Fingerprint, press your finger on your mobile phone's sensor/home key.
- If your device is configured for Facial Recognition, hold your face up to the phone
- When using biometric authentication, you will not need to input your User ID or password.
Biometrics Authentication Tips:
- Your organization’s Security Manager must first enable biometrics authentication in the Client Preferences on CitiDirect BE
- Set up the built-in fingerprint or facial recognition technology on your mobile device
- If you change your biometrics authentication setting on your phone’s settings, you must go through the first-time setup again as prompted on the screen
- You can enable or disable the built-in fingerprint and/or facial recognition technology in the settings on your mobile device. Separately, you can enable or disable Biometrics Authentication in the settings for use with the CitiDirect BE App
- After 6 unsuccessful attempts to log in to CitiDirect BE using biometrics authentication, you must enter UserID/Password plus a secondary authentication method (Challenge or SMS One-Time Password or Voice One-Time Password).
- If you have forgotten your password, reset it by clicking on “Forgot Password?” on the CitiDirect BE website
- If you don’t have a password, ask your organization’s Security Manager to add a Secure Password credential to your CitiDirect BE user profile.
Redesigned Login
CitiDirect supports a number of secure login credentials to ensure that your information is safe and accessible only to authorized users. We have redesigned the login flow so that, instead of having to select your login method, you will be guided through the flow based on the credentials we know you have. Currently CitiDirect supports the following methods:
Challenge/Response (Host 9): Log in using a Host 9 code from your SafeWord card, MobilePASS app, or VASCO token.
Multi-Factor Authentication (MFA) (Host 9): Log in using a static password and a Host 9 code from your SafeWord card, MobilePASS app, or VASCO token
Biometric: Log in using the biometric-enabled CitiDirect BE Mobile app.
Secure Password: Log in using a static password.
Voice/SMS One Time Password (OTP): Log in using a static password and a one time code sent via SMS or voice to your phone.
Host 2: Log in using a Host 2 code from your SafeWord card, VASCO token, or MobilePASS app.
Digital Certificate: Log in using a valid certificate installed on your Citi-authorized Smartcard or USB Token.
If you are unsure about which login credentials you have, you can use the following table to guide you based on the screen you see after you enter your User ID:
If, for any reason, you are unable to log in using the new screens, you can log in via the old login page
Challenge/Response (Host 9) Login
This method requires a User ID and one of the following tokens: SafeWord card, VASCO token, or MobilePASS app.
To log in, please use the following steps:
- Enter your user ID in the User ID field
- Click the CONTINUE button
- An 8-digit Challenge number will display
- Activate your token / app
- At the ENTER PIN prompt, enter your 4-digit PIN
- [If prompted for a HOST?, enter the number 9]
- At the CHALLENGE? prompt, enter the 8-digit Challenge number that appears on your CitiDirect BE login screen
- An 8-character Response code will be displayed on the token / app
- Enter the 8-digit Response code in the Enter Response field
- Click the SIGN IN button
Go back to the Top
Multi-Factor Authentication (MFA) (Host 9) Login
This method requires a User ID, a static password, and one of the following tokens: SafeWord card, VASCO token, or MobilePASS app.
To log in, please use the following steps:
- Enter your user ID in the User ID field
- Click the CONTINUE button
- Enter your password in the Password field
- Click the CONTINUE button
- An 8-digit Challenge number will display
- Activate your token / app
- At the ENTER PIN prompt, enter your 4-digit PIN
- [If prompted for a HOST?, enter the number 9]
- At the CHALLENGE? prompt, enter the 8-digit Challenge number that appears on your CitiDirect BE login screen
- An 8-character Response code will be displayed on the token / app
- Enter the 8-digit Response code in the Enter Response field
- Click the SIGN IN button
Go back to the Top
Biometrics Login using the Mobile App
This method requires a User ID and the CitiDirect BE mobile app with biometrics for desktop login enabled.
To log in, please use the following steps:
- On the desktop login page, enter your user ID in the User ID field
- Click the Sign In Using Mobile App button
- A 4-digit Confirmation Code will be displayed
- On your mobile device, you will receive a push notification
- Tap the notification to open the CitiDirect mobile app
- Verify the 4-digit Confirmation Code displayed on the mobile app matches the code displayed on the desktop login page
- On your mobile device, press the Allow button
- On your mobile device, sign in using your fingerprint or face
- The CitiDirect BE dashboard will load
Please note: The CitiDirect BE mobile app and biometric authentication are available in the following markets:
| North America |
Latin America |
Europe, Middle East, & Africa |
Asia Pacific |
| Canada |
Argentina |
Austria |
Australia |
| United States |
Bahamas |
Bahrain |
Bangladesh |
| |
Barbados |
Belgium |
China |
| |
Brazil |
Bulgaria |
Hong Kong SAR |
| |
Colombia |
Cameroon |
India |
| |
Costa Rica |
Congo (DRC) |
Indonesia |
| |
Dominican Republic |
Channel Islands |
Japan |
| |
Ecuador |
Czech Republic |
Malaysia |
| |
El Salvador |
Denmark |
New Zealand |
| |
Guatemala |
Finland |
Philippines |
| |
Haiti |
France |
Singapore |
| |
Honduras |
Germany |
Thailand |
| |
Jamaica |
Greece |
Vietnam |
| |
Nicaragua |
Hungary |
|
| |
Paraguay |
Ireland |
|
| |
Peru |
Israel |
|
| |
Puerto Rico |
Italy |
|
| |
Trinidad and Tobago |
Ivory Coast |
|
| |
Uruguay |
Jordan |
|
| |
Venezuela |
Kazakhstan |
|
| |
|
Kenya |
|
| |
|
Kuwait |
|
| |
|
Lebanon |
|
| |
|
Luxembourg |
|
| |
|
Morocco |
|
| |
|
Netherlands |
|
| |
|
Nigeria |
|
| |
|
Norway |
|
| |
|
Portugal |
|
| |
|
Romania |
|
| |
|
Senegal |
|
| |
|
Slovakia |
|
| |
|
South Africa |
|
| |
|
Spain |
|
| |
|
Sweden |
|
| |
|
Switzerland |
|
| |
|
Tanzania |
|
| |
|
Tunisia |
|
| |
|
Uganda |
|
| |
|
United Arab Emirates |
|
| |
|
United Kingdom |
|
| |
|
Zambia |
|
Go back to the Top
Secure Password Login
This method requires a User ID and static password.
To log in, please use the following steps:
- Enter your user ID in the User ID field
- Click the CONTINUE button
- Enter your password in the Password field
- Click the SIGN IN button
Go back to the Top
Voice/SMS One Time Password (OTP)
Voice and/or SMS OTP can be used as an alternative mechanism for users who typically log in using either a Challenge/Response or Multi-factor Authentication (MFA) flow. It requires a User ID, a static password, and either a registered mobile phone (SMS) or registered desk phone (Voice).
If you want to use Voice OTP as an alternative to Challenge/Response, please follow these steps:
- Enter your user ID in the User ID field
- Click the CONTINUE button
- Click the Dont have a token? link
- Enter your password in the Password field
- Click the CONTINUE button
- [If you are enabled for both Voice OTP and SMS OTP, click the Call me link]
- You will receive an automated call on your phone that will give you an 8-digit one time code
- Enter the 8-digit code from your phone in the Enter One Time Code field
- Click the SIGN IN button
- Enter the answer to the security question in the Answer field
If you want to use SMS OTP as an alternative to Challenge/Response, please follow these steps:
- Enter your user ID in the User ID field
- Click the CONTINUE button
- Click the Dont have a token? link
- Enter your password in the Password field
- Click the CONTINUE button
- [If you are enabled for both Voice OTP and SMS OTP, click the Send SMS link]
- You will receive a text message on your mobile phone with an 8-digit one time code
- Enter the 8-digit code from your mobile phone in the Enter One Time Code field
- Click the SIGN IN button
If you want to use Voice OTP as an alternative to Multi-Factor Authentication, please follow these steps:
- Enter your user ID in the User ID field
- Click the CONTINUE button
- Enter your password in the Password field
- Click the CONTINUE button
- Click the Dont have a token? link
- [If you are enabled for both Voice OTP and SMS OTP, click the Call me link]
- You will receive an automated call on your phone that will give you an 8-digit one time code
- Enter the 8-digit code from your phone in the Enter One Time Code field
- Click the SIGN IN button
- Enter the answer to the security question in the Answer field
If you want to use SMS OTP as an alternative to Multi-Factor Authentication, please follow these steps:
- Enter your user ID in the User ID field
- Click the CONTINUE button
- Enter your password in the Password field
- Click the CONTINUE button
- Click the Dont have a token? link
- [If you are enabled for both Voice OTP and SMS OTP, click the Send SMS link]
- You will receive a text message on your mobile phone with an 8-digit one time code
- Enter the 8-digit code from your mobile phone in the Enter One Time Code field
- Click the SIGN IN button
Go back to the Top
Host 2 Login
This method requires a User ID and one of the following tokens: SafeWord card, VASCO token, or MobilePASS app.
To log in, please use the following steps:
- Enter your user ID in the User ID field
- Click the CONTINUE button
- Activate your token / app
- At the ENTER PIN prompt, enter your 4-digit PIN
- [If prompted for a HOST?, enter the number 2]
- A 6-character Response code will be displayed on the token / app
- Enter the 6-character Response code in the Enter Host2 Response field
- Click the SIGN IN button
Go back to the Top
Digital Certificate
Digital Certificate Users have a dedicated URL for logging in because they do not require a User ID:
https://www.citidirect.com/login/digitalcertificate
This method requires a USB token or smart card with the appropriate software installed. Contact your Citi Service Representative if you need help installing configuring the token.
To use a digital certificate to log in, please use the following steps:
- Click the CONTINUE button
- Select your digital certificate from the list
- Click the OK button
- Enter you digital certificate PIN in the PIN field
- Click the OK button
- [If you are prompted to run the Java application, click the Run button]
- Enter the password for the digital certificate token in the Token Password field
- Click the SUBMIT button
Go back to the Top
If, for any reason, you are unable to log in using the new screens, you can log in via the old login page
Go back to the Top