Important Links
A Citi UK customer working on his smart device

Citi Security Centre - Security Update

Using Deeplink for Online Shopping: What is Deeplink authentication?

Deeplink authentication is in place to ensure that you can successfully complete E-Commerce transactions online. The Deeplink solution is where you are sent a link via SMS text message which you are required to click, enter your Citi Online username and password in order to proceed with completing your E-Commerce transaction safely and securely.

You will be required to authenticate your online transactions by Deeplink for the following reasons:

  • If you have not registered for Citi Mobile® Token.
  • If you have not enabled Citi Mobile® Token within the Citi UK Mobile® App.
  • If you have not installed the Citi Mobile® UK App.
  • If you do not have the Citi Mobile® UK App available in your country’s app store.
How to authenticate your online purchases securely with Citi

We strongly recommend that you download the Citi Mobile® UK App, register for Citi Mobile® Token and enable Push Notifications to authenticate your online purchases. It is the easiest and most secure way of authenticating your online shopping.

If you are unable to authenticate your purchases using the Citi Mobile® Token, you will need to authenticate your online purchases by following the Deeplink solution.

The Deeplink Solution is in place to ensure that you can successfully complete E-Commerce transactions online. For this, you are sent a link via SMS text message which you are required to click, enter their Citi Online username and password to proceed with completing your E-Commerce transaction safely and securely.

Here is how:

  • When shopping online, you will be required to enter your Citi Card details when completing your transaction. Once you have done this, you will need to authenticate securely.
  • You will see a window where you will be asked to authorise the transaction:
  • You will be sent an SMS with a one-time use link from ‘Citibank’.
  • Please do not forward this link to anyone, it is designed and customised for you and your current online purchase.
  • An example of the link is https://online.citi.eu/ect/idx.html#auth/en_GB followed by a long transaction reference number. Please note, that this link can be used only once. If you click the link twice, the transaction will be rejected automatically.
  • Please do not complete authentication of a transaction at the request of a 3rd party.
  • Verify the transaction details displayed on the authorisation website are correct, click the link to open the webpage where you will be required to authenticate your transaction.
  • Once you have clicked on the link, enter your Citi Online banking username and password on the webpage that opens on your browser.
  • Once you have entered your Username and Password and clicked next, you will receive an SMS One Time Password (OTP) that will be sent from ‘Citibank’.
  • On the same page you will see a field where you should enter the One Time Password (OTP) received in the subsequent text message. Remember the code without closing the page, enter the last 6 digits of the code received in the SMS in the dedicated field and click "Authorise".
  • If all data is correct, you will see confirmation that you have authorised the transaction successfully
  • Then, go back to the website of the online shop and click “Finalise the Transaction”.
  • Please remember there will be some online merchants who continue to authenticate your online purchases by using a One Time Password sent by SMS.
  • If you don’t have a Citibank Online profile yet you will need to register using your Citibank Debit Card.

The benefits of using Deeplink:

The Deeplink solution allows you to pay for your online shopping using your Citi Debit Card and authorise the transaction without the need to download a mobile app.

Whilst we would always recommend using Citi Mobile® Token as the main solution for authenticating transactions, we recognise that for some of our clients this is not possible.

  1. I have clicked the link twice when trying to confirm a transaction using the Deeplink authorisation method, what should I do?

    To ensure the security of your transactions, the link you receive by text message can only be used once. If you click the link twice, it will not work any longer. In this case, you will be required to repeat the payment process.

  2. I have followed all the steps on the screen when completing my purchase, but the transaction failed. Why is this?

    You will need to ensure that you go back to the payment screen on your mobile device and click the “Finalise the transaction” button after following the steps to authorise an online transaction by card. Otherwise, your transaction will not be able to be completed. If this continues to fail, please call CitiPhone on 0800 00 55 00.

  3. When confirming a transaction, I entered the incorrect SMS One Time Passcode (OTP) three times. What should I do now?

    After entering the incorrect code from the SMS text message three times, your Citi Online and Citi Mobile password will be blocked. To unblock the password, go to www.citibank.co.uk and select the “I forgot my password” link on the login page.

  4. I am displayed with the ‘That’s all’, ‘The transaction has been authorised successfully’ screen, what do I do next?

    After finalising your transaction using the Deeplink solution, you will need to return to the merchant’s online website to complete your transaction.

  5. I have entered my Citi Online username and password correctly; however, I am receiving an error stating that I have entered my credentials incorrectly, what do I do?

    It may be that the username and password was entered incorrectly due to a typo, for example there may have been a capital letter when there shouldn’t have been due to the autocorrect feature on your mobile phone. Please try to re-enter your username and password and if the error persists take the following steps:
    1. Try to log in to your Citi Online banking, if log in is successful please return to merchant website and repeat the payment process again to initiate a new Deeplink which will be sent to you via SMS text message. Please be aware that the previous link you will have received, will no longer be valid.
    2. Try to enter your Citi Online username and password again. If this is successful, you will be prompted to enter an SMS OTP, which you will receive to finalise your transaction. If the error persists, please call CitiPhone on 0800 00 55 00.

  6. I have recently enrolled for Citi Mobile Token as I prefer to authentication my online purchases via this method, however I am still receiving Deeplink SMS, what do I do?

    Close the merchant online webpage that you are trying to make your online transaction from, wait 10 minutes and repeat the payment process again.

Troubleshooting

If you are having issues with the Deeplink solution, please follow these troubleshooting steps:

  1. Check that your Citi Online Username and Password is correct by trying to log in to your Citi Online account.
  2. Have you clicked the link that you have received in your SMS text message more than once? Please ensure that you click the link only once.
  3. If you have clicked the link more than once, please return to the online merchant website payment details screen and repeat the payment process again.
  4. If you are still facing issues, please contact CitiPhone on 0800 00 55 00

We strongly recommend that you download the Citi Mobile® UK App, register for Citi Mobile® Token and enable Push Notifications to authenticate your online purchases. It is the easiest and most secure way of authenticating your online shopping.

Two people shaking hands

How Citi protects you

Learn more >

A Citi UK customer working on his smart device

How to protect yourself

Learn more >

A man talking on his mobile phone

Need help regarding fraud

Learn more >

If you have any concerns regarding security please call
the Citi Security Team on:

0800 096 68 00

+44 203 569 99 98
If calling from outside the UK