Co-brand Acquisition and Closed Loop Purchase Journey
Cards
Co-brand Acquisition and Closed Loop Purchase Journey

Hong Kong
Existing customers apply for Citi Co-brand partner credit card
Existing customers get redirected to Citibank website
When the existing customers click on Apply Now, they are redirected to the Citibank website for completing their Citi Co-brand credit card application.
New customers apply for Citi Co-brand partner credit card
Transforming customer experience through digital onboarding process. The new customers can be onboarded seamlessly and they can conveniently apply for Citi Co-brand partner credit card and avail other exciting offers from the partner.
Customers provide their basic information
Partners to pre-populate the customer's available personal details to be shared with Citibank.
Customers to fill in the remaining details and provide their consent by agreeing to the terms & conditions and share their details with Citibank to process their application.
Refer to the below API callout to create a new application.
Customers provide other details
The customers provide other details like mother's maiden name, educational level, identification details, monthly income details, residential details, etc. They also provide employment information including industry, work experience, job title, office address, etc.
By clicking on 'Continue', the customer's credit card application is updated and submitted for the background screening.
However, by clicking on 'Save for later' link, the application is saved and an alert is sent to the customer with application reference number (URN) to retrieve the application at later point of time.
Refer to the below API callouts:
- API callout1 to update a saved application.
- API Callout2 for background screening.
Customer's information is processed and the application is submitted
The customers have to wait till the time their shared information is getting processed. At this step, a background process is triggered which returns the In-Principle approval status of the application.
After the In-Principle approval, the application is submitted from the partner site.
Refer to the below API callouts:
- API callout1 for the In-Principle approval.
- API callout2 for submitting the application.
Application Submission Confirmation
Customers receive a notification for Co-brand credit card application
Customers register their Citi Co-brand partner credit card for the first time usage
Customers register with last four digit of card and mobile number using Secure Identification
The customers register their preferred Citi Co-brand credit card to use it for their purchases. This allows them to verify their identity without compromising on security.
Refer to the below API callout for generating the card access token.
Validation of the one-time password
The customers complete their registration by validating the one-time password sent to their registered mobile number.
Customers give consent to Citi for sharing information and allowing transactions from partner platform
The customers provide their consent to Citi for sharing information with third parties and allowing transactions from partner platform by clicking on 'Allow'. The control goes back to the partner along with Auth Code. After successful authorization, an access token is issued to the partner.
Refer to the below API callout for activating the card access token.
Registration confirmation
Customers select the product for purchase on partner website
The customers can select the product of their choice and click on 'Checkout' to proceed with the purchase.
Refer to the below API callout to authorize customer's purchase using his registered credit card.
Validate the one-time password based on additional authentication
The customers review their purchase summary and validate the one-time password sent to their registered mobile number. This password is based on the additional authentication setup by the partner to authorize the transaction. It is a closed loop authorization between partner and Citibank.
Refer to the below API callouts:
- API callout1 for retrieving the public key used for encryption.
- API callout2 to validate the one time password.
- API callout3 to re-generate and send the one-time password.
- API callout4 to confirm the authorization of a purchase done using card.
- API callout5 to void the transaction in case of authorization failure.