Questions and answers about online card payments

CARD ACCEPTANCE

What types of cards can be used for payment?
VISA and Mastercard embossed cards as well as certain VISA Electron and V Pay cards. The possibility to use VISA Electron cards online depends on the card issuing bank. VISA Electron bank cards issued by CIB can be used for online purchases.

Which banks’ cards are suitable for online payment?
All VISA and Mastercard/Maestro cards that have been authorised for online payment by the card issuing bank, as well as web cards specifically designed for online use.

Is it possible to pay with shopping cards?
Point collection cards issued by merchants/service providers to collect loyalty points cannot be used for online payment.

Is it possible to pay with co-branded cards?
Any MasterCard or VISA co-branded card suitable for online payment can be used for payment.

PAYMENT PROCESS

How does the banking background process work for online payments?
Customers initiate the payment on the merchant/service provider’s website after selecting the bank card payment method, as a result of which they will be transferred to the Bank’s payment page, which features a secure communication channel. To complete the payment, you must provide your card number, the expiration date, and the 3-digit validation code displayed on the signature strip on the back of the card. You have to initiate the transaction, from then on the card goes through real-time authorisation, in the framework of which the authenticity of card data, the availability of funds and the purchase limit are checked. If the data is appropriate for continuing the transaction, the amount to be paid will be blocked on your card by the account managing (card issuing) bank. The amount will be debited (deducted) within a few days, depending on the account managing bank.

How are online card purchases different from traditional ones?
We distinguish between transactions where the bank card is present (Card Present) and transactions where the card is not present (Card not Present). Card Present transactions are completed using a POS terminal device. After swiping the card and entering the PIN code, the terminal contacts the card holder’s bank through the authorisation centre, using the VISA or MasterCard network, depending on the type of the card and the card issuer. This is where the validity and coverage check (authorisation) takes place. Following the above route in a reverse direction, the POS terminal (or the merchant) receives the approval or rejection. The customer signs the receipt. The Card not Present is a transaction during which the bank card is not physically present. Such transactions include payments completed by mail, telephone or electronically (Internet), in which case the customer (card holder) initiates the transaction by entering the card details on a secure (256-bit encrypted) payment page. You will receive a so-called authorisation number, which is the same as the number on the paper-based receipt.

What is blocking?
Once the bank learns of a transaction, this is immediately followed by blocking, as it must first receive the official data before it can do the actual debiting. This takes a few days during which the amount of the purchase could be spent again. Therefore, the withdrawn funds or the funds used for the purchase are separated and blocked. The blocked amount is part of the account balance, meaning that it bears interest, but it cannot be spent again. Blocking ensures that transactions for which there aren’t sufficient funds in the account are rejected, even though the account balance would in principle still be sufficient.

UNSUCCESSFUL PAYMENTS AND ACTION TO BE TAKEN

In what cases can a transaction fail?
Usually when a payment order is not accepted by the card issuing bank (i.e. where the customer received the card); but when bank cards are used, an unsuccessful transaction may also be due to the fact that the request for authorisation does not reach the card issuing bank on account of a telecommunication or IT error.

Possible error related to the card
• The card is not suitable for online payments.
• The online use of the card is prohibited by the account managing bank.
• The use of the card is prohibited.
• The card details (card number, expiration date, code on the signature strip) were entered incorrectly.
• The card has expired.

Possible error related to the account
• There are insufficient funds to complete the transaction.
• The transaction amount exceeds the purchase limit on the card.

Possible problem in the connection
•Line probably disconnected during transaction. Please try again.
•Transaction failed due to time-out. Please try again.

Possible technical problem
• If you are not redirected from the payment page to the site of the merchant/service provider, the transaction fails.
• If you have been redirected from the payment page but you return there by clicking the ‘back’, ‘reload’ or ‘refresh’ in the browser, the system will automatically reject your transaction for security reasons.

Actions to take if the payment procedure is unsuccessful
In each case, a transaction ID is generated for the transaction, which we recommend that you record. If a transaction is rejected by the bank when you try to pay, please contact your account managing bank.

Why do you need to contact the account managing bank in case of unsuccessful payment?
During card verification, the account managing bank (card issuer) notifies the bank of the merchant (acceptor) collecting the amount whether the transaction can be performed. The bank collecting the amount may not disclose confidential information to a customer of another bank, only the bank identifying the card holder has the right to do so.

What does it mean if I receive an SMS from my bank that the amount had been blocked, but the merchant/service provider indicates that the payment was unsuccessful?
This may occur if the card has been verified on the payment page, but you have not returned to the site of the merchant/service provider. In this case, the transaction is considered incomplete, so it is automatically considered unsuccessful. In such instances, the amount will not be debited on your card and the blocking will be cancelled.

SECURITY

What is VeriSign and the 256-bit encrypted TLS communication channel?
TLS stands for Transport Layer Security. Our bank has a 256-bit encryption key that protects the communication channel. A company called VeriSign allows CIB Bank to use the 256-bit key that ensures the TLS-based encryption. Currently, 90% of the world’s e-commerce uses this encryption method. The browser used by the customer encrypts the card holder’s data with the help of TLS before sending said data; thus, the data is sent to CIB Bank in encrypted form and cannot be interpreted by unauthorised persons.

After payment, my browser warned me that I was leaving the secure zone. Is the safety of my payment still guaranteed?
Absolutely, yes. The payment process takes place on a 256-bit encrypted communication channel, making it completely secure. After the transaction, you will be redirected to the merchant’s website, and if the merchant’s site is not encrypted, your browser will warn you that you have left the encrypted channel. This does not pose a threat to payment security.

What is the CVC2 / CVV2 code?
In the case of MasterCard, it is the so-called Card Verification Code; in the case of Visa, it is the so-called Card Verification Value. This is a numeric value encoded in the magnetic stripe of the bank card that can be used to determine the authenticity of the card. The so-called CVC2 code, which consists of the last three digits of the number displayed on the back of the Mastercard/Maestro cards, must be entered when making online purchases.

What does Verified by Visa mean?
Verified by Visa is a security check for Visa cardholders based on a one-time code or biometric identification (facial recognition, fingerprint or other human characteristics) set at the card issuing bank to identify themselves when making online purchases and to protect against the unauthorised use of Visa cards. CIB Bank accepts cards issued within the framework of the Verified by Visa system.

What does the Mastercard Identity Check (ID Check) mean?
The Mastercard ID Check is a security check for Mastercard/Maestro cardholders based on a one-time code or biometric identification (facial recognition, fingerprint or other human characteristics) set at the card issuing bank to identify card holders when making online purchases and to protect against the unauthorised use of Mastercard/Maestro cards. CIB Bank accepts cards issued within the framework of the Mastercard ID Check system.