Frequently asked questions about
internet-based card payment
CARD ACCEPTANCE
What types of card can I pay with?
You can pay with
all embossed VISA and MasterCard cards, and certain VISA Electron and V Pay
cards. Whether or not you can use VISA Electron cards for internet-based
payments depends on the bank that issued the card. VISA Electron bank cards
issued by CIB can be used for internet-based purchases.
Which banks’ cards are suitable for internet-based
payments?
All VISA and
MasterCard/Maestro cards that the card-issuing bank has authorised for internet
payment, as well as ‘web cards’ issued specifically for internet use.
Can I pay with a shopping card?
Point-collecting
cards, used for storing loyalty points, issued by merchants/service providers,
cannot be used to pay via the internet.
Can I pay with a co-branded card?
All co-branded
cards that are MasterCard or VISA-based cards suitable for internet payments
can be used to pay.
THE PAYMENT PROCESS
How does the background process for online payment work?
After choosing
‘bank card’ as the method of payment on the website of the merchant/service
provider, the shopper initiates payment, and is then diverted to the Bank’s
payment page, which is equipped with a secure communication channel. For
payment, you need to give your card number, card expiry date, and the 3-digit
security code on the signature strip on the reverse side of the card. The
transaction is launched by you, and then the card undergoes a real-time
authorisation process, in which the authenticity of the card details, the
available funds and the spending limit are all checked. If all the data
necessary for continuing the transaction is in order, your account-keeping
(card-issuing) bank blocks the payable amount on your card. The debiting
(deduction) of the amount from your account takes place within a few days,
although precisely how long it takes will depend on the account-keeping bank.
How does a card-based purchase via the internet differ
from a conventional card-based purchase?
We distinguish
between transactions where the card is actually presented in the store (Card
Present), and those where it is not physically present (Card Not Present). Card
Present transactions take place using a device called a POS terminal. After the
card has been swiped and the PIN keyed in, the terminal makes contact with the
card holder’s bank via the authorisation centre and, depending on the type of
card and its issuer, either the VISA or the MasterCard network. This is where
the validity and funds verification check (authorisation) takes place. The POS
terminal (and the merchant) receives the approval or rejection via the same
route, only in reverse order. The shopper signs the card receipt. Card Not
Present transactions are transactions where the bank card is not physically
present. These include transactions executed by post, telephone or
electronically (via the internet), in which case the shopper (card holder)
launches the transaction by giving his or her requested card data via a secure (256-bit
encrypted) payment site. If the transaction is successful, you receive an
authorisation number, which is the same as the number that would be shown on
the paper receipt.
What does reservation mean?
As soon as the
transaction comes to the bank’s attention, it is followed by reservation
(blocking), because the actual debiting can only take place once the official
data arrives, which can take a few days, in which time it would otherwise be
possible to spend the amount of the purchase again. This is why, through
reservation, the money used for a purchase or cash withdrawal is segregated and
blocked. The reserved amount is still part of the account balance, so it earns
interest, but cannot be spent again. Reservation ensures that transactions for
which there aren’t enough funds are refused although the account balance would,
in principle, still permit them.
.
UNSUCCESSFUL PAYMENTS AND WHAT TO DO
When might a transaction be unsuccessful?
Usually this
happens when the payment order is not accepted by the card-issuing bank (i.e.
the bank that gave you the card), or it might be due to a telecommunication or
IT fault that prevent the authorisation request from reaching the card issuer
when using a bank card.
Card-related errors
·
The card is not
suitable for internet payments.
·
Use of the card
over the internet is blocked by the account-keeping bank.
·
Use of the card is
blocked.
·
Incorrect card
data (card number, expiry date, security code on the signature strip) has been
given.
·
The card has
expired.
Account-related errors
·
There are
insufficient funds to execute the transaction.
·
The amount of the
transaction exceeds the card spending limit.
Connection-related errors
·
The connection was
probably lost in the course of the transaction. Please try again.
·
The transaction
timed out. Please try again.
Technical errors
·
If you are not
returned from the payment site to the website of the merchant/service provider,
the transaction was unsuccessful.
·
If you have left
the payment site, but return to the payment site using the browser’s “back”,
“reload” or “refresh” function, the system will automatically refuse the
transaction for security reasons.
What should I do if the payment procedure is
unsuccessful?
A transaction ID is
generated for every transaction, and we recommend that you make a note of this.
If in the course of the payment attempt the transaction is refused by the bank,
please get in touch with your account-keeping bank.
Why do I have to get in touch with my account-keeping
bank if the payment was unsuccessful?
In the course of
the card check, the account-keeping (card-issuing) bank notifies the
(accepting) bank of the merchant collecting the amount whether the transaction
may be executed. The accepting bank cannot give out confidential information;
only the bank that identifies the card holder is entitled to do so.
What does it mean if I get an SMS text message from my
bank on the reservation/blocking of the payable amount, but the
merchant/service provider indicates that payment was unsuccessful?
This can happen if
the card check has taken place on the payment site, but you have not returned
to the website of the merchant/service provider. In this case the transaction
is classified as incomplete, and as such it is automatically deemed
unsuccessful. When this happens, the amount is not charged to your card, and
the reservation is lifted.
SECURITY
What do VeriSign and 256-bit encrypted TLS communication
channel mean?
TLS is the abbreviation
for the Transport Layer Security, the approved encryption process. Our bank has
a 256-bit encryption key, which protects the communication channel. The company
VeriSign enables CIB Bank to use the 256-bit key with which we ensure the
TLS-based encryption. At present, 90% of the world’s electronic commerce uses
this method of encryption. The browser program used by the shopper encrypts the
card holder’s data using TLS prior to sending, so that all the information is
transmitted to CIB Bank in encrypted form, rendering it undecipherable for
unauthorised persons.
After the payment, my browser warned me that I’m leaving
a secure zone. Is the security of my payment still assured?
Absolutely. The
payment process takes place via a 256-bit encrypted communication channel, so
it’s totally secure. After the transaction, you’re returned to the merchant’s
website, and if the merchant’s website isn’t encrypted, your browser will warn
you that you’re leaving the encrypted channel. This doesn’t represent a threat
in terms of the security of the payment.
What’s the CVC2/CVV2 code?
At MasterCard this
is short for Card Verification Code, and at Visa, for Card Verification Value,
and it is a numerical value coded onto the magnetic stripe of the bank card,
which can be used to determine the authenticity of the card. The CVC2 code,
which is the last three digits of the number printed on the reverse of
MasterCard/Maestro cards, must be provided in the course of internet purchases.
What does Verified by Visa mean?
Visa card holders
who are registered in the Verified by Visa system can choose a password at the
bank that issues the card, which they use to identify themselves when making
internet-based purchases, and which protects against the unauthorised use of
Visa cards. CIB Bank accepts cards issued under the Verified by Visa system.
What does MasterCard SecureCode mean?
Mastercard/Maestro
card holders who are registered in the Mastercard SecureCode system can choose
a password at the bank that issues the card, which they can use to identify
themselves when making internet-based purchases, and which protects against the
unauthorised use of Mastercard/Maestro cards. CIB Bank accepts cards issued
under the Mastercard SecureCode system.
What is the UCAF code?
If you have a
MasterCard/Maestro card, you may have received an individual code from your
card-issuing bank. If you didn’t, just leave the field blank.