Using cards online

Everything is available online, from information to entertainment content. Online shopping with card payment has become a usual way of getting a desired product or service in just a few clicks.

Although online shopping is simple and fun, check what you have to be careful about to protect yourself from frauds: Safe use of cards.

Online payment with a card starts:
1. by selecting a desired product or service
2. by entering your personal details, such as your name and surname, as well as your delivery address
3. and by entering your card details: card number, expiration date and/or the three-digit number from the back of the card (so-called CVC).

All Zagrebačka banka cards support the 3-D Secure security standard, i.e., reliable authentication is ensured when making online payments with Zaba cards.

After entering your card details, the transaction authorization method depends on whether the point of sale accepts the security standard or a certain exception applies (e.g., small-value transactions, subscriptions - recurring transactions, etc.).

It is recommended to make payments at retail stores supporting 3-D Secure (Mastercard Identity Check, Visa Secure).

For paying with cards at online shops supporting the security standard, you need a Bank m-token. If you do not have a m-token, please visit your nearest Bank branch to arrange it. The m-token service is free-of-charge. 

Important: On 26 June 2024 the possibility of authorization of a payment transaction by card at an online point of sale via m-token by entering MAC/APPLI2 data, is terminated and it is implemented a new way of authorizing with QR code.

The new way of authorizing card transactions at the online point of sale will be as follows:

  • Confirmation in the computer browser

Confirm the transaction via m-zaba push message which you received on your mobile device.

If you want to authorize the transaction with the displayed QR code, do it in four steps: 1. Download new version of m-zaba, 2. Choose m-token 3. Choose „Scan QR code“ option 4. Confirm transaction.

  • Confirmation in the mobile device

m-zaba push message will arrive to your mobile device (which may take up to 30 seconds). In case you haven't received it, we will resend it. After receipt, open it and confirm. Then click „Continue“.

If you haven't received it, check in your device settings if receiving push messages for m-zaba is enabled. After checking, repeat the purchase.


Types of cookies


Custom cookie settings

Below you can enable or disable the use of individual categories of online cookies, and you can subsequently change your choice at any time. If you are not sure, you can find detailed information about the cookies we use on pages in our cookie policy.

Technical cookiesAlways active

They enable the proper and safe operation of websites.

Performance cookies

They enable improvements in the use of websites.

Marketing cookies

They enable tracking of website visitors and collect data used to personalize ads and user experience.

Analytical cookies

They record statistical data that enable the improvement of our pages and our offer.