Using cards online

The 3-D Secure security standard is a cardholder identification service which allows secure online shopping using Maestro and Visa debit cards and Mastercard and Visa credit cards. When using your card to make an online payment, you confirm your transaction by using the Bank’s token or m-token.

After selecting a desired product or service and entering your personal details and card details, the web shop will automatically connect with the Bank to verify your identity. A Bank’s screen will be displayed, where you authorize your transaction using your token. At retail stores featuring a Mastercard IdCheck or Visa Secure symbol, you will be identified through so-called MAC/APPLI2 verification:

• After you enter your PIN in the token, select MAC/APPLI2;
• Enter the series of numbers appearing on the web shop’s screen in the MAC/APPLI2 field on the token to confirm payment;
• Enter the MAC generated by the token in the designated field on the web shop’s screen, confirm your entry, and your payment will be completed.

Depending on the version of the 3-D Secure security standard they support, some stores may still use validation based on token-generated OTP:

This screen is not displayed at retail stores that have not implemented the 3-D Secure security standard. The security of using a card for online payments depends on the security standards implemented by retail stores. Zagrebačka banka ensures that card payments remain secure and has implemented the 3D Secure security standard for all cards issued by Zagrebačka banka except for the Visa Electron prepaid card (Visa gift card), which is not registered to a particular name.

These shops still use OTP validation. The 3D Secure security standard is enabled after the initial correct token identification at an online shop that supports Mastercard SecureCode or Verified by Visa.
This procedure is as follows:
- Select a desired product or service and confirm that you want to pay;
- After you enter your card details, the web shop will automatically connect with the Bank to verify your identity and you then have the option to enable the service. By selecting “Enable”, a screen with general transaction details, your details and a request to enter the OTP generated by your token will be displayed.

Enter the OTP generated by your token.
If the details you enter are correct, the Bank will confirm the cardholder’s identity and forward the transaction to be authorized by the retailer.

All Zagrebačka banka cards may be used for online payments. Maestro debit cards can normally be used at retail stores supporting the 3D Secure security standard and payments without token are available at specific stores that do not support the standard (for example, the Moj Telekom / HT mobile app), however, the customer must additionally register with the service provider. Visa Electron prepaid cards (gift cards) are used without a token because they are not assigned to a particular name.

For security reasons, Zagrebačka banka additionally defines daily spending limits and the maximum number of transactions for different cards. Such defined limits may be changed at cardholder’s request, depending on the needs and habits associated with using payment cards.

Before using an online shop where cards are used for payment or where your card number is saved for future payments, please thoroughly examine and check all terms and conditions, save your username and password, and always sign out when you are finished.

CVV (Card Verification Value) or CVC (Card Verification Code) is a 3-digit number appearing on the back of your card.

Each time he/she shops online, including booking and/or paying for accommodation using his/her payment card, the user must read the accommodation service provider’s business terms and conditions and whether or not any payment will be required in case of failure to appear or early departure. In certain situation, the offer is particularly favorable precisely because the accommodation service provider does not provide the option to subsequently cancel the accommodation or modify the terms of your reservation, in which case the customer will not receive a refund of the advance payment made using his card. It is also recommended to only use your card at sites known to be secure and, in case you do not know the service provider’s language, retain the service from a local travel agency.

As this service was arranged with an online store, please read the terms and conditions of using the service available on their website, which should include information about the options of canceling the service and the relevant notice period, if any. You should submit your subscription cancelation request to the online store. As an exception, if you are unable to have your service cancelation request processed (the website is no longer available or the service provider denies your request), you can contact the Bank for advice. In that case, please attach your service cancelation request and all correspondence between the service provider and you as the cardholder and their customer and we will try to help.

Before using the PayPal payment facility, please thoroughly read their terms and conditions of use, in particular the information regarding their fees and currency translation methods and check for any updates. You can register all Zagrebačka banka cards at PayPal Croatia, except for Maestro.
1. Registering, adding and verifying your card
Select the Link a Card option on the PayPal site and follow the instructions. When adding a card, PayPal will verify its validity and make an authorization of USD 1. To allow PayPal to validate and verify your card, please ensure that sufficient funds/limits are available on your card to add and validate the card. After all required information has been entered, PayPay will charge the cardholder USD 1.95 and send the Bank a 4-digit number ( Expanded Use Number) included in the transaction description. PayPal will refund this amount to the customer after a correct 4-digit code is entered and verified. This code may be verified within the transaction description in e-zaba, m-zaba or at a Bank’s branch. It takes two to three business days for the code to be made available to the customer. This 4-digit number should be entered in the card verification field ( PayPal code).
2. PayPal code
Depending on which card is used, the account verification code is available through:
- e-zaba/m-zaba
- Retail Visa Electron card statement;
- Notice of Charges for credit cards
- a branch
- telephone at 01/3789 620 – only for Visa gift cards.
3. Selecting a payment currency on PayPal
PayPal allows you to choose a payment currency. As PayPal translates currencies used by different stores (USD, EUR…) into HRK at its own exchange rate, we recommend that you select to be charged in the store’s currency in the PayPal settings. On the PayPal website you can also find guidance for changing the primary currency.
4. Withdrawals from a PayPal account
Zagrebačka banka does not charge any fees for withdrawing funds from PayPal to Visa cards. You can check the fees charged by PayPal when you register to your PayPal account and select “Fees” at the bottom of the page. After the funds are withdrawn from PayPal, it takes several days for the amount to appear in your card account. As decided by PayPal, only Visa cards may be registered for payments and withdrawals.
5. Problems adding a card on PayPal
If an incorrect PayPal code is entered three times, further registration of the card on PayPal will be disabled. If you still want to register a card that does not allow further verification, you should contact PayPal by selecting the Contact Us option at the bottom of any PayPal page to receive assistance in adding the same card again. Details are available on the PayPal website. You can also contact PayPal for any other issues regarding your PayPal account.