Everything is available online, from information to entertainment content. Online shopping with card payment has become a usual way of getting a desired product or service in just a few clicks.
Although online shopping is simple and fun, check what you have to be careful about to protect yourself from frauds: Safe use of cards.
Online payment with a card starts: 1. by selecting a desired product or service 2. by entering your personal details, such as your name and surname, as well as your delivery address 3. and by entering your card details: card number, expiration date and/or the three-digit number from the back of the card (so-called CVC).
All Zagrebačka banka cards support the 3-D Secure security standard, i.e., reliable authentication is ensured when making online payments with Zaba cards.
After entering your card details, the transaction authorization method depends on whether the point of sale accepts the security standard or a certain exception applies (e.g., small-value transactions, subscriptions - recurring transactions, etc.).
It is recommended to make payments at retail stores supporting 3-D Secure (Mastercard Identity Check, Visa Secure).
For paying with cards at online shops supporting the security standard, you need a Bank token. If you do not have a token, please visit your nearest Bank branch to arrange it. The m-token service is free-of-charge. In addition to a physical token, individual users of online banking (e-zaba) may also arrange an m-token, which is located within our m-zaba mobile app.
Mastercard and Visa are discontinuing support of the old version of the security standard for online card payment authentication.
As of October 18, 2022, authentication of online payments made with Visa debit and Mastercard credit cards issued by Zagrebačka banka will, therefore, no longer be performed based on an APPLI1/OTP generated by a physical token or an m-token. Payment authentication based on a PUSH notification or a token-generated APPLI2/MAC will continue to be performed.
The 3-D Secure security standard is a cardholder identification service which allows secure online shopping using debit cards and Mastercard credit cards. When using your card to make an online payment, you confirm your transaction by using the Bank’s token or m-token.
How to pay using a card if the 3-D Secure security standard is implemented?
1. 3DS PUSH METHOD (biometric authentication) For m-token users if the push message option is activated.
The screen on which you are shopping a product or service will immediately display an authorisation screen, where you need to click “Continue”. After opening a push message on your phone, check the payment details and select CONFIRM or REJECT the purchase.
More information on biometric authentication is available
2. AUTHENTICATION USING THE APPLI2/MAC METHOD ON THE TOKEN The method is available to physical token and m-token users (if the push message option is not activated or if the purchase is rejected in the push message).
After you enter your PIN in the token, select MAC/APPLI2;
Enter the series of numbers appearing on the web shop’s screen in the MAC/APPLI2 field on the token to confirm payment;
Enter the MAC generated by the token in the designated field on the web shop’s screen, confirm your entry, and your payment will be completed.
Why is the security standard enabling screen not displayed?
This screen is not displayed at retail stores that have not implemented the 3-D Secure security standard or where a certain exception from the implementation of reliable authentication applies (e.g., small-value transactions or recurring transactions – various subscriptions, etc.). The security of using a card for online payments
depends on the security standards implemented by retail stores. Zagrebačka banka ensures that card payments remain secure and has implemented the 3-D Secure security standard for all cards issued by Zagrebačka banka.
Which Zagrebačka banka cards can be used for online payments?
All Zagrebačka banka cards may be used for online payments and support the 3-D Secure security standard.
In addition to the 3D Secure security standard implemented, which other card security measures are taken?
For security reasons, Zagrebačka banka additionally defines
daily spending limits and the maximum number of transactions for different cards. Such defined limits may be changed at cardholder’s request, depending on the needs and habits associated with using payment cards.
What is important to check before using websites where cards are used for payment (PayPal, Google, Amazon, etc.)?
Before using an online shop where cards are used for payment or where your card number is saved for future payments, please thoroughly examine and check all terms and conditions, save your username and password, and always sign out when you are finished.
In addition to the card number expiration date, online shops ask for my CVV or CVC or a security code. Where can I find this information?
CVV (Card Verification Value) or CVC (Card Verification Code) is a 3-digit number appearing on the back of your card.
What should I be careful about when booking accommodation (hotel, apartment, etc.) online?
Each time he/she shops online, including booking and/or paying for accommodation using his/her payment card, the user must read the accommodation service provider’s business terms and conditions and whether or not any payment will be required in case of failure to appear or early departure. In certain situation, the offer is particularly favorable precisely because the accommodation service provider does not provide the option to subsequently cancel the accommodation or modify the terms of your reservation, in which case the customer will not receive a refund of the advance payment made using his card. It is also recommended to only use your card at sites known to be secure and, in case you do not know the service provider’s language, retain the service from a local travel agency.
What should I do if I want to cancel a card-based subscription for a service arranged online (for example, a daily/monthly/annual subscription to an online magazine or professional portal, online game subscriptions, etc.)? Do I need to block the card and submit a complaint to Zagrebačka banka?
As this service was arranged with an online store,
please read the terms and conditions of using the service available on their website, which should include information about the options of canceling the service and the relevant notice period, if any. You should submit your subscription cancelation request to the online store. As an exception, if you are unable to have your service cancelation request processed (the website is no longer available or the service provider denies your request), you can contact the Bank for advice. In that case, please attach your service cancelation request and all correspondence between the service provider and you as the cardholder and their customer and we will try to help.