Using business cards online

The 3D Secure security standard is a service enabling cardholder identity verification and safe online purchases with the Bank-issued cards using the Bank’s m-token. When using your corporate card to make an online payment, you confirm your transaction by using the bank’s PS m-token.

All corporate cards may be used online and they support the 3-D Secure security standard. Only an authorised representative of the relevant entity may arrange online usage and have limits defined for corporate debit cards made available to authorised users.

Online card transactions can be confirmed via a deep link, a push message, or by scanning a QR code, depending on the manner in which the purchase is made (by accessing a web store via an internet browser or via an installed merchant mobile application):

1. AUTHENTICATION VIA A DEEP LINK

When a card payment is executed in a merchant mobile application supported by a secure authentication protocol, the opening of the direct deep link for authentication on the Bank's screen must be initiated on the screen that appears. In this case, both applications must be installed on the same mobile device.

Sample screen:

After selecting „Initiate“ (Pokreni) and logging into m-token in the usual manner, through PIN or biometric authentication, the Bank's screen on which purchase data are shown will open.

If the data are correct and match the initiated payment, the option “Confirm” (Potvrdi) should be selected. After successful confirmation, the following screen will appear, which must be closed:

After closing the previous screen, the option “Finish” (Dovrši) shown on the screen that appears in the point-of-sale mobile application should be selected.

2. 3DS PUSH METHOD via biometrics or PIN

Prerequisites for receiving push-messages:

• m-zabaPS the option of receiving push messages is included (More-Settings-Notifications)

• settings on mobile devices on which is installed m-zaba - it is necessary to check whether the permissions for receiving m-zaba messages are turned on

Payment on mobile application of the merchant on the same device on which m-zaba is installed:

1. If the point-of-sale mobile application supports authentication via a deep link, the option “Initiate” (Pokreni) must be selected to initiate authentication by deep linking to the Bank’s screen. If the option “Finish” (Dovrši) is selected in this step, this will initiate the sending of a push message and the Bank's screen with transaction data will appear. To open the push message, biometric or PIN authentication method, i.e., the method selected for accessing m-token, is used. Upon opening the push message, the online purchase confirmation screen will appear.

• Please check the merchant name, amount, date before click on accepting the online payment (Potvrdi).

• If all data matches your purchase, please click on Potvrdi on this screen and Nastavi on previous screen.

3. AUTHENTICATION WITH QR code

On online shops supporting the 3-D Secure security standard, you confirm your payment using your PS m-token by following the instructions appearing on the screen. If you do not have a PS m-token, you can request it from your Relationship Manager/Corporate Banker ( more information). The PS m-token service itself is free of charge.
Only a duly authorised person may arrange corporate cards and enable the online shopping limit option for end users of the card.
At online stores that have not implemented 3D Secure, no token authorisation screens will be displayed.

This screen is not displayed at retail stores that have not implemented the 3-D Secure security standard or where a certain exception from the implementation of reliable authentication applies (e.g., for small-value transactions or recurring transactions - various subscriptions, etc.). The security of using a card for online payments depends on the security standards implemented by retail stores.
Zagrebačka banka ensures that card payments remain secure and has implemented the 3D Secure security standard for all cards issued by Zagrebačka banka.

For security reasons, Zagrebačka banka additionally defines daily spending limits and the maximum number of transactions for different cards. Such defined limits may be changed at the cardholder’s request, depending on the needs and habits associated with using payment cards. Please contact the company’s authorised representatives to check the agreed card limits.

Before using an online shop where cards are used for payment or where your card number is saved for future payments, please thoroughly examine and check all terms and conditions, save your username and password, and always sign out when you are finished.

CVV (Card Verification Value) or CVC (Card Verification Code) is a 3-digit number appearing on the back of your card.

Each time they shop online, including booking and/or paying for accommodation using their payment card, the user must read the accommodation service provider’s business terms and conditions and whether or not any payment will be required in case of failure to appear or early departure. In certain situations, the offer is particularly favourable precisely because the accommodation service provider does not provide the option to subsequently cancel the accommodation or modify the terms of the reservation, in which case the customer will not receive a refund of the advance payment made using their card. It is also recommended to only use your card at sites known to be secure and, in case you do not know the service provider’s language, retain the service from a local travel agency.

As this service was arranged with an online store, please read the terms and conditions of using the service available on their website, which should include information about the options of cancelling the service and the relevant notice period, if any. You should submit your subscription cancelation request to the online store. As an exception, if you are unable to have your service cancelation request processed (the website is no longer available or the service provider denies your request), you can contact the bank for advice. In that case, please attach your service cancelation request and all correspondence between the service provider and you as the cardholder and their customer and we will try to help.