CIB Frequently Asked Questions (FAQ)

Frequently asked questions about internet-based card payment

CARD ACCEPTANCE

What types of card can I pay with?

You can pay with all embossed VISA and MasterCard cards, and certain VISA Electron and V Pay cards. Whether or not you can use VISA Electron cards for internet-based payments depends on the bank that issued the card. VISA Electron bank cards issued by CIB can be used for internet-based purchases.

Which banks’ cards are suitable for internet-based payments?

All VISA and MasterCard/Maestro cards that the card-issuing bank has authorised for internet payment, as well as ‘web cards’ issued specifically for internet use.

Can I pay with a shopping card?

Point-collecting cards, used for storing loyalty points, issued by merchants/service providers, cannot be used to pay via the internet.

Can I pay with a co-branded card?

All co-branded cards that are MasterCard or VISA-based cards suitable for internet payments can be used to pay.

THE PAYMENT PROCESS

How does the background process for online payment work?

After choosing ‘bank card’ as the method of payment on the website of the merchant/service provider, the shopper initiates payment, and is then diverted to the Bank’s payment page, which is equipped with a secure communication channel. For payment, you need to give your card number, card expiry date, and the 3-digit security code on the signature strip on the reverse side of the card. The transaction is launched by you, and then the card undergoes a real-time authorisation process, in which the authenticity of the card details, the available funds and the spending limit are all checked. If all the data necessary for continuing the transaction is in order, your account-keeping (card-issuing) bank blocks the payable amount on your card. The debiting (deduction) of the amount from your account takes place within a few days, although precisely how long it takes will depend on the account-keeping bank.

How does a card-based purchase via the internet differ from a conventional card-based purchase?

We distinguish between transactions where the card is actually presented in the store (Card Present), and those where it is not physically present (Card Not Present). Card Present transactions take place using a device called a POS terminal. After the card has been swiped and the PIN keyed in, the terminal makes contact with the card holder’s bank via the authorisation centre and, depending on the type of card and its issuer, either the VISA or the MasterCard network. This is where the validity and funds verification check (authorisation) takes place. The POS terminal (and the merchant) receives the approval or rejection via the same route, only in reverse order. The shopper signs the card receipt. Card Not Present transactions are transactions where the bank card is not physically present. These include transactions executed by post, telephone or electronically (via the internet), in which case the shopper (card holder) launches the transaction by giving his or her requested card data via a secure (256-bit encrypted) payment site. If the transaction is successful, you receive an authorisation number, which is the same as the number that would be shown on the paper receipt.

What does reservation mean?

As soon as the transaction comes to the bank’s attention, it is followed by reservation (blocking), because the actual debiting can only take place once the official data arrives, which can take a few days, in which time it would otherwise be possible to spend the amount of the purchase again. This is why, through reservation, the money used for a purchase or cash withdrawal is segregated and blocked. The reserved amount is still part of the account balance, so it earns interest, but cannot be spent again. Reservation ensures that transactions for which there aren’t enough funds are refused although the account balance would, in principle, still permit them. 

UNSUCCESSFUL PAYMENTS AND WHAT TO DO

When might a transaction be unsuccessful?

Usually this happens when the payment order is not accepted by the card-issuing bank (i.e. the bank that gave you the card), or it might be due to a telecommunication or IT fault that prevent the authorisation request from reaching the card issuer when using a bank card.

Card-related errors
  • The card is not suitable for internet payments. 
  • Use of the card over the internet is blocked by the account-keeping bank. 
  • Use of the card is blocked. 
  • Incorrect card data (card number, expiry date, security code on the signature strip) has been given. 
  • The card has expired. 
Account-related errors
  • There are insufficient funds to execute the transaction. 
  • The amount of the transaction exceeds the card spending limit. 
Connection-related errors
  • The connection was probably lost in the course of the transaction. Please try again. 
  • The transaction timed out. Please try again.

Technical errors

  • If you are not returned from the payment site to the website of the merchant/service provider, the transaction was unsuccessful. 
  • If you have left the payment site, but return to the payment site using the browser’s “back”, “reload” or “refresh” function, the system will automatically refuse the transaction for security reasons.

 

What should I do if the payment procedure is unsuccessful?

A transaction ID is generated for every transaction, and we recommend that you make a note of this. If in the course of the payment attempt the transaction is refused by the bank, please get in touch with your account-keeping bank.

Why do I have to get in touch with my account-keeping bank if the payment was unsuccessful?

In the course of the card check, the account-keeping (card-issuing) bank notifies the (accepting) bank of the merchant collecting the amount whether the transaction may be executed. The accepting bank cannot give out confidential information; only the bank that identifies the card holder is entitled to do so. 

What does it mean if I get an SMS text message from my bank on the reservation/blocking of the payable amount, but the merchant/service provider indicates that payment was unsuccessful?

This can happen if the card check has taken place on the payment site, but you have not returned to the website of the merchant/service provider. In this case the transaction is classified as incomplete, and as such it is automatically deemed unsuccessful. When this happens, the amount is not charged to your card, and the reservation is lifted.

SECURITY

What do VeriSign and 256-bit encrypted TLS communication channel mean? 

TLS is the abbreviation for the Transport Layer Security, the approved encryption process. Our bank has a 256-bit encryption key, which protects the communication channel. The company VeriSign enables CIB Bank to use the 256-bit key with which we ensure the TLS-based encryption. At present, 90% of the world’s electronic commerce uses this method of encryption. The browser program used by the shopper encrypts the card holder’s data using TLS prior to sending, so that all the information is transmitted to CIB Bank in encrypted form, rendering it undecipherable for unauthorised persons.

After the payment, my browser warned me that I’m leaving a secure zone. Is the security of my payment still assured?

Absolutely. The payment process takes place via a 256-bit encrypted communication channel, so it’s totally secure. After the transaction, you’re returned to the merchant’s website, and if the merchant’s website isn’t encrypted, your browser will warn you that you’re leaving the encrypted channel. This doesn’t represent a threat in terms of the security of the payment.

What’s the CVC2/CVV2 code?

At MasterCard this is short for Card Verification Code, and at Visa, for Card Verification Value, and it is a numerical value coded onto the magnetic stripe of the bank card, which can be used to determine the authenticity of the card. The CVC2 code, which is the last three digits of the number printed on the reverse of MasterCard/Maestro cards, must be provided in the course of internet purchases.

What does Verified by Visa mean?

Visa card holders who are registered in the Verified by Visa system can choose a password at the bank that issues the card, which they use to identify themselves when making internet-based purchases, and which protects against the unauthorised use of Visa cards. CIB Bank accepts cards issued under the Verified by Visa system.

What does MasterCard SecureCode mean?

Mastercard/Maestro card holders who are registered in the Mastercard SecureCode system can choose a password at the bank that issues the card, which they can use to identify themselves when making internet-based purchases, and which protects against the unauthorised use of Mastercard/Maestro cards. CIB Bank accepts cards issued under the Mastercard SecureCode system.

What is the UCAF code?

If you have a MasterCard/Maestro card, you may have received an individual code from your card-issuing bank. If you didn’t, just leave the field blank.