ACCEPTING CARDS

What type of cards can be used?
All embossed VISA and Mastercards, as well as some VISA Electron and V Pay cards can be used for online payments. In order to pay online with VISA Electron cards, the issuer has to permit and enable this function. VISA Electron cards issued by CIB Bank can be used to pay online.

Which bank cards can be used for online payments?
All VISA and Mastercard/Maestro cards that are enabled for online payments regardless of the issuing bank, as well as digital cards that are specifically issued for online use.

Are shopper´s cards accepted?
Loyalty cards and any point-scheme based cards issued by companies in the retail or service industry are not accepted as a valid form of payment and cannot be used online.

Are co-branded cards accepted?
Any co-branded cards that are partnered with VISA or Mastercard and are enabled for online payments are accepted.

PAYMENT PROCESS

How does the online card payment process work?
After selecting the card payment option at checkout on the retailer´s online store, the buyer initiates the payment process and as a result gets redirected to the bank´s payment processing page equipped with a secure communication channel. To complete the payment, the buyer needs to provide the bank card´s number, expiry date and security code (CVC/CVV), which is a 3 digit code that can typically be found on the back of the card next to the signature field. The transaction is initiated by the buyer when submitting the information, thus triggering a real time verification process of the card, during which the card´s details, its validity and debit / credit balance are being verified. If all the details are in order to continue the transaction, the card’s issuer will reserve the amount payable on the bank account linked to the card and the amount will be withdrawn either immediately or in the following days (depending on the account holding bank and debit vs credit payment).

What’s the difference between card payments online and in-store?
Payments are differentiated based on the presence or absence of the card to complete a transaction. “Card Present” transactions are completed using a POS (Point of Sale) terminal. When the card is swiped, inserted into or placed near the terminal (and if prompted its PIN code is entered), the terminal connects with the card holder´s bank through the authorisation centre and, depending on the type of the card, through VISA´s or Mastercard´s network. The verification process takes place here and using the same route back to the POS terminal, the retailer receives an answer whether the card has been authorised or declined, issuing a receipt of the results that might require the buyer´s signature. “Card not Present” are transactions where the card is not physically present, including written, over the phone, and online transactions, where the buyer (the card holder) submits the card details on a secure (256-bit encrypted) payment processing page to initiate the transaction. After an authorised transaction, the buyer receives a payment authorisation number, which is the same number found on the paper receipt.

What does “on hold” mean?
Once the bank is notified, the transaction is immediately followed by placing a hold on the amount payable for the purchase in order to maintain the funds available for that specific transaction. Putting the purchase amount on hold is done to prevent spending the same funds again over the period of time it takes for the bank to receive and handle the official data needed to execute the actual withdrawal of funds, which can take a couple of days. The amount on hold is set aside as part of the account´s balance eligible for interests, however, cannot be spent again. This also ensures that future transactions without sufficient funds are declined, even though the account balance might suggest otherwise.

DECLINED PAYMENTS AND WHAT TO DO

When would a transaction be declined?
Typically, the issuing bank / issuer of the card (where the buyer received the card from) rejects the payment, or the authorisation request does not reach the bank who issued the card due to connection or technical issues.

Card issues

  • The card cannot be used for online payments.
  • The card is disabled for online use by the account holding bank (linked to the card).
  • The card is blocked.
  • The card details provided (card number, expiry date, CVC/CVV) were incorrect.
  • The card is expired.

Account issues

  • Insufficient funds to complete the transaction.
  • Amount payable surpasses the card´s purchase or credit limit.

Connection issues

  • The connection has been lost during the transaction. Please, try again.
  • The connection has timed out. Please, try again.

Technical issues

  • If the buyer has not been redirected to the online store, the transaction has been declined.
  • If the buyer uses the browser’s “Back”, “Reload” or “Refresh” options to re-visit the payment processing page after being redirected back to the online store, the system will automatically decline the transaction for security reasons.

What to do in case of an unauthorised / declined transaction?
A transaction ID is generated regardless of the transaction´s outcome, we recommend writing this down for reference. In case the transaction was declined by the bank while attempting to pay online, please contact your account holding bank.

Why does the account holding bank need to be contacted in case of a declined or unauthorised transaction?
During the payment verification process the buyer’s account holding bank (the card issuer) notifies the payment collector´s bank (online store / retailer) whether the transaction can be completed or not. The payment collector´s bank cannot share confidential information, only the bank who is able to verify the card holder’s identity has the right to provide such information.

What happens if an SMS confirming the amount is placed on hold is received from the bank; however, the online store indicates the transaction was unsuccessful?
This happens when the customer does not get redirected to the online store after the verification process has been completed on the payment processing page. In this case, the process is not completed and automatically results in an unauthorised transaction. The amount on hold will not be withdrawn from the bank account linked to the card and will be released to be used again (this can take a few days).

SECURITY

What does “Verisign” and “256-bit encrypted TLS communication channel” mean?
TLS stands for Transport Layer Security, which is a method used for encrypting data. Our bank has a 256-bit encryption key, which protects the communication channel. A company called VeriSign enables CIB Bank to access the 256-bit key used in the TLS encryption. Today, 90% of all electronic transactions use this method of encryption. With the help of TLS, the customer’s browser encrypts the card details prior to sending them in a coded format to CIB Bank, making the information unreadable to third parties.

After payment is submitted, the browser warns of leaving a secure page. Can payment security be guaranteed?
Yes, a hundred percent. The payment process takes place on a 256-bit encrypted communication channel, which provides complete security. After the transaction, the buyer is redirected to the online store – if the retailer´s online store is not an encrypted webpage, the browser warns the user of leaving the encrypted channel (payment processing page). This does not compromise payment security.

What does CVC/CVV mean?
To verify authenticity, bank cards have a coded numerical value placed on the card’s magnetic stripe. Mastercard/Maestro calls this code Card Verification Code (CVC) and it’s the last three digits of the number displayed on the card´s back, whereas VISA calls is Card Verification Value (CVV), which is the three digit number typically placed on the card´s back as well. This code has to be provided as part of the buyer´s card details on the payment processing page during online purchases.

What does Verified by VISA mean?
VISA card holders registered in the Verified by VISA database choose a password at the card issuing entity, with which they can identify themselves during the online payment process. This in turn also provides an additional layer of security against any unauthorised use of VISA cards. CIB Bank accepts cards issued within the Verified by VISA program.

What does Mastercard SecureCode mean?
Mastercard/Maestro card holders registered in the Mastercard SecureCode database choose a password at the card issuing entity, with which they can identify themselves during the online payment process. This in turn also provides an additional layer of security against any unauthorised use of Mastercard/Maestro cards. CIB Bank accepts cards issued within the Mastercard SecureCode program.

What does UCAF code mean?
Some Mastercard/Maestro card holders receive a unique code from the card’s issuing bank. In case a unique code was not assigned to the card, the field can be left empty.