Q&As ABOUT CARD PAYMENTS MADE ON THE INTERNET
What types of card can be used for making payment?
VISA and MasterCard embossed cards and certain VISA Electron cards. Whether you can use VISA Electron cards for online transactions depends on the bank that issued the card. The VISA Electron cards that are issued by CIB can be used for making purchases online.
Which bank cards are suitable for making online payments?
All embossed VISA cards and MasterCards/Maestro that have been enabled for online payment by the card-issuing bank, as well as webcards that are specifically designed for online use.
Is it possible to pay with shopping cards?
It is not possible to make payments online using points-based loyalty cards issued by merchants or service providers.
Is it possible to pay with co-branded cards?
It is possible to pay using any co-branded card, provided that it is a MasterCard or VISA card suitable for making payments online.
THE PAYMENT PROCESS
What happens at the bank in terms of support processes for online payment?
After selecting ‘card’ as the method of payment on the merchant’s/service provider’s website, the person making the purchase initiates the payment, as a result of which he or she is redirected to the bank’s payment page equipped with a secure communication channel. In order to make the payment, you will need to enter the card number, the expiry date of the card, and the 3-digit validation code that is on the signature strip on the reverse side of the card. It is you who starts the transaction; after that, the card undergoes a real-time authorisation process in which the genuineness of the card data, the funds coverage and the purchase limit are checked. If all the data is satisfactory, the transaction can be continued and your account-keeping (card-issuing) bank blocks the payable amount on your card. The amount will be charged to (debited from) your account within a few days, depending on the account-keeping bank.
How does buying on the internet using a card differ from conventional card purchases?
There are important differences between what are known as ‘card-present’ transactions and ‘card-not-present’ transactions. Card-present transactions take place using a POS terminal. After the card is swiped and the PIN code is keyed in, the terminal contacts the cardholder’s bank via the authorisation centre and, depending on the type and the issuer of the card, through the VISA or MasterCard network. This is where the validity of the card is verified and the coverage check is performed (i.e. where authorisation takes place). The response is sent back along this same path, and thus the POS terminal (or the merchant) receives the authorisation or the rejection. The buyer then signs the sales slip. Card-not-present transactions are where the bankcard is not physically present at the time of processing. These include transactions initiated by way of a posted letter, by phone or electronically (over the internet), where the buyer (cardholder) initiates the transaction by entering the requested card data on a (128-bit encrypted) payment page. Here, you receive an authorisation number related to the successful transaction, which is the same as the number you find on a paper-based sales slip.
What does reservation mean?
As soon as the bank is informed of the transaction, reservation (blocking) follows, since for the actual debiting to take place the official data must first arrive, which takes a few days and during this time the money earmarked for the purchase could otherwise be spent on something else. For this reason, the money that has been used for the purchase or withdrawn in cash is separated and ‘reserved’. The reserved amount remains part of the balance of the account, that is, it continues to earn interest, but it cannot be spent again. Reservation ensures that any transactions for which there are no longer sufficient funds are rejected, even though the account balance would otherwise allow the transaction to go through. If the debit instruction does not arrive within the space of a few days, the bank may release the reserved amount, which thus becomes spend able again.
UNSUCCESSFUL PAYMENTS AND WHAT TO DO ABOUT THEM
When might a transaction be unsuccessful?
Generally, these are payment orders that are not accepted by the card-issuing bank (i.e. the bank from where the customer obtained the card), though where bankcards are used, the reason could also be that due to a telecommunication or computer error, the request for authorisation has not reached the card-issuing bank.
Possible problems related to the card:
- The card is not suitable for making online payments.
- The use of the card online has been prohibited by the account-keeping bank.
- The card has been blocked.
- The card data (card number, expiry date, code on the signature strip) has been incorrectly inputted.
- The card has expired.
Possible problems related to the account:
- There are insufficient funds on the account for the transaction to be executed.
- The amount of the transaction exceeds the purchase limit set for the card.
Possible problems in the connection:
- There may have been a break in the connection during the course of the transaction. Try again!
- The transaction was unsuccessful because you were timed out. Try again!
Possible ‘technical’ problems:
- If you are not returned from the payment page to the merchant’s or service provider’s website, this means that the transaction has not gone through successfully.
- If you have been returned from the payment page, but you then go back to the payment page using the browser’s ‘back’, ‘reload’ or ‘refresh’ function, the system will automatically reject your transaction for security reasons.
What should you do if the payment procedure is unsuccessful?
For all transactions, a transaction identifier is generated, which we recommend you note down. If during the payment attempt the transaction is rejected from the bank’s side, please contact your account-keeping bank.
Why do I have to contact my account-keeping bank if the transaction is unsuccessful?
During the card-verification procedure the account-keeping (card-issuing) bank sends a note to the merchant’s bank collecting the amount (i.e. the ‘acquirer’ bank), asking if the transaction can be executed. The acquirer bank is not allowed to disclose any confidential information to the customer of another bank, only the bank that identifies the cardholder has the right to do so.
What does it mean if I get a text message from my bank about the reservation/blocking of the amount, but the merchant/service provider indicates that the payment was unsuccessful?
This can happen if the card was verified on the payment page but you did not return to the merchant’s/service provider’s website. If this is the case, the transaction is regarded as incomplete and is thus unsuccessful. In such cases your card is not debited with the amount and the reservation is released.
What do VeriSign and an ‘SSL communication channel with 28-bit encryption’ mean?
SSL (which stands for Secure Lockets Layer) is a widely accepted encryption procedure. Our bank has a 128-bit encryption key, which protects the communication channel. The company VeriSign enables CIB Bank to use the 128-bit key, which in turn allows us to provide SSL-based encryption. Currently this encryption method is used in 90% of all e-commerce trade worldwide. With the SSL functionality, the browser software used by the shopper encrypts the cardholder’s data prior to transmission, and thus the data is sent to CIB Bank in a coded form, which ensures that it cannot be deciphered by unauthorized persons.
After the payment my browser warned me that I was about to leave the security zone. Is the security of my payment still guaranteed?
Yes, absolutely. The payment process takes place on a 128-bit encrypted communication channel, so it is completely secure. After the transaction, you get back to the merchant’s website, and if the merchant’s website is not encrypted, your browser warns you that you have left the encrypted channel. This does not mean that the security of the payment is in any way jeopardized.
What is the meaning of the CVC2/CVV2 code?
In the case of MasterCard, the ‘Card Verification Code’, and in the case of Visa, the ‘Card Verification Value’, is a coded numerical value stored on the magnetic strip of the card, with which it can be established whether a card does in fact exist and is valid. When shopping online you need to give the CVC2 code, which is the last three digits of the row of numbers that you’ll find on the reverse side of your MasterCard.
What does Mastercard SecureCode mean?
Holders of MasterCard cards who are registered in the Mastercard SecureCode system choose a password at the card-issuing bank, with which they can identify themselves when shopping online and which helps ensure that their MasterCard cards are not used by unauthorized persons. CIB Bank accepts cards that have been issued within the Mastercard SecureCode system.
What does Verified by Visa mean?
Holders of Visa cards who are registered in the Verified by Visa system choose a password at the card-issuing bank, with which they can identify themselves when shopping online and which helps ensure that their Visa cards are not used by unauthorized persons. CIB Bank accepts cards that have been issued within the Verified by Visa system.
What is the UCAF code?
This is a unique code you may have been given by your card-issuing bank in the case of a MasterCard. If you did not receive such a code, leave the field blank.