Skip to main content

Using cards online


Everything is available online, from information to entertainment content. Online shopping with card payment has become a usual way of getting a desired product or service in just a few clicks.

Although online shopping is simple and fun, check what you have to be careful about to protect yourself from frauds: Safe use of cards.

Online payment with a card starts:
1. by selecting a desired product or service
2. by entering your personal details, such as your name and surname, as well as your delivery address
3. and by entering your card details: card number, expiration date and/or the three-digit number from the back of the card (so-called CVC).

All Zagrebačka banka cards support the 3-D Secure security standard, i.e., reliable authentication is ensured when making online payments with Zaba cards.

After entering your card details, the transaction authorization method depends on whether the point of sale accepts the security standard or a certain exception applies (e.g., small-value transactions, subscriptions - recurring transactions, etc.).

It is recommended to make payments at retail stores supporting 3-D Secure.

For paying with cards at online shops supporting the security standard, you need a Bank m-token. If you do not have a m-token, please visit your nearest Bank branch to arrange it. The m-token service is free-of-charge.

Methods of authentication:

  • by accessing the deep link shown on the point-of-sale mobile application screen, or by opening push message to access the Bank's m-token, or
  • by scanning the QR code shown on the Bank's screen via m-token.

Depending on the option, the Bank's interface screen with information about the online point of sale, payment amount and payment currency will open for the cardholder, after which they can confirm the payment.



Online card transactions can be confirmed via a deep link, a push message, or by scanning a QR code, depending on the manner in which the purchase is made (by accessing a web store via an internet browser or via an installed merchant mobile application): 

1. AUTHENTICATION VIA A DEEP LINK

When a card payment is executed in a merchant mobile application supported by a secure authentication protocol, the opening of the direct deep link for authentication on the Bank's screen must be initiated on the screen that appears. In this case, both applications must be installed on the same mobile device.

Sample screen:


Authentication via a deep link Screen 1

After selecting „Initiate“ (Pokreni) and logging into m-token in the usual manner, through PIN or biometric authentication, the Bank's screen on which purchase data are shown will open.


Authentication via a deep link Screen 2

If the data are correct and match the initiated payment, the option “Confirm” (Potvrdi) should be selected. After successful confirmation, the following screen will appear, which must be closed:


Authentication via a deep link Screen 3

After closing the previous screen, the option “Finish” (Dovrši) shown on the screen that appears in the point-of-sale mobile application should be selected.


2. 3DS PUSH PUSH METHOD via biometrics or PIN

Prerequisites for receiving push-messages:

  • m-zaba  – the option of receiving push messages is included (More-Settings-Notifications)
  • settings on mobile devices on which is installed m-zaba  – it is necessary to check whether the permissions for receiving m-zaba messages are turned on

Payment on mobile application of the merchant on the same device on which m-zaba is installed:


If the point-of-sale mobile application supports authentication via a deep link, the option “Initiate” (Pokreni) must be selected to initiate authentication by deep linking to the Bank’s screen. If the option “Finish” (Dovrši) is selected in this step, this will initiate the sending of a push message and the Bank's screen with transaction data will appear. To open the push message, biometric or PIN authentication method, i.e., the method selected for accessing m-token, is used. Upon opening the push message, the online purchase confirmation screen will appear.


Authentication via a deep link Screen 2

  • Please check the merchant name, amount, date before click on accepting the online payment (Potvrdi).
  • If all data matches your purchase, please click on Potvrdi on this screen.

Please open the push message as described above. When the push message is opened and confirmed, this screen would automatically be closed and there is no need to scan also the QR code.


3. AUTHENTICATION WITH QR CODE


The method is available while using card for payments on browser based merchants or the push message is not available. After the Bank's screen is displayed, you need to login in m-token.


Push message 3DS method