Using cards online

Everything is available online, from information to entertainment content. Online shopping with card payment has become a usual way of getting a desired product or service in just a few clicks.

Although online shopping is simple and fun, check what you have to be careful about to protect yourself from frauds: Safe use of cards.

Online payment with a card starts:
1. by selecting a desired product or service
2. by entering your personal details, such as your name and surname, as well as your delivery address
3. and by entering your card details: card number, expiration date and/or the three-digit number from the back of the card (so-called CVC).

All Zagrebačka banka cards support the 3-D Secure security standard, i.e., reliable authentication is ensured when making online payments with Zaba cards.

After entering your card details, the transaction authorization method depends on whether the point of sale accepts the security standard or a certain exception applies (e.g., small-value transactions, subscriptions - recurring transactions, etc.).

It is recommended to make payments at retail stores supporting 3-D Secure (Mastercard Identity Check, Visa Secure).

For paying with cards at online shops supporting the security standard, you need a Bank m-token. If you do not have a m-token, please visit your nearest Bank branch to arrange it. The m-token service is free-of-charge. 

Important: On 26 June 2024 the possibility of authorization of a payment transaction by card at an online point of sale via m-token by entering MAC/APPLI2 data, is terminated and it is implemented a new way of authorizing with QR code.

The new way of authorizing card transactions at the online point of sale will be as follows:

• Confirmation in the computer browser

Confirm the transaction via m-zaba push message which you received on your mobile device.

If you want to authorize the transaction with the displayed QR code, do it in four steps: 1. Download new version of m-zaba, 2. Choose m-token 3. Choose „Scan QR code“ option 4. Confirm transaction.

• Confirmation in the mobile device

m-zaba push message will arrive to your mobile device (which may take up to 30 seconds). In case you haven't received it, we will resend it. After receipt, open it and confirm. Then click „Continue“.

If you haven't received it, check in your device settings if receiving push messages for m-zaba is enabled. After checking, repeat the purchase.

FAQ:

What is the 3-D Secure security standard?

The 3-D Secure security standard is a cardholder identification service which allows secure online shopping using debit cards and Mastercard credit cards. When using your card to make an online payment, you confirm your transaction by using the Bank’s m-token.

How to pay using a card if the 3-D Secure security standard is implemented?

Card transactions online could be authorized via m-zaba push message or by scaning the QR code, depanding on the way of performing the transaction (browser or app-based transaction).

1. 3DS PUSH METHOD via biometrics or PIN

Prerequisites for receiving push-messages:

- m-zaba - the option of receiving push messages is included (More-Settings-Notifications)

- settings on mobile devices on which is installed m-zaba - it is necessary to check whether the permissions for receiving m-zaba messages are turned on

Payment on mobile application of the merchant on the same device on which m-zaba is installed:

1. After selecting payment confirmation in merchant's application, you would simultaneously receive a push message from the Bank and the Bank's screen with payment transaction information would be displayed:

After opening the push message with biometric or PIN, the new screen for online payment will be displayed. First you need to accept (Potvrdite) the online payment before you click on Continue (Nastavite) on previous screen:

1. Please check the merchant name, amount, date before click on accepting the online payment (Potvrdi). 

2.  If all data matches your purchase, please click on Potvrdi on this screen and Nastavi on previous screen.



Please open the push message as described above. When the push message is opened and confirmed, this screen would automatically be closed and there is no need to scan also the QR code.



The method is available while using card for payments on browser based merchants or the push message is not available. After the Bank's screen is displayed, you need to login in m-token.

Why is the security standard enabling screen not displayed?

This screen is not displayed at retail stores that have not implemented the 3-D Secure security standard or where a certain exception from the implementation of reliable authentication applies (e.g., small-value transactions or recurring transactions – various subscriptions, etc.). The security of using a card for online payments depends on the security standards implemented by retail stores. Zagrebačka banka ensures that card payments remain secure and has implemented the 3-D Secure security standard for all cards issued by Zagrebačka banka.

Which Zagrebačka banka cards can be used for online payments?

All Zagrebačka banka cards may be used for online payments and support the 3-D Secure security standard.      

In addition to the 3D Secure security standard implemented, which other card security measures are taken?

For security reasons, Zagrebačka banka additionally defines daily spending limits and the maximum number of transactions for different cards. Such defined limits may be changed at cardholder’s request, depending on the needs and habits associated with using payment cards.

What is important to check before using websites where cards are used for payment (PayPal, Google, Amazon, etc.)?

Before using an online shop where cards are used for payment or where your card number is saved for future payments, please thoroughly examine and check all terms and conditions, save your username and password, and always sign out when you are finished.

In addition to the card number expiration date, online shops ask for my CVV or CVC or a security code. Where can I find this information?

CVV (Card Verification Value) or CVC (Card Verification Code) is a 3-digit number appearing on the back of your card.

What should I be careful about when booking accommodation (hotel, apartment, etc.) online?

Each time he/she shops online, including booking and/or paying for accommodation using his/her payment card, the user must read the accommodation service provider’s business terms and conditions and whether or not any payment will be required in case of failure to appear or early departure. In certain situation, the offer is particularly favorable precisely because the accommodation service provider does not provide the option to subsequently cancel the accommodation or modify the terms of your reservation, in which case the customer will not receive a refund of the advance payment made using his card. It is also recommended to only use your card at sites known to be secure and, in case you do not know the service provider’s language, retain the service from a local travel agency.

What should I do if I want to cancel a card-based subscription for a service arranged online (for example, a daily/monthly/annual subscription to an online magazine or professional portal, online game subscriptions, etc.)? Do I need to block the card and submit a complaint to Zagrebačka banka?

As this service was arranged with an online store, please read the terms and conditions of using the service available on their website, which should include information about the options of canceling the service and the relevant notice period, if any. You should submit your subscription cancelation request to the online store. As an exception, if you are unable to have your service cancelation request processed (the website is no longer available or the service provider denies your request), you can contact the Bank for advice. In that case, please attach your service cancelation request and all correspondence between the service provider and you as the cardholder and their customer and we will try to help.