Frequently Asked Questions

Questions and answers about online card payments


What types of cards can be used to pay?

VISA and Mastercard embossed cards, and some VISA Electron, V Pay cards. The possibility to use VISA Electron cards online depends on the bank issuing the card. VISA Electron cards issued by CIB can be used for online purchases.

Which banks’ cards are suitable for online payments?

All VISA and Mastercard/Maestro cards that have been approved for online payment by the issuing bank, as well as webcards specifically designed for online use.

Is it possible to pay with shopping cards?

It is not possible to pay online with loyalty cards issued by merchants/service providers.

Can I pay with co-branded cards?

You can pay with any co-branded card that is a MasterCard or VISA card that is suitable for online payments.


How does the banking back-end process of online payments work?

The customer initiates the payment on the merchant’s/service provider’s website after choosing the payment method by credit card, which results in being redirected to the Bank’s payment page with a secure communication channel. To make the payment, you will be required to enter your card number, expiry date and the 3-digit validation code on the signature strip on the back of the card. The transaction is initiated by you and from then on the card is subject to real-time authorisation, which checks the authenticity of the card data, the coverage and the purchase limit. If all the data is correct for the transaction to proceed, the amount to be paid is blocked on your card by your account (card issuing) bank. The amount will be debited (deducted) from your account within a few days, depending on the account-keeping bank.

How is online shopping different from traditional card shopping?

We distinguish between card present and card not present transactions. A Card Present transaction is made using a POS terminal device. After swiping the card and entering the PIN code, the terminal contacts the cardholder’s bank via the authorisation centre and, depending on the type of card and the card issuer, via the VISA or MasterCard network. This is where the validity and coverage check (authorisation) takes place. The POS terminal (or the merchant) receives the approval or rejection by going backwards along the former route. The customer signs the receipt. Card not Present is a transaction where the credit card is not physically present. This includes mail, telephone and electronic (internet) transactions where the customer (cardholder) initiates the transaction by entering card details on a secure (256-bit encrypted) payment page. You will receive an authorisation number for a successful transaction, which is the same as the number on the paper receipt.

What is a reservation?

The transaction is immediately followed by a reservation (blocking) as soon as the bank becomes aware of it, as the actual debit requires the official data to be received first, which takes a few days and during which the amount purchased can be spent again. Therefore, with the reservation, the money purchased or withdrawn is isolated and placed under reservation. The reserved amount is added to the account balance, i.e. it earns interest, but cannot be spent again. Reservation ensures that transactions that are no longer covered can be rejected, even though the account balance would in principle still allow this.


In what circumstances can a transaction fail?

Usually, a payment order is not accepted by the issuing bank (i.e. where the customer received the card); but in the case of a debit card, this may also be because the authorisation request does not reach the issuing bank due to a telecommunication or IT error.

Card related error

  • The card is not suitable for online payments.
  • Use of the card over the Internet is prohibited by the account-holding bank.
  • Use of the card is prohibited.
  • Card details (card number, expiry date, signature strip code) have been incorrectly entered.
  • The card has expired.

Invoice error

  • No funds are available to complete the transaction.
  • The transaction amount exceeds the purchase limit of the card.

Connection error

  • The line may have been disconnected during the transaction. Please try again.
  • The transaction was unsuccessful due to a timeout. Please try again.

Technical error

  • If you have not returned to the merchant/service provider’s site from the payment page, the transaction failed.
  • If you have returned from the payment page, but the browser returns to the payment page via “back”, “reload” or “refresh”, your transaction will be automatically rejected for security reasons.

What to do if the payment procedure fails?

A transaction ID is generated for each transaction and we recommend that you record it. If a transaction is rejected by your bank during the payment attempt, please contact your account bank.

Why contact the account-holding bank if the payment fails?

During the card verification process, the account managing (card issuing) bank will notify the collecting (acquiring) merchant’s bank whether the transaction can be completed. The acquiring bank is not allowed to disclose confidential information to a customer of another bank, only the bank that identifies the cardholder is entitled to do so.

What does it mean if I have received an SMS from my bank about the reservation/ blocking of the amount, but the merchant/service provider indicates that the payment was unsuccessful?

This can happen if the card has been verified on the payment page but you have not returned to the merchant/service provider’s website. In this case, the transaction is considered incomplete and therefore automatically unsuccessful. In this case, the amount will not be charged to your card and the booking will be cancelled.


What is VeriSign and the TLS 256-bit encrypted communication channel?

TLS is an abbreviation for Transport Layer Security, an accepted encryption method. Our bank has a 256-bit encryption key that protects the communication channel. A company called VeriSign enables CIB Bank to use the 256-bit key to provide TLS-based encryption. This encryption method is currently used in 90% of the world’s electronic commerce. The browser program used by the customer uses TLS to encrypt the cardholder’s data before it is sent, so that it is encrypted before it reaches CIB Bank and cannot be read by unauthorised persons.

After payment, my browser warned me that I was leaving the secure zone. Is my payment secure?

Absolutely yes. The payment process is encrypted over a 256-bit encrypted communication channel, so it is completely secure. After the transaction you will be returned to the merchant’s website, if the merchant’s site is not encrypted, your browser will warn you that you have left the encrypted channel. This does not pose any risk to the security of your payment.

What does the CVC2/CVV2 code mean?

The Card Verification Code for MasterCard and the Card Verification Value for Visa is a numeric value encoded on the magnetic stripe of a bank card that can be used to verify the authenticity of a card. The CVC2 code, which is the last three digits of the numeric code on the back of the Mastercard/Maestro card, is used for online purchases.

What does Verified by Visa mean?

Verified by Visa is a security verification of Visa cardholders based on a unique code or biometric identification (facial recognition, fingerprint or other human characteristic) set up by the issuing bank to identify themselves when shopping online and to protect against unauthorised use of Visa cards. CIB Bank accepts cards issued under the Verified by Visa scheme.

What is Mastercard Identity Check (ID Check)?

Mastercard ID Check is a security check for Mastercard/Maestro cardholders set up at the issuing bank based on a unique code or biometric identification (facial recognition, fingerprint or other human characteristic) to identify themselves when shopping online and to protect against unauthorised use of Mastercard/Maestro cards. CIB Bank accepts cards issued within the Mastercard ID Check system.