Online shopping now even more secure!
Change in online bankcard payments!
From 31 October 2020 the process of confirmation of shopping online using a bankcard will change, and the use of a confirmation code will be replaced by a new process in many cases. The new process is based on the European Union’s Payment Services Directive - Strong Customer Authentication (PSD2 - SCA)1, making purchases even more secure than before. As a result, only the cardholder will be able to confirm transactions even if they lose their mobile phone and their bankcard at the same time.
We will provide our cardholder customers with CIB Bank Mobile Application or a limited, so-called Card Authentication function of the application in order to support this new confirmation process.
How will the purchase process change?
Previously, you had to enter an 8-digit code received in a text or push message to authenticate your online bankcard purchase. From 31 October 2020, if you wanted to make an online purchase using your bankcard can be confirmed via the CIB Bank Mobile Application. In some cases, text-message approval will be retained, and in certain cases you may not even need to approve the transaction at all – see “Are there any exceptions?” section for further details.
You need to start your online shopping as usual. After selecting the bankcard payment method, you will need to enter your bankcard number, its expiry date, the name written on the card, and the 3-digit CVC/CVV code on the back of the card, just like before. After this you will need to take the following steps using the CIB Bank Mobile Application:
- You will receive a push message on your device from the CIB Bank Mobile Application.
- Touch the push message to start the confirmation process for the transaction. The CIB Bank Mobile Application will open.
- Sign in to the app with biometric identification (fingerprint or facial recognition) or using the PIN for the app.
- Check your purchase details (amount, date, shop name, etc.).
- Confirm the transaction either with biometric identification (fingerprint or facial recognition) or using the PIN of the mobile app.
- A check mark icon in a green circle will appear to indicate that the transaction was successful.
What are the steps of switching to the new process?
31 October 2020: the start of the technical transition to strong customer authentication enabling clients to use the CIB Bank Mobile Application or the Card Authentication function of the mobile application for approving online bankcard payments as described above.
31 October 2020 - 31 December 2020: during this transitional period, online bankcard payments can be approved through the CIB Bank Mobile Application. However, in some cases during the transitional period, it will be possible to use the familiar 3D Secure code to approve transactions in EEA3 member countries. From 31 October, all clients will receive the 3D Secure code in text message , free of charge.
1 January 2021: in the case of transactions within EEA member countries, transactions can no longer be authenticated by text message . You will only be able to approve your online bankcard purchases using the CIB Bank Mobile Application or the Card Authentication function of the mobile application. However, for certain transactions, no approval will be needed at all on the part of the cardholder (see the “Are there any exceptions?” section for further details). The reason you need the CIB Bank Mobile Application or its Card Authentication function is to ensure that all your transactions are approved by a 100% secure process.
What happens if identification is unsuccessful?
If you have set up biometric identification, then after the second failure (e.g. because you touched your phone with the wrong finger or your finger was wet), you will be allowed to confirm your transaction 3 more times using the PIN set up in the application.
If you prefer the PIN to confirm the transactions, you can make 3 attempts to confirm the transaction.
If the above maximum number of failures is exceeded, your profile registered in the CIB Bank Mobile Application will be deleted immediately, and you will be notified of this at once. To restore your profile, please call CIB24 (+36 1 4 242 242), visit any of our branches, or use the Application Recovery Code that you were required to set up when registering your profile.
What do you need for the new confirmation process?
For the new process of confirming online purchases made with a bankcard, you will need the following:
- a smartphone or tablet
- internet access: mobile or Wi-Fi connection
- CIB Bank Mobile Application downloaded to your smartphone or tablet
What should you do if you want to shop online with your bankcard after the change?
We have summarised the additional steps you need to take to continue shopping online using your bankcard after 31 October 2020.
3D phone number2 registration
If you happen not to have registered a so-called 3D phone number2 in our systems, which is necessary for online authentications, please first call our CIB24 Customer Service Call Centre and tell us this phone number so that we can link it to your bankcard(s). If you have more than one bankcard issued by CIB Bank, you need to provide this telephone number separately for each bankcard. In addition to the 3D phone number2 you will also have to use the CIB Bank Mobile Application to confirm online purchases in the future, so after this, please register either for the full version of the CIB Bank Mobile Application or the Card Authentication function of the CIB Bank Mobile Application as detailed in the next section.
Availability of the CIB Bank Mobile Application
- For our cardholder customers who have the CIB Bank Mobile Application, the new confirmation process is set up automatically, so these customers do not need to take any further steps. The new process will also be set up automatically if you, as a cardholder, have the CIB Bank Mobile Application, and you have been using text message to confirm your transactions so far.
- If you do not have a CIB Bank Mobile Application, there are two possible solutions:
- Request and sign a contract for the CIB Bank Mobile Application in person at a branch office or, as a retail customer, even via our CIB24 Customer Service Call Centre at +36 1 4 242 242! Besides enabling you to confirm your online card payments, using the CIB Bank Mobile Application has the added advantage of enabling you to manage your finances conveniently from your mobile phone, anytime and anywhere. Our staff will help you every step of the way.
- If you are not in a position to use, or do not want to use the full mobile app, you have the option to set up only the Card Authentication function of the CIB Bank Mobile Application, which can only be used to confirm online purchases made by a bankcard and does not require a contract. If you choose this option, first download the CIB Bank Mobile Application and then register using the code we send you in a text message. It’s important to note that if you choose this option, you will not be able to use the CIB Bank Mobile Application for any other purpose other than to confirm online purchase transactions. Our bank will send you a registration code several times until you have successfully registered.
Click the link below to learn more about what you need to do.
Are there any exceptions?
Online purchases in countries outside the EEA
According to the European Union directive, the changes made in the authentication process only apply to purchases in the case of which the online acceptance point (Merchant) is located in one of the Member States of the European Economic Area (EEA)3. Therefore, if you purchase an item in the webshop of a trader based in a country outside the EEA3, for example in America or Asia, you will probably not be required to approve the transaction using the new authentication process as such traders are not subject to the PSD2 regulation.
Online purchases in EEA member countries
Similarly, in the case of small-value online transactions, i.e. purchases of a value below €30, with traders based in an EEA3 member country, the new authentication process will not be required. If, however, the aggregated amount of several consecutive transactions below €30 reaches €100, strong customer authentication must be applied, i.e. the transaction must be approved by the new authentication process.
1 Commission Delegated Regulation (EU) 2018/389 of 27 November 2017 supplementing Directive (EU) 2015/2366 of the European Parliament and of the Council with regard to regulatory technical standards for strong customer authentication and common and secure open standards of communication.
2 If a retail customer applied for their bankcard before 1 February 2019 and
• had the CIB Bank Mobile Application, they will receive the Confirmation code for online purchases in a smart notification (push message from the mobile application)
• did not have the CIB Bank Mobile Application before this date, the codes will be sent to the mobile phone number registered in the CIB Card Monitoring service via text message
• did not have either the mobile application or the Card Monitoring service, the codes will be sent to the notification mobile phone number specified in the contract.
• If the client does not have access to the CIB Mobile Bank service and has not provided a notification mobile phone number, then they will not have a 3D telephone number until they have specified the method of notification by phone at the CIB24 Customer Service Call Centre, after identification, or in person at a branch.
If clients applied for a bankcard after 1 February 2019, this means they will have specified a 3D phone number during the application process.
For corporate customers (including sole traders), if a Card Monitoring service was set up for the card in question before 1 February 2019, the phone number provided here has been set up as a 3D phone number.
3 The following countries are members of the European Economic Area: Austria, Belgium, Bulgaria, Cyprus, Czech Republic, Denmark, United Kingdom, Estonia, Finland, France, Greece, Netherlands, Croatia, Ireland, Poland, Latvia, Lithuania, Luxembourg, Hungary, Malta, Germany, Italy, Portugal, Romania, Spain, Sweden, Slovakia, Slovenia (Member States of the European Union) and Iceland, Liechtenstein, Norway, as countries that are parties to the Agreement on the European Economic Area.
The detailed terms and conditions of the service are specified for retail customers in the Bank’s Specific Business Regulations pertaining to Bank Cards for Consumer, Specific Business Regulations pertaining Internet-based Electronic Services for Consumers and Sole Traders, and General Retail Business Regulations for Consumers and Sole Traders; and for businesses, in the Specific Business Regulations pertaining to Bank Cards for Companies, Other Organisations and Sole Traders, and in the Bank’s Corporate Banking Business Regulations.