Kreditkartenzahlung Beschreibung

Informationen zur Sicherheit

In diesem Abschnitt informieren wir Sie darüber, wie Sie Ihre Käufe sicher tätigen können.

In unserem Internetkaufhaus können Sie mit der sicheren Kartenzahlungsanwendung der CIB Bank zahlen. Die Sicherheit basiert auf der Trennung der Daten. Das Internetkaufhaus erhält die Informationen über Ihre Bestellung, die CIB Bank erhält über die durch eine 128-Bit-SSL-Verschlüsselung erstellte Zahlseite ausschließlich die für die Zahlungstransaktion erforderlichen Kartendaten. Das Internetkaufhaus erhält keinerlei Informationen über die auf der Zahlseite angegebenen Daten, diese sind nur der CIB Bank zugänglich. Über das Ergebnis der Transaktion werden Sie nach der Zahlung auf der Seite des Internetkaufhauses informiert. Um eine Kartenzahlung vornehmen zu können, muss Ihr Internetbrowser die SSL-Verschlüsselung unterstützen.

Der Gegenwert der gekauften Waren/Dienstleistungen, also der gezahlte Betrag, wird auf Ihrem Kartenkonto sofort gesperrt. Bitte lesen Sie dazu unsere ausführlichen Informationen!

Willkommen in unserem Internetkaufhaus mit der sicheren Internetzahlungslösung der CIB Bank!

In diesem Abschnitt informieren wir Sie darüber, wie Sie Ihre Käufe sicher tätigen können.

Worauf Sie beim Kauf achten sollten:

Sicherheit

SSL ist die Abkürzung für das allgemein anerkannte Verschlüsselungsverfahren Secure Sockets Layer. Unsere Bank verfügt über den 128-Bit-Verschlüsselungsschlüssel, der den Kommunikationskanal schützt. Die Firma VeriSign ermöglicht der CIB Bank die Anwendung des 128-Bit-Schlüssels, mit dem wir die SSL-basierte Verschlüsselung vornehmen. Diese Art der Verschlüsselung wird derzeit weltweit bei 90 % der Transaktionen des elektronischen Handels verwendet. Mit Hilfe von SSL verschlüsselt der Browser des Kunden die Karteninhaberdaten, bevor er sie abschickt, sodass diese in codierter Form bei der CIB Bank ankommen und somit für Unbefugte keine Aussagekraft besitzen.

Mit welchen Karten können Sie zahlen?

Im Internetzahlungssystem der CIB Bank können Sie mit MasterCard/Maestro, mit den zur VISA-Produktfamilie gehörenden VISA- und VISA-Electron-Karten (mit Electron-Karten nur dann, wenn die ausstellende Bank dies ermöglicht) zahlen, außerdem mit Internetkarten, die für die Verwendung über das Internet geeignet sind.


Schritte der Zahlung

  1. Sie wählen auf der Seite des Internatkaufhauses die Ware/Dienstleistung aus, die Sie mit Karte bezahlen möchten.
  2. Danach werden Sie auf die Seite der CIB Bank weitergeleitet, die eine sichere Zahlung garantiert. Dort müssen Sie die für den Beginn der Zahlung erforderlichen Kartendaten angeben.
  3. Nach der Angabe der Kartendaten leiten Sie die Transaktion durch Anklicken der Schaltfläche Zahlung ein.
  4. Nach der Zahlung werden Sie auf die Seite des Internetkaufhauses zurückgeleitet, wo Sie eine Rückmeldung über das Ergebnis der Transaktion erhalten.

Im Falle einer Kartenzahlung beginnt die CIB Bank nach der erfolgreichen Transaktion – die bedeutet, dass die Karte nach der Prüfung ihrer Gültigkeit und ihrer Deckung angenommen wurde – mit der Belastung des Kontos des Karteninhabers mit dem Preis für die Ware oder Dienstleistung.

Sollten Sie von der Zahlseite nicht auf die Seite des Internetkaufhauses zurückgeleitet werden, gilt die Transaktion als erfolglos. Wenn Sie auf der Zahlseite der Bank die Schaltflächen „Zurück/Back“ oder „Aktualisieren/Refresh“ Ihres Browsers anklicken oder das Browserfenster schließen, bevor Sie ins Internetkaufhaus zurückgeleitet wurden, gilt die Zahlung als erfolglos.

Wenn Sie weitere Informationen über das Ergebnis der Transaktion, im Falle einer erfolglosen Transaktion über die Gründe und Einzelheiten derselben erhalten möchten, wenden Sie sich bitte an Ihre kontoführende Bank.

Frequently Asked Questions

1. BUSINESS-RELATED QUESTIONS

What is the role of the bank in the service?
Since it is a financial institution, our bank only provides financial services, that is, it performs the verification of bank cards and the settlement of transactions within the framework of the eCommerce service. Our Bank cannot provide web shop software. We can, of course, recommend third-party providers who can assist you by implementing the web shop or connecting an already developed web shop to the bank’s payment page, or by hosting the web shop.


What conditions need to be met in order to be able to use the service?
In line with our provisions regarding company history, your company must have been operating for at least three months and must have an account-management history with any Hungarian bank of at least three months.


Does the bank specify any content restrictions for web stores that wish to contract with it?
Based on our terms of contract, no Card Acceptance Agreement may be concluded with a merchant who maintains a web shop or provides a content service that offers goods or services over the internet that could damage the bank’s reputation (e.g. sex and pornography, illicit drugs, arms, gambling, illegal trading, etc.).


What is needed in order to use the service?
The Application Form (“Adatlap ajánlatkéréshez”) that can be found in the “Related documents” infobox on the eCommerce product page of CIB Bank’s website (http://www.cib.hu/kis_kozep_nagy_vallalatok/szolgaltatasok/kartyaelfogadas/ecommerce/index) must be completed, provided with an authorised signature, and submitted at any branch of the bank or emailed to efizetes@cib.hu. If the application meets the conditions for the use of the service, the next step is to conclude a Card Acceptance Agreement and if the applicant does not have an account with our bank, he or she will also need to open a HUF or HUF and EUR current account.


What cards can be used for shopping on the internet and what types of card are accepted by the bank?
At present, our bank accepts bank cards that belong to the Visa and Mastercard product family and that are suitable for internet shopping. Of these, the following cards can be used on the internet: MasterCard, Visa, Visa Electron and Maestro cards (in the last two cases, the card may be used for online shopping if the card-issuing bank authorises it) and cards specifically issued for the purpose of online payment (e.g. CIB Internet Card).


Is settlement in a currency other than forint possible?
Currently, our bank performs forint and euro-based settlement. This is also true for transactions carried out using other international cards. The transaction amount is in each case credited to the merchant’s forint or euro account kept at our bank.
In the case of payment by card in a currency other than those mentioned above, based on the legal provisions currently in effect, the price must be displayed in your web shop in the national currency as well, that is, in forint. Conversion will be made by the financial institution (international card company or, if necessary, the card-issuing bank) intermediating in the process of the online authorisation of the transactions, at its own exchange rate. The amount paid for the purchases will be credited to the merchant’s account in the currency of the transaction, that is, in forint or in euro.


What happens if the card holder pays with a card of a currency other than forint or euro?
Depending on the parameters set by the merchant, our bank will request authorisation for the transaction in forint or euro (and so the request for authorisation of the transaction will appear on the card holder’s account in forint or euro). Our Bank will then forward the transactions to the card company for settlement in forint or euro. Our Bank does not perform any kind of conversion or exchange. The card company converts the transactions at its own exchange rate to the currency in which settlement is made with the card-issuing bank. The card-issuing bank converts the amount received, debited in foreign currency, to the currency in which the card holder’s account is kept. In addition to the above, as a few days pass between the transaction and the debiting, no calculation can be made in advance, as the exchange rate that will be valid on the day of debiting cannot be foreseen.
The final amount indicated on the card holder’s account statement may differ from the amount indicated on the merchant’s/service provider’s website due to changes in the exchange rates.


Who is competent to respond to complaints regarding the outcomes of card payment?
Maintaining contact with the customer (shopper) is in all cases the responsibility of the party contracted for card acceptance. For the purpose of informing customers, the web shop is obliged to display the response code and text received from the bank regarding the outcome of the transaction. Customers can ask for more detailed information from the card-issuing bank’s customer service centre by calling the telephone number provided on the reverse side of the card. CIB Bank Zrt. can only provide information regarding transactions for its own contractual partners.


Do I get a confirmation of the transaction?
Each and every transaction is an irrevocable operation. This means that the customer, i.e. the card holder, as well as the merchant and the card acceptor each receives an immediate confirmation of the transaction in electronic form when it is executed. Card acceptors also receive a paper-based statement called a Merchant’s payments and turnover statement, which allows them to see and trace successful transactions. The service includes the option of requesting paper-based Merchant’s statements to be issued in electronic format as well. The e-Statement contains the data of successful transactions that have been processed on the given day, and can be downloaded via the CIB Business Terminal systems.


Is it possible to customise the bank’s payment page to match the look of the web shop?
We have a function available that enables merchants to customise the payment page so that it is consistent with the look of their web shop, by placing the header or logo of their website on their secure payment page maintained on CIB’s server. The above-mentioned page must comply with the prescribed structure and content, and the graphical restrictions related to the bank and to security must be observed.

What sort of legal regulations are there that relate to e-commerce?
The specific rules applicable to e-commerce services are contained in Act CVIII of 2001, but in the course of pursuing these activities, all other legal provisions applicable to “traditional” trading activities must also be complied with (e.g. consumer protection, advertising, authority permit-related provisions). The latest legal regulations pertaining to e-commerce can be accessed at http://www.khem.gov.hu/feladataink/elker.
 

2. DEVELOPMENT TASKS


What are tasks to be performed by the in-house developer of a store or shop?
Our Bank provides a protocol description to the merchant for use with the eCommerce payment module, as well as an encryption and decryption software application required for communication and what is referred to as an individual shop identifier for the specific contracting partner.
The developer’s task is to implement the conditions required for connection to the bank’s payment server; that is, to develop a program for the forwarding and management of data between the web shop and the bank, and to provide technical support to the web shop in connection with development in the future, and so on.
Development of the protocol
The protocol is an HTTP-based communication regulated by URL parameters. The payment process consists of 3 main parts:
transaction initialisation
directing the customer (shopper) to the bank inquiring about the transaction outcome
The first and the third steps progress similarly: once it has collected and encrypted the required information, the shop sends it (using the software supplied by the bank) as a URL parameter to the bank’s server. The bank’s server returns a content-type response, using the same encryption method as the inquiry. The second step is slightly different: it is an HTTP rerouting to the bank’s payment page, resulting in the termination of the connection with the shop and redirection to the bank"s payment page using strong encryption.


What kinds of server-side platforms are supported by the bank?
Our payment module is platform independent; it can be implemented in any language, and in most cases to date it has been used on a PHP basis. The protocol can be implemented by tools of your own choice. With the technical documentation, we enclose PHP, Java and, for the ekiCrypt program supplied by the bank, a model script.


What platforms does the encryption program provided by the bank run on?
In Unix and Win32 systems.


Which server is the payment page on?
In all cases, our client’s dedicated payment page is located on the bank’s server. The payment page cannot be embedded into the client’s own website as a frame.


What exactly is the process in a secure transaction?
1. The merchant initialises the transaction
This step is performed by a URL-call, where the transaction parameters are forwarded to the bank in an encrypted format. The bank returns the result in a similarly encoded format in the content section of the called page. The (RSA-compliant) program required for encryption is supplied by the bank. The program uses 3DES encryption.
2. Redirecting the customer to the payment page
This step is doubly secure, as the parameters encrypted in the above way arrive to us through redirection to an SSL page.
3. Input of the customer’s card data
The payment page uses 128-bit SSL technology and the certificate is secured by VeriSign.
4. Redirecting the customer to the merchant
The customer is redirected to a predetermined URL by using parameters encrypted by the method described in the first step.
5. The merchant’s inquiry concerning the outcome
With the help of the URL-call discussed in step one, the merchant can ascertain the outcome of the transaction.


What kind of support can the bank provide in the case of a proprietary development?
Development support covers all issues related to protocol development, but we cannot help with the basic programming algorithms.


Is there a fee to pay for the bank’s support?
Support is provided free of charge in the development and testing phases, but the merchant must pay a one-off connection fee.


Does the bank provide a testing opportunity?
Yes. The test system can be used after the contract has been concluded, in the way that is specified in the technical documentation provided. For the card payment function to go live, the bank’s approval is needed, which requires at least one successful test by the bank as well.


What kind of bank cards need to be used for testing?
In the test environment, when simulating a bank-card payment, any card number not in use, beginning with 4 or 5, and any future expiry date can be specified.


What are the requirements for the card payment system to go live?
Before the online card acceptance function of the web shop can go live, the bank tests the web shop in the test environment. In addition to checking the successful implementation of the payment function, the test includes checking the individual steps in ordering, such as registration, the process of product selection, the existence of communications for informing the customer, etc.
In accordance with the current legal provisions, the price must be displayed in forint as well, regardless of the currency used by the web shop for sales purposes. Besides displaying other currencies, it is compulsory to state the fact that the payment will be debited in forint.
The card logo provided in the documentation package supplied by the bank, the CIB Bank logo, and the customer information notice on payments must be displayed on the site of the web shop.
The outcome of the transaction must be confirmed by displaying the data on the screen and sending it in an email.

It is a requirement that it be possible to link the transaction data to the data of the customer’s order in the web shop’s administrative or order-tracking system. In practice, this means that it must be possible to retrieve the transaction data related to the payment by card of the ordered product or service.
If a time-out occurs in any phase of the transaction, it will be closed by our system as unsuccessful, and it is the task of the web shop to delete the order and to close the transaction on the web shop’s page, and to communicate this fact to the customer by displaying it on the confirmation screen or by sending it in an email.
If the payment transaction is unsuccessful for any reason, it must be possible to restart the payment process.
I want to embed CIB’s eCommerce service in a web shop system, but I do not have the professional resources required for the development of the service.

How can the integration be implemented?
If you want to have the CIB Bank card payment module developed by an external provider rather than to develop it in-house, CIB Bank can recommend suppliers who can assist you in implementing the technical integration and thus provide you with a flexible and rapid connection. For more information regarding these development firms and their contact information, go to the product page of the eCommerce service at: http://www.cib.hu/kis_kozep_nagy_vallalatok/szolgaltatasok/kartyaelfogadas/ecommerce/index


Is there a CIB eCommerce module that has been integrated into a web shop system?
In cooperation with CIB Bank, CIB eCommerce card payment modules (e.g. osCommerce, VirtueMart) have been developed for certain web shop systems to make integration simpler. These modules are sold and the related technical support is generally provided by the company that develops them. You will find information required for the use of the individual payment modules at the web address given in the previous point.


Is it compulsory to indicate the price in forint next to the product or service being sold?
Under the prevailing legal provisions, prices must be displayed in forint as well – regardless of what currency the web shop wants to sell in.


Does the bank indicate the payable amount on the payment page in another currency as well?
Yes – in the case of forint-based transactions, in dollars and euros (translated at its USD and EUR forex sell rates) for information purposes, and in the case of euro-based transactions, compulsorily in forint and, for information purposes, in dollars too (translated at its USD forex sell rate). As individual card-issuing banks apply different exchange rates for translation purposes, the exchange rates quoted by CIB Bank on the payment page are indicative only.


What kind of security solution does the bank provide?
The internet is a public network, and for this reason particular attention needs to be paid to data security. We assure data protection through the SSL (Secure Sockets Layer) procedure, the standard encryption procedure for the internet, and as a result the payment information provided online moves between the browser and the web server in an encrypted format (with the help of a 128- bit encryption key).


Is it possible for customers to provide the card data on the merchant’s website and then have the latter forward them to the bank?
This procedure is prohibited; the bank offers a payment solution through which the customer can provide the card data directly on the bank’s payment page, which ensures the security of card payment.
Should you have any further questions in relation to the above, please do not hesitate to contact us at ecommerce@cib.hu.
 

Questions and answers about card payments made on the internet

What types of card can be used for making payment?

VISA and MasterCard embossed cards and certain VISA Electron cards. Whether you can use VISA Electron cards for online transactions depends on the bank that issued the card. The VISA Electron cards that are issued by CIB can be used for making purchases online.

Which bank cards are suitable for making online payments?

All embossed VISA cards and MasterCards/Maestro that have been enabled for online payment by the card-issuing bank, as well as webcards that are specifically designed for online use.

Is it possible to pay with shopping cards?

It is not possible to make payments online using points-based loyalty cards issued by merchants or service providers.

Is it possible to pay with co-branded cards?

It is possible to pay using any co-branded card, provided that it is a MasterCard or VISA card suitable for making payments online.

THE PAYMENT PROCESS

What happens at the bank in terms of support processes for online payment?

After selecting ‘card’ as the method of payment on the merchant’s/service provider’s website, the person making the purchase initiates the payment, as a result of which he or she is redirected to the bank’s payment page equipped with a secure communication channel. In order to make the payment, you will need to enter the card number, the expiry date of the card, and the 3-digit validation code that is on the signature strip on the reverse side of the card. It is you who starts the transaction; after that, the card undergoes a real-time authorisation process in which the genuineness of the card data, the funds coverage and the purchase limit are checked. If all the data is satisfactory, the transaction can be continued and your account-keeping (card-issuing) bank blocks the payable amount on your card. The amount will be charged to (debited from) your account within a few days, depending on the account-keeping bank.

How does buying on the internet using a card differ from conventional card purchases?

There are important differences between what are known as ‘card-present’ transactions and ‘card-not-present’ transactions. Card-present transactions take place using a POS terminal. After the card is swiped and the PIN code is keyed in, the terminal contacts the cardholder’s bank via the authorisation centre and, depending on the type and the issuer of the card, through the VISA or MasterCard network. This is where the validity of the card is verified and the coverage check is performed (i.e. where authorisation takes place). The response is sent back along this same path, and thus the POS terminal (or the merchant) receives the authorisation or the rejection. The buyer then signs the sales slip. Card-not-present transactions are where the bankcard is not physically present at the time of processing. These include transactions initiated by way of a posted letter, by phone or electronically (over the internet), where the buyer (cardholder) initiates the transaction by entering the requested card data on a (128-bit encrypted) payment page. Here, you receive an authorisation number related to the successful transaction, which is the same as the number you find on a paper-based sales slip.

What does reservation mean?

As soon as the bank is informed of the transaction, reservation (blocking) follows, since for the actual debiting to take place the official data must first arrive, which takes a few days and during this time the money earmarked for the purchase could otherwise be spent on something else. For this reason, the money that has been used for the purchase or withdrawn in cash is separated and ‘reserved’. The reserved amount remains part of the balance of the account, that is, it continues to earn interest, but it cannot be spent again. Reservation ensures that any transactions for which there are no longer sufficient funds are rejected, even though the account balance would otherwise allow the transaction to go through. If the debit instruction does not arrive within the space of a few days, the bank may release the reserved amount, which thus becomes spend able again.

UNSUCCESSFUL PAYMENTS AND WHAT TO DO ABOUT THEM

When might a transaction be unsuccessful?

Generally, these are payment orders that are not accepted by the card-issuing bank (i.e. the bank from where the customer obtained the card), though where bankcards are used, the reason could also be that due to a telecommunication or computer error, the request for authorisation has not reached the card-issuing bank.

Possible problems related to the card

Possible problems related to the account

Possible problems in the connection

Possible ‘technical’ problems

What should you do if the payment procedure is unsuccessful?

For all transactions, a transaction identifier is generated, which we recommend you note down. If during the payment attempt the transaction is rejected from the bank’s side, please contact your account-keeping bank.

Why do I have to contact my account-keeping bank if the transaction is unsuccessful?

During the card-verification procedure the account-keeping (card-issuing) bank sends a note to the merchant’s bank collecting the amount (i.e. the ‘acquirer’ bank), asking if the transaction can be executed. The acquirer bank is not allowed to disclose any confidential information to the customer of another bank, only the bank that identifies the cardholder has the right to do so.

What does it mean if I get a text message from my bank about the reservation/blocking of the amount, but the merchant/service provider indicates that the payment was unsuccessful?

This can happen if the card was verified on the payment page but you did not return to the merchant’s/service provider’s website. If this is the case, the transaction is regarded as incomplete and is thus unsuccessful. In such cases your card is not debited with the amount and the reservation is released.

SECURITY

What do VeriSign and an ‘SSL communication channel with 28-bit encryption’ mean?

SSL (which stands for Secure Lockets Layer) is a widely accepted encryption procedure. Our bank has a 128-bit encryption key, which protects the communication channel. The company VeriSign enables CIB Bank to use the 128-bit key, which in turn allows us to provide SSL-based encryption. Currently this encryption method is used in 90% of all e-commerce trade worldwide. With the SSL functionality, the browser software used by the shopper encrypts the cardholder’s data prior to transmission, and thus the data is sent to CIB Bank in a coded form, which ensures that it cannot be deciphered by unauthorised persons.

After the payment my browser warned me that I was about to leave the security zone. Is the security of my payment still guaranteed?

Yes, absolutely. The payment process takes place on a 128-bit encrypted communication channel, so it is completely secure. After the transaction, you get back to the merchant’s website, and if the merchant’s website is not encrypted, your browser warns you that you have left the encrypted channel. This does not mean that the security of the payment is in any way jeopardized.

What is the meaning of the CVC2/CVV2 code?

In the case of MasterCard, the ‘Card Verification Code’, and in the case of Visa, the ‘Card Verification Value’, is a coded numerical value stored on the magnetic strip of the card, with which it can be established whether a card does in fact exist and is valid. When shopping online you need to give the CVC2 code, which is the last three digits of the row of numbers that you’ll find on the reverse side of your MasterCard.

What does Mastercard SecureCode mean?

Holders of MasterCard cards who are registered in the Mastercard SecureCode system choose a password at the card-issuing bank, with which they can identify themselves when shopping online and which helps ensure that their MasterCard cards are not used by unauthorized persons. CIB Bank accepts cards that have been issued within the Mastercard SecureCode system.

What does Verified by Visa mean?

Holders of Visa cards who are registered in the Verified by Visa system choose a password at the card-issuing bank, with which they can identify themselves when shopping online and which helps ensure that their Visa cards are not used by unauthorized persons. CIB Bank accepts cards that have been issued within the Verified by Visa system.

What is the UCAF code?

This is a unique code you may have been given by your card-issuing bank in the case of a MasterCard. If you did not receive such a code, leave the field blank.