What is 3DS?
3DS is a service with the highest standard of safe online shopping that enables customer authentication and safe confirmation of purchase using credit, debit and prepaid cards at web points of sale marked with Mastercard ID Check and / or VerifiedbyVisa logos
Why is 3DS necessary?
3DS is necessary for confirming an online purchase, i.e. authentication, which can be compared to physical purchase at a point of sale when confirmation of the card transaction is performed by entering the PIN number. 3DS was introduced for your protection while shopping online. Payment is confirmed by entering a one-time password that you receive via SMS (so-called SMS OTP) or via the m-token application, which assures you that you are the one that made the purchase.
What is SMS OTP?
SMS OTP is a one-time password (One Time Password) that you receive from the bank via SMS, and used to confirm the purchase by entering the received code in the field provided on the screen. The SMS OTP code can only be used once and represents a unique code for your safe purchase.
Will I have any additional costs for using the 3DS service?
No, the 3DS service is free of charge.
What do I need to use the 3DS service?
To use the 3DS service, cardholder authentication and purchase confirmation, you need to have:
- the m-token service of OTP banka d.d. and / or a previously activated 3DS service, free of charge
- a mobile phone that can receive SMS messages and / or m-token push notifications
- a valid mobile phone number recorded in the system of OTP banka d.d. You can check and change your mobile phone number at any OTP banka d.d. branch or via internet banking service of OTP banka d.d.
How can I activate the 3DS service for safe online shopping?
The service can be activated by clicking the button 'Activate 3-D Secure service' on the web site of OTP banka d.d.: 3-D Secure Service
If additional support is needed when activating the service, contact the nearest branch, Contact Centre of OTP banka d.d. or find more detailed instructions here.
For customers who already have an m-token, and the merchant supports the new security standards for online shopping, authentication when shopping online will take place via an m-token push notification. Otherwise, the authentication will take place via a one-time password that you receive via SMS (so-called SMS OTP).
We recommend arranging the OTP m-token service free of charge, which would make your safe online shopping even faster.
How can I activate the m-token service to make online shopping even faster?
If you have not been using the m-token as part of the mobile application as an authentication method for online shopping, you can arrange it at any time for free at any OTP banka d.d. branch or via internet banking service. No monthly fee is charged for arranging of an m-token for the 3DS service.
Why should I activate the m-token service?
The m-token is both convenient and easily accessible. If you have a smart phone with iOS or the Android operating system, choose m-token which will always be by your side. In addition to shopping online, you can also use your m-token to log in to your OTP internet banking and to perform identification check via the OTP banka d.d. Contact Centre as proof that it is really you. Moreover, the m-token service enables you to log in to all e-Citizens services, which includes issuing of EU digital COVID certificates. Arranging the m-token for the 3DS service is free of charge for all customers and no monthly fee in charged
Can I authenticate and confirm the online purchase in several different ways?
Yes. In the case the m-token and 3DS services are activated, authentication and purchase confirmation will be carried out primarily via m-token push notifications, while a one-time password received by SMS (so-called SMS OTP) serves as an alternative purchase confirmation channel.
How can I authenticate while shopping online?
In the process of online purchase with OTP banka d.d. cards, the OTP 3DS window guides you through the process depending on the authentication module you have activated.
- The m-token users will receive a push notification on their mobile phone with the details of the transaction, which they will then confirm through the m-token application (by entering the PIN of the m-token application or by biometrics; face ID or fingerprint). Each push notification is displayed in the same manner, regardless of the mobile device, at the top of the screen.
- Users of SMS OTP will enter the PIN in the initial 3DS window while carrying out a payment, after which they will receive a one-time password via SMS to confirm the transaction (SMS OTP). The PIN to be entered in the first 3DS window is the one you initially set when activating the 3DS service.
Does the 3DS screen for purchase confirmation appear during all online transactions?
The 3DS purchase confirmation screen appears in most transactions, but not always and it depends on whether the merchant joined the 3DS secure purchase system or decided to bear the risk of financial damage expenses on his own. In any case, your transaction is secure if you activated the 3DS service. According to PSD2 EU regulations, the new versions of the 3DS protocol aim to enable a fast authentication and purchase confirmation, i.e. to allow as many transactions go through as frictionless, i.e. without requesting the cardholder to enter the necessary authentication data (m-token, SMS one-time password). In this case, the merchant sends the data to the issuing bank for control via the 3DS protocol in order for the bank to confirm the authenticity of the cardholder and, if possible, allow such a transaction ‘go through’. The process is similar to contactless purchase on POS devices without entering the PIN number.
Which online transactions do not require cardholder authentication?
Just like physical points of sale, it is possible to perform a total of five consecutive transactions on web points of sale without additional confirmation if each transaction amounts up to HRK 250, or the equivalent of up to EUR 30, and if the sum of such purchases is lower than HRK 750, or the equivalent of 100 euros. In addition, cardholder will have to initially confirm online subscriptions to the services of European Economic Area (EEA) providers via 3DS authentication and reconfirm it every six months.
Can I cancel the 3DS service?
No, you cannot cancel the 3DS service. It represents a standard that protects you from unauthorized card use at web points of sale, which implies the obligation to activate the service. The 3DS service is free of charge, as is the use of m-tokens in the 3DS secure purchase programme.
I need help with using the 3DS service, but I cannot find the answers here?
If you need additional help, please call our Contact Centre on 0800 21 00 21 or +385 21 559 110 if you are calling from abroad. Also, details on the course of 3DS transactions as well as the activation of tokens for the 3DS service can be found on the website of OTP banka d.d. under the Online Services menu: 3D Secure and m-token.
I am already using OTP direct/Internet banking services; do I have to arrange an m-token to be able to use the 3DS service?
If you have already arranged and activated an m-token for logging in to OTP banka d.d. internet banking, it is not necessary to arrange it again for using the 3DS service, i.e. for secure online shopping. If you do not have an m-token yet, you can arrange it via internet banking or at the nearest OTP banka d.d. branch
How to shop safely on the Internet?
Do not disclose your card information to anyone, never send a copy of your card, your card number, PIN number or other card information via e-mail, social networks, Messenger, WhatsApp, Viber or other services. OTP banka d.d. will never ask you for that information. Check the internet addresses during purchase. You can check the reliability of the online store by entering an incorrect username and / or password, as such information cannot be verified on fraudulent sites. Their goal is only to collect confidential cardholder data, so this will also point to a fake online store. Do not trust offers that are too good, and do not enter your personal and card information in offers received via e-mail, social networks or other channels. OTP banka d.d. will never ask you for that kind of information in that way and all such messages are dangerous. More details and tips for safe shopping can be found on the website of OTP banka d.d. under the Golden Rules for Online Shopping
When I made an online purchase, I received a warning on the merchant's site that my card was invalid and that I should try using another card, what I should do?
If you have the 3DS service activated and you receive a warning about an invalid card, check if the required information has been entered correctly. If you are not sure whether you have activated the 3DS service or if the problem still exists, contact the Contact Centre of OTP banka d.d. on the number 0800 21 00 21 or +385 21 559 110 for calls from abroad.
I forgot the PIN required for the 3DS service, how can I find it?
If you have forgotten the PIN number necessary for receiving a one-time password via SMS (so-called SMS OTP), by clicking on the option "Forgot your PIN?" on the website of OTP banka d.d., the screens for confirmation of identity or card number, taxpayer identification number and date of birth will open, after which you can select a new PIN. Link to the 3DS service of OTP banka d.d. If you have forgotten the PIN for the m-token, you can change it via Contact Centre by calling 0800 21 00 21 or +385 21 559 110 for calls from abroad.
The time for confirming the purchase has expired, what do I do?
Repeat the payment process, entering of the card number and other data, in most cases it is necessary to return to the previous step in the Internet shop cart.
My time for confirming the transaction with an m-token push notification/by entering the one-time password received via SMS has expired, how can I complete the purchase?
In case there was no response to the received push notification via m-token, i.e. the time for confirmation with a push notification has expired, the screen for sending an SMS OTP message will open automatically. You need to enter the PIN you created when activating the 3DS service, based on which you will receive a one-time password via SMS to confirm the transaction. In this case, a one-time password sent to your mobile phone via SMS is valid for three (3) minutes from the moment it was sent. If the time for entering the one-time password received by SMS has expired, repeat the "Resend SMS OTP" option to receive a new one-time password.
I confirmed the online purchase via m-token push notification/by entering a one-time password received via SMS, but I was not returned to the merchant's site, how can I complete the purchase?
The merchant will reserve funds directly from your account and send you an email accepting your order. If you have not received a confirmation from the merchant or there is no reservation on your account in the amount of the purchase, please contact the merchant directly to verify your order and payment. You can also check the content of your shopping cart because if the purchase has not been completed, the shopping cart of most of the merchants will still have the content you wanted to buy. Since the bank is not responsible for the behaviour of the merchant and does not see the details of the purchase, all questionable situations are best checked directly with the merchant.
While I was activating the 3DS service, the ordering time on the merchant’s site has expired, do I have to repeat the order?
Yes, the merchant’s site shall direct you to repeat the purchase, most likely by returning you to the previous step of your cart.
3DS is activated, but the internet purchase by credit card is not going through. What should I do?
- Check if your mobile phone supports SMS OTP and/ or m-token. To use the 3DS service, you must have a mobile phone that can receive SMS messages and / or m-token push notifications.
- You may not have any of the authentication modules activated. In that case, we recommend arranging the OTP m-token service now, free of charge, in any OTP banka branch or via internet banking service of OTP banka d.d.
I did not receive a SMS with the one-time password. What should I do?
You have to check whether the number displayed on the 3DS screen matches your mobile phone number.
- In case your mobile phone number does not match the one displayed on the 3DS screen, you can change it at the OTP banka d.d. branch. or via OTP internet banking service.
- If the problem still exists, call the Contact Centre of OTP banka d.d. by calling 0800 21 00 21 or +385 21 559 110 for calls from abroad. Also, while abroad, technical difficulties due to roaming are possible. If you receive messages from OTP banka d.d. via Viber, try to connect to one of the Wi-Fi networks that are usually available. To avoid such situations during your stay abroad, we recommend arranging the OTP m-token service free of charge.
Why do I sometimes receive an SMS, and in other times an m-token push notification?
Depending on the version of the 3DS security standards supported by each online point of sale, you will receive an SMS or m-token push notification containing details of the transaction. Since some points of sale have not yet implemented a new method of confirmation (m-token push notification), in a number of cases you will still use the current method of authentication - a one-time password received by SMS (so-called SMS OTP). In case there was no response to the received m-token push notification (time out), you will automatically receive a one-time password via SMS (so-called SMS OTP) which is defined as an alternative authentication method.