Online payments

How to pay for purchases online

Online purchases usually work like this:

The customer chooses goods or services.
The online store calculates the amount to be paid.
The customer agrees to pay for the purchase and enters their payment details into a form.
The bank or payment system confirms the customer's identity and the availability of funds in their account or a sufficient credit limit.
The store makes a sale. The bank or payment system transfers money from the customer's account to the store's account.

What data is required for payment

Attention. Online payment doesn't require the customer to provide their address, passport details, or other personal data. Don't enter them in payment forms.

When paying online, you need to specify:

Card number.
Cardholder's name (not in all cases).
Card expiration date: month and year.
CVC/CVV code.

This data isn't stored on the seller's site but is sent to the payment system. The system authorizes the user and checks the funds on their account or the credit card limit.

How the bank protects payments

Most banks employ two-factor authentication using the 3-D Secure protocol. Before the transaction, the bank sends the customer an SMS or a push notification with a code. If you enter the wrong code, the transaction is stopped. Some bank cards have 3-D Secure enabled by default, but sometimes you may need to activate it yourself.

Note. Not all online stores support 3-D Secure. Besides, the verification code isn't usually sent if the card is linked to the store.

How to ensure online payment security

Protect your internet connection and device

To log into internet banking or pay online, use a reliable Wi-Fi, wired, or mobile internet connection. A free public Wi-Fi hotspot isn't safe.
Make sure that the connection is secured: HTTPS protocol is used and a security icon (a closed lock) is displayed in the address bar. If you see a warning about a malicious website instead of the site's pages, stop the payment and close the page.
Enable browser protection, for example, the protected mode of the Yandex Browser Protect system or the Kaspersky Protection extension.
Install an antivirus on your device.

Protect your payments

Only make purchases on trusted sites that support the 3-D Secure technology (payment confirmation with a code).
Only install official internet banking apps. Don't download IPA and APK files from file sharing sites.
Store your card details in trusted and reliable browsers, services, and apps.
Protect your payments with Touch ID or Face ID.
Don't register in online stores using social media accounts. Scammers collect personal information in social networks and often hack accounts.

Check and protect your data

Check the payment amount on the page where you enter your card details.
In the payment form, only enter the necessary information (card number, holder's name, expiration date, and security code).
When you receive an SMS and push notification with a verification code, check the sender and the amount. Be careful so that you don't become a victim of phone or internet fraud.
Don't tell anyone the codes and passwords from notifications. Banks and other legal organizations will never ask you for a verification code or password — only scammers do that.

Protect the money in the account

Set up notifications about online banking transactions. This way, you can notice malicious actions and react in time.
Don't link your main card to an online store. Get a separate card for online payments, set a transaction limit for it, and link it to stores.

What to do if money was taken without your knowledge

Contact your bank immediately: call the official number or use the chat in the app. Block the card or account. Within 24 hours, declare that the money was taken without your consent.

Note. If you violated the procedure for using the card (for example, you gave the verification code to phone scammers) and someone used it to perform a transaction without your consent, you won't get a refund.

Contact support