The E-Secure service (Secure payments by internet) represents a method of additional protection when shopping with your debit or credit card by internet. By using this service your purchases in Internet will be really safe. The registration and use of E-Secure is completely free.

 The E-Secure service is operated jointly with the Visa and Mastercard card organisations, and the service is titled differently by the two organisations:

  • Mastercard Identity Check/Mastercard SecureCode for Mastercard;
  • Visa Secure/Verified by Visa or VbV for Visa.

The service uses the 3-D Secure protocol, as an additional level of security for online credit and debit card transactions. The E-Secure service includes a two-factor model for cardholder authentication by combining two separate components, a dynamic password and a static password for online payments, which are entered by the authorised user to confirm bank card payment transactions;

Static password

The static password is generated personally by the authorised cardholder at a secured by BORICA AD client web portal with the logo of CCB AD (Central Cooperative Bank AD) – https://3ds.borica.bg/CCB which is used together with a dynamic password for confirmation of card transactions for Internet merchants participating in the following programs: Visa Secure (former name Verified by Visa) and Mastercard Identity (ID) Check (former name Mastercard SecureCode).

The clients who have issued cards already, receive an SMS short text message from the short number 1909 in the following CCB format: NNNNNN e parolata Vi za registraciq na karta ****nnnn za sigurni plashtaniq v Internet. Za registraciq: https://3ds.borica.bg/CCB do dd.mm.yyyy hh:mm. This password is valid for a period of 30 days, and after the expiry of this period, it is necessary the client to visit an office of the Bank in order a new password to be generated.

For newly issued cards the clients shall receive their temporary passwords in the PIN envelope together with the PIN code of the card. This password has not validity date and can be used for making payments.  We would recommend you to change it at https://3ds.borica.bg/CCB.

On receiving a renewed card, please, consider the following:

If the card for which you received a PIN envelope with a static password is renewed and is with the same number as the expired card, in this case the password received with PIN envelope cannot be used.

  • If you have changed the password of your card before its expiry date and before receiving the renewed card, please, use the static password generated by you to confirm your online payments;
  • If you did not change the originally received static password, it is necessary to visit an office of CCB or to call the contact centre of the bank on the following telephone number *5050 (Call charges are based on the tariffs and policies of the mobile operator used by the client. Calls to a short number might not be included in the package of free minutes, for which CCB is not responsible).

When the text is fully loaded after the date, it is displayed:

3-D Secure registration Protect your card online. Your card is registered in the 3D-Secure program by 3ds.borica.bg. On loading the link https://3ds.borica.bg/CCB a page with the logo of the Bank is opened on which the client is to enter the full number of the card.

You can find detailed instructions about changing of the temporary password received from 1909  here. Please, note that as of 27 November 2020, the new static password has to be composed of a minimum of 6 characters - letters, numbers and special characters (optional from:  _ - %  @  &  *  \  . # , / ? !), as it is permissible the symbols to be of one type, for example only numbers.

We would like to inform you that currently YOU CANNOT USE SPECIAL SYMBOLS SUCH AS: $ + = €, as well as a sequence of numbers/letters (1234, abcd….) or a combination of identical numbers/letters (1111, ааааа…..). We will inform you additionally for any changes which may occur. The static password can be changed by the cardholder at any time at the client portal.

Dynamic (one-time) password

Dynamic (one-time) password is the method for online verification of the payment with credit/debit card for the Visa Secure (former name Verified by Visa) and Mastercard Identity Check (former name Mastercard SecureCode) programs which protect your card from unauthorised use. The one-time password is a six-digit password sent to your mobile phone when you are trying to make an online purchase from a website which maintains Verified by Visa  and Mastercard SecureCode. You shall receive a one-time password within ten seconds after sending your card details to the website of the merchant. It is valid for one transaction only.

It is received from short number 184343 and is entered in the field on the web page provided for this purpose in the field dynamic password, on which the payment is made and where there are visualised the name of the merchant, the amount of the payment, the last four numbers of the card and the last four numbers of your mobile phone.

It is possible the cardholders who did not provide their current mobile phone number to the bank to have difficulties when making online purchases. In the event of an unsuccessful payment by internet, please, make sure that your phone number with us is updated.

For further details, please, refer to Frequently asked questions.

We would like to inform you that another method of mobile authentication (authentication through biometric features) will be implemented very soon by installing the mobile banking application of CCB AD CCB Mobile. Detailed information and how to apply for it will be published shortly before its start. During an internet transaction with your card on websites of merchants marked with Mastercard Identity Check and Visa Secure, you will be able to perform an additional confirmation of the payment by using the mobile application of CCB AD - CCB Mobile.

For additional information:

  • *5050 (Call charges are based on the tariffs and policies of the customer's mobile operator. Calls to a short number may not be included in the free minute package for which CCB cannot be held responsible);
  • 02/9266 500, as well as in all offices of Central Cooperative Bank;
  • or write to us to cards@ccbank.bg

Biometric authentication – the safest method to confirm online purchases

With the aim of increasing the security of online shopping, starting from the first half of April 2021, we are going to introduce another method for confirming online purchases – the biometric authentication.

Biometric authentication is an innovative and currently the safest method for identity verification which allows you by means of a fingerprint or a face recognition to confirm your online transactions, without having to enter a static or a dynamic password.

The biometric data, such as fingerprint and shape of the face are unique features for each individual and this makes them extremely suitable for identity verification, and in combination with a personal mobile device increases the safety of online payments.

What you need in order to use our new service:
  • To have a smart mobile device (phone or tablet) with the Android (at least version 6.0) or iOS (at least version 11) operation systems;
  • To allow using the biometric data on your device if your device has the CCB Mobile application installed and to allow receiving notification (push notifications) from the application;

You can download the CCB Mobile application from Google Play or from App Store and activate it in any office of the bank.

  • To follow the notifications which you receive through the mobile application since by an on-screen notification you will be notified for the start of the biometric authentication service;
  • To update the application each time when a new update notification appears. The biometric authentication service will be accessible after the update;
  • To follow the steps for setting up of the device through which the application will lead you after installing the newest version*;
  • To register the card/s which you intend to use for biometric authentication.

*It is possible the settings for the biometric authentication to be made at a later stage not simultaneously with the application update.

Each client can install the CCB Mobile application and activate it to confirm payments with biometric authentication on a maximum of ten devices (phones and/or tablets).

AFTER THE INTRODUCTION OF BIOMETRIC AUTHENTICATION AS A METHOD OF CONFIRMING ONLINE PAYMENTS, PAYMENTS SHALL BE MADE IN ONE OF THE FOLLOWING WAYS

If you have any difficulties or if you need additional information, you can call the following numbers:
  • *5050 (Call charges are based on the tariffs and policies of the customer's mobile operator. Calls to a short number may not be included in the free minute package for which CCB cannot be held responsible);
  • 02/9266 500, as well as in all offices of Central Cooperative Bank;

E-Secure

  • What does “authentication” mean?

    The term “authentication” means verification of the identity or confirmation of authenticity

  • How do I receive the initial static password?

    The following options are available for providing the initial password (registration code) and the static password:

    • For your existing cards, CCB will send you an initial static password via SMS, which also contains the last 4 digits of the card number to which the password refers. You will receive the SMS message on the mobile number indicated by you in the banking system of CCB. The password is valid for 30 days and has to be changed.

    The text of the message looks like this:

    CCB: NNNNNN e parolata Vi za registraciq na karta ****nnnn za sigurni plashtaniq v Internet. Za registraciq: https://3ds.borica.bg/CCB do dd.mm.yyyy hh:mm.

    Sample text of SMS received from short number 1909

    CCB: 2Y4fv5k6 e parolata Vi za registraciq na karta ************4760 za sigurni plashtaniq v Internet. Za registraciq: https://3ds.borica.bg/CCB  do 22.09.2020, where:

    • 2Y4fv5k6 is the original static password (contains a combination of letters and numbers) which the client is to change necessarily and it cannot be used for making a payment;
    • ************4760 са последните 4 цифри от номера на картата. According to the indicated numbers, the client can find out the whole number of the card, which should be entered on the link for changing the initial static password;
    • In the short message from 1909 the respective link is specified https://3ds.borica.bg/CCB, on which the client can change the password and finish the registration;
    • 22 September 2020 is the validity date of the password.

     
    You can find detailed instructions about registration and changing of the temporary password received from 1909  here. Please, note that the new password should be at least 8 characters long - a combination of letters, numbers and special characters (optional from:  _ - %  @  &  *  \  . # , / ? !).

    We would like to inform you that currently YOU CANNOT USE SPECIAL SYMBOLS SUCH AS: $ + = €. We will inform you additionally for any changes which may occur. The static password can be changed by the cardholder at any time at the client portal.

    • For newly issued cards – you will receive the initial password by means of a PIN envelope coming with your new bank card.
  • Can I use the static password which I received by an SMS to confirm a payment by internet?

    No, in order to use your card for online payments, it is necessary to visit the following address https://3ds.borica.bg/CCB, where you  can change your initial password. We advise you to change your password regularly.

  • Can I use the static password which I received with the PIN envelope together with my card to confirm an online payment?
    • In case the card for which you received a PIN envelope with a static password is a newly issued one and not a renewed one, yes, in this case you can use the static password received with the PIN envelope for payment of online purchases. You can change the received password at the following address https://3ds.borica.bg/CCB.
    • If the card for which you received a PIN envelope with a static password is renewed and is with the same number as the expired card, in this case the password received with the PIN envelope cannot be used.

    If you have changed the password of your card before its expiry date and before receiving the renewed card, please, use the static password generated by you to confirm your online payments;

    If you did not change the originally received static password, it is necessary to visit an office of CCB or to call the contact centre of the bank on the following telephone number *5050 (Call charges are based on the tariffs and policies of the mobile operator used by the client. Calls to a short number might not be included in the package of free minutes, for which CCB is not responsible);

  • What should I do if:
    • I did not receive an SMS with a password for registration of my card?
    • I deleted the SMS with my password by mistake?
    • The validity of the password which I received has expired?

    In order to receive a password for registration of your card, it is necessary to visit an office of CCB or to call the contact centre of the bank on the following telephone number *5050 (Call charges are based on the tariffs and policies of the mobile operator used by the client. Calls to a short number might not be included in the package of free minutes, for which CCB is not responsible).

    The static password received by a bank official is a temporary one and has a validity period of 24 hours. Within these 24 hours the password has to be changed with a permanent one.

  • Which special symbols can I use when generating my static password?

    The special symbols which are permitted and which you can use are the following:  _ - %  @  &  *  \  .  #  ,  /  ?  ! 

  • What is “A personal message” and what do I need it for?

    The text of the personal message has to be generated by you together with your static password. The personal message shall be visualised each time you confirm an online order in the website of a merchant who keeps a 3D-Secure authentication.

  • How shall I make transactions on the internet after registration of my card on the client page?
    • When paying online, you will need to enter your static password (set on the client page), as well as a dynamic password, which you will receive via an sms text:
    • CCB: NNNNNN – kod za plashtane s karta *nnnn za NNNNN.NN xxx pri  xxxxxxxxxxxxxxxxxxxxxxxxxx, ref. nnnnnnnnnnnnnnnnnnnnnn.
  • Is it possible to enter only one of the two passwords when I make online purchases?

    No, entering both passwords when shopping on merchant sites which support the two-factor authentication of the cardholder is mandatory according to the regulations of the international card operators Visa and Mastercard.

  • Do I have to enter dynamic and static passwords every time I shop online?

    No, authentication by entering both passwords will only be required when shopping online from merchants who support 3-D Secure authentication.

  • How much it will cost to use the static password?

    Using the static password for internet payments with your CCB card is completely free.

  • May I use the received dynamic password via SMS from 184343 for more than one transaction?

    No, you may not. Each 6-digit code is valid only for this particular transaction and cannot be used for another transaction. A one-time password will be sent to your mobile phone number immediately after you have started the transaction and entered your card details. If you do not receive a one-time password, please, check if your mobile number is correct or not. If the data entered is correct, you can request that a dynamic password be sent again by clicking the “Generate new password” button.

  • May I receive a one-time dynamic password when I am abroad?

    We will send you a one-time password according to the mobile number in our records. If you are abroad or if you use foreign mobile service providers, the service provider might not support international SMS. For further details, please, contact your mobile operator.

  • The registered mobile phone belongs to a foreign operator, shall I receive a one-time password via SMS?

    It is not possible to send a one-time password via SMS to a foreign operator at the moment. To use the E-Secure service, it is necessary the registered number to belong to a Bulgarian operator.

  • What will happen if I do not manage to enter the dynamic password?

    If the dynamic password becomes invalid because of lack of activity, you can apply for a new password using the button “Generate new password”.

  • Is it necessary to register in order to use E-Secure?

    You only need to make sure that your current mobile phone number is registered with CCB, because you will receive dynamic passwords on it. If you have not submitted an updated mobile phone or you have not provided a mobile phone at all, it is necessary to visit a CCB bank office in order your data to be updated.

  • Is the security service available for all my CCB debit and credit cards?

    If you provided a valid mobile number in the bank, the service is registered for each Visa/Mastercard credit/debit card with international limits, issued by CCB.

  • How can I register/update my mobile phone number?

    You have to visit a CCB office.

  • How can I check if my mobile phone number is correctly registered or updated?

    When you reach the authentication page during the payment process, the last four digits of your mobile number will be displayed. If they do not correspond to your mobile number, please, contact our Call Centre for any additional information.

  • What will happen if I do not receive a dynamic password? Can I ask a new one to be sent to me?

    Yes, if the first password you submit becomes invalid, or if you did not receive one, you have to click the “Generate new password” button on the verification page.

  • What shall I do, I entered the wrong password three times?

    If you have entered the wrong password three times your account will be blocked. Please, contact our Call Centre at *5050, 02/9266 500, 02/92 66 523, 02/92 66 527. In case you provided information about the ID code word in a bank office, we will identify you and unblock your account on the phone. If you did not provide an ID code word, it is necessary to visit an office of the bank and to fill in an unblocking form.

  • How do I find out if a merchant is registered for 3DS?

    If the merchant is registered for 3DS, you will be able to see the Visa Secure/Verified by Visa/Mastercard Identity Check or Mastercard SecureCode logo on the site.

  • If I do not have a mobile phone registered with the Bank, can I still make an online purchase?

    You can shop online from the websites of merchants who do not support 3DS. You will not be able to make transactions on websites which support 3DS.

  • Can I decline the E-Secure service for online shopping?

    The service is for your security and is mandatory according to PSD 2 Directive (EU) 2015/2366 and Delegated Regulation 2018/389 (Strong customer authentication).

  • I'm trying to make a payment on the merchant's website, but an error message appears in the window. What should I do?

    You will not be able to enter the dynamic password received via SMS to complete the authentication process if the page is blocked. In this case the transaction is not authenticated and the payment will not be performed. However, if you want to check the status of your transaction or if you have already entered the dynamic password, please, contact our Call Centre.

  • What should I do if a verified code window does not appear in the case of online payment? You can do the following:
    • Check whether the online merchant supports the Visa Secure/Verified by Visa/Mastercard Identity Check/Mastercard SecureCode;
    • Make sure your browser blocks pop-ups. If necessary, turn off the software which blocks pop-ups. Any computer software which prevents pop-ups can prevent the use of a dynamic password for online shopping. To avoid interruption of the payment process, please, make sure you turn off the pop-up blocker.