Internet Security Service

(3D Secure or Secure Code)


Why do we request the usage of Internet Secure Service?

UniCredit Bank from 9 December 2020 unilaterally modifies the authentication process of making card purchases via Internet in accordance with the new European Union Payments Directive (PSD2). This payments directive specifies that two authentication elements should be used in case of online bankcard transactions.
Based on this directive from 1 January 2021 banks have to demand strong customer authentication if the acquirer is operating inside the European Economic Area (EEA). Exception can be used only in specific cases (for example: low amount transactions, or if you have been previously registered your bankcard at the acquirer). From 30th December 2020 our bank will require two factor authentication (e.g. SMS and static code or mBanking/mToken authentication) in case of card purchases via the Internet when the acquirer (e.g. a webshop) is operating inside the European Economic Area (EEA).



 a.) if the amount of transaction does not exceed HUF 10 000. This exemption can be used maximum 5 consecutive times.

 b.) if You have been registered your bankcard at the acquirer and the acquirer identified you during this registration (customer-authentication).

It is important, that if none of the exceptions above can be used, our bank is allowed to approve transactions after authentication with two factor (so-called strong customer authentication).

In practice: if you would like to pay with your card in a webshop above HUF 10 000  inside EEA and previously you have not registered your card with authentication (for example in case of  subscription) at the site of this merchant/provider, and the webshop have not been applied strong customer authentication yet, you cannot perform the purchase.
If you already have been paid 5 consecutive times under HUF 10 000  without authentication (and you have not registered your card on the site of the merchant with authentication), the sixth purchase can only be made with two factor authentication.


According to the intention of regulator the risk of fraud can be decreased by using two authentication elements in case of internet purchases.

Short description of the service.
How to recognize a retailer that uses the Internet Security Code?
The steps of authentication with dynamic (Internet Security Code) and static (Telephone Banking PIN) codes:
The steps of authentication with [UniCredit mBanking] application or mToken service:
Frequently Asked Question


Please keep in mind that the internet security code service cannot serve as a substitute for measures to protect your computer system (firewall, password, antivirus, access code, encryption, confidentiality, other system safety measures). Please also ensure before every purchase that the web shop or other online service provider with whom you will make an online transaction has the necessary security protocols in place, and has taken the necessary steps to ensure the safety of the data you provide.

Spinning wheel animation


UniCredit Logo