Menu
Back to homepage

PAYMENT GATEWAY

Back to homepage

FAQs SIBS Gateway

MB WAY
General information
Online shopping with MB WAY
Authentication
Authorised payments
General information

What is MB WAY?

MB WAY is the MULTIBANK solution that allows you to make purchases online and in physical shops, generate virtual MB NET cards, send, request money and split your account, as well as use and withdraw money via your smartphone, in its own app or through your bank’s channels. 

Where is the application available?

The MB WAY app is available for Android and iOS smartphones and tablets. 

The MB WAY app is available from version 2.0 onwards. We recommend that you always upgrade to the latest version in order to benefit from new features and improved experiences. 

Does it cost anything? 

There are no costs associated with downloading, joining and using the MB WAY app. MB WAY does not charge any commission for operations carried out on the app. Only transfers may have associated costs charged by the banks. 

Online purchases with a telephone number, purchases with an MB NET card, as well as the generation and use of MB NET cards, purchases at a physical point of sale with a QR Code or NFC, MB WAY withdrawals are free, as is the use of MB Challenge benefits. 


In addition, before “Sending money” via an immediate transfer, the MB WAY app clearly shows the user the amount, if any, that will be applied, and the user can cancel the operation at that moment.

Online shopping with MB WAY

How do I shop with MB WAY? 

To shop online at participating merchants, simply select the MB WAY payment method, then enter your mobile phone number and finally confirm the notifications in the app. 

What is the daily purchase value limit? 

The limit set automatically by the service when you join is €1000. You can change this limit directly in the MB WAY app up to a maximum of €5000. 


To change this limit, go to Menu “More” > “Settings” > “Security” > “Purchase limits”.

How long do I have to confirm a purchase? 

You must confirm your purchase within 4 minutes (depending on the merchant). After this time limit the purchase order expires, in which case you will need to repeat the purchase process to receive a new notification. 

Authentication

What is it?

On 1 January 2021, the new strong authentication rules for online payments in European Union countries came into force. These new rules consist of additional security measures to ensure correct identification of the cardholder and validation of the transaction. Strong authentication is done with 2 out of 3 of the following factors:

i) Knowledge: something that only the user knows, such as a PIN or password.

ii) Possession: something that only the user has, such as a one-time password (OTP) via SMS or smartphone.

iii) Inherence: something that identifies the user, such as a fingerprint.

How does it work?

For additional transaction security, all online purchases made on secure and certified websites based in European Union countries may require one-time password (OTP) authentication by SMS, in the MB WAY app or in the banking app, as follows:

  1. Your bank will set up your card in the 3D Secure service, indicating your mobile phone number and authentication method (Issuer App or MB WAY App). This service allows cardholders to be authenticated at participating merchants labelled with the Verified By Visa and Mastercard Secure Code logos.
  2. When purchasing online, enter the usual card details.
  3. The 3DS Service will send a notification to your mobile phone for subsequent validation of the purchase in the App defined by your Bank.
  4. In the MB WAY app or banking app, validate the purchase with your six-digit MB WAY PIN, fingerprint or face ID.

If you have deactivated notifications, check the notification in the app’s activity area. When making online purchases with MB WAY, using the mobile phone number function, there is no need to re-authenticate as this MB WAY function provides the necessary security for online purchases.

Authorised payments

What is the Authorised Payments feature?

MB WAY Authorised Payments and major recurring purchases and your payments will be quick and convenient.

Where can I use Authorised Payments?

You can use Authorised Payments to simplify:

  • Payments for subscriptions / monthly fees: such as your music and series streaming app or gym
    membership.
  • Payments in online shops: such as your supermarket purchases and regular shops, up to the
    limit you set.

Check out the merchants where you can activate this payment.

How do I make MB WAY purchases without having to enter my PIN?

To make purchases without entering your PIN, you must activate this type of payment at the merchant.

  1. On the merchant’s website, choose to activate Authorised Payments with MB WAY and enter your mobile phone number.
  2. In MB WAY, you will receive a notification to activate Authorised Payments at that merchant. Choose the card you want to link, set the purchase limit without PIN, the expiry date and confirm.
  3. You can make purchases at this merchant without having to authorise purchases up to the limit you set.

How do I use Authorised Payments for subscriptions?

To pay for subscriptions, you must activate Authorised Payments at the merchant.

  1. On the merchant’s website, choose to activate Authorised Payments with MB WAY and enter your mobile phone number.
  2. In MB WAY, you will receive a notification to activate Authorised Payments at that merchant. Choose the card you want to link, set the purchase limit without PIN, the expiry date and confirm.
  3. That merchant’s subscriptions will be debited from your account without the need to authorise up to the limit you set.

Where can I see the purchases made?

In the Authorised Payments menu, select the merchant and you will be able to see the amount spent and the details of the transactions made.

What happens if the purchase value exceeds the limit you set?

If the purchase exceeds the limit you have set for the month, you will receive a notification to accept the purchase and authenticate with your MB WAY PIN.

What happens if the Authorised Payment expires?

If the validity of the Authorised Payment is exceeded, you must consult the merchant in MB WAY and change the expiry date in order to continue shopping.

MULTIBANCO

How do I pay an REF MULTIBANCO?

The customer has 3 payment options:

  1. To make a payment by MULTIBANCO Reference, simply go to a machine and select
    “Payments and Other Services” > “Payment of Services” and then enter the Entity, Reference and Amount.
    We advise you to keep the receipt, as it serves as proof of your payment.
  2. You can also perform this service at an Automatic Payment Terminal by selecting
    “Service Payment” > “MB? Card” > Entity > Reference > Amount > PIN.
  3. You can also make a payment by MULTIBANCO reference via your Homebanking without having to leave the comfort of your home. Check your bank’s website to see if this option is available.
Cards
BIN
Tokenization
3DS
Card-on-file
BIN

What are BINs?

Bank Identification Numbers (BINs) are fundamental to payments. They identify the issuing institution for each cardholder account and enable transactions to be properly routed.

Tokenization

What is tokenization?

Tokenization is the process of replacing a card’s primary account number (PAN)—the 16-digit number on the plastic card—with a unique alternate card number, or “token.” Tokens can be used for mobile point-of-sale transactions, in-app purchases or online purchases.

What are the benefits of tokenization?

Tokenization reduces fraud related to digital payments by making transactions more secure by including a dynamic component with each transaction. It takes the security of a physical EMV chip and applies it to non-card environments including proximity, mobile and internet payments.


Merchants benefit from more secure transactions as well as faster checkout experiences, new payment acceptance options and more ways to sell.

3DS

What is EMV 3DS?

EMV 3DS is an e-commerce fraud prevention protocol that enables consumer authentication for CNP purchases, without adding unnecessary friction to the checkout process.

How does EMV 3DS work?

EMV 3DS helps payment card issuers identify unauthorised e-commerce transactions quickly and accurately to prevent CNP fraud. It enables the exchange of data between the merchant and the payment card issuer to verify that the individual making a purchase with a payment card is the legitimate user of the card.

For e-commerce purchases where EMV 3DS solutions are used, the process works as follows:

  • A consumer uses a payment card to make an online purchase on a mobile phone, tablet, laptop or other device.
  • To confirm that the consumer making the purchase is the actual cardholder, the merchant uses EMV 3DS for authentication. The authentication process involves the merchant sending data or messages to the card issuer, which include details about the transaction, payment method and device information.
  • The issuer uses this data to authenticate the consumer and approve the transaction. For many transactions, this means consumers simply click “Buy” and the payment is approved. For higherrisk transactions, issuers may choose to require further authentication as an added layer of security. In these cases, consumers must authenticate themselves using a challenge, such as a one-time passcode, knowledge-based questions, biometrics, or other methods.

What do the EMV 3DS Specifications provide?

The EMV 3DS Specifications provide a common set of requirements that product providers can use to integrate EMV 3DS technology into their solutions to support seamless and secure e-commerce payments.

The EMV 3DS Specifications:

  • Support app-based purchases on mobile and other consumer devices
  • Enable merchants to integrate authentication into their checkout process for both app- and
    browser-based implementations
  • Specify use of multiple options for step-up authentication
  • Specify a non-payment message category
  • Enable merchant-initiated account verification
  • Are flexible to accommodate global and local needs
  • Are available royalty-free from the EMVCo website

Is EMV 3DS consistent with consumer privacy principles?

An EMV 3DS transaction utilises consumer data for the purpose of evaluating risk to prevent fraud. Merchants and issuers using this data for this purpose are responsible for complying with applicable privacy laws.

How does EMV 3DS support Strong Customer Authentication (SCA) requirements as described in the Second Payment Services Directive (PSD2) by the European Commission?

The Opinion of the European Banking Authority (EBA) published on 21 June 2019 recognised that protocols such as EMV 3DS provide a means for merchants and issuers to support the use of SCA. Specifically, EMV 3DS supports SCA by enabling the use of two-factor authentication. Its flexibility allows issuers to accommodate their authentication preferences. Moreover, issuers can consider risk and regulatory factors in deciding how the customer will be authenticated – for example, using a one-time passcode, knowledge-based questions or biometrics.

What is EMV 3DS? How does EMV 3DS work? What do the EMV 3DS Specifications provide? Is EMV 3DS consistent with consumer privacy principles? How does EMV 3DS support Strong Customer Authentication (SCA) requirements as described in the Second Payment Services Directive (PSD2) by the European Commission?

The Opinion of the European Banking Authority (EBA) published on 21 June 2019 recognised that protocols such as EMV 3DS provide a means for merchants and issuers to support the use of SCA.

Does it matter which version of EMV 3DS is used to meet PSD2 SCA requirements?

The EBA notes that versions 2.0 and newer support a variety of SCA methods, while trying to ensure customer convenience, limiting fraud through data sharing and transaction risk analysis, and enable the use of exemptions set out in the Regulatory Technical Standards (RTS). While EMV 3DS 2.1 supports SCA, EMVCo recommends that v2.2 (or higher) should be considered to access the optimum functionality.

Card-on-file

What needs to be included in the card-on-file storage agreement that the cardholder must consent to?

  • Data on the transaction, in particular the description of the goods and the total amount to be invoiced.
  • Data on the company, particularly its location and contact details.
  • The abbreviated version of the retained credential.
  • Details of how the retained credential will be used and the expiry date of the agreement, if applicable.
  • Instructions on how the cardholder can cancel the agreement.

On this page: