Regardless of whether card-based transactions are conducted via POSs or remotely, users, as a rule, must authenticate the payment transaction.

Transactions in POSs or ATMs are, as a rule, authenticated by the cardholder by entering the personal identification number (PIN). The PIN is personal and non-transferable and should be known by heart. Never, under any circumstances, should cardholders let third parties know their PIN.

In the case of payments using contactless technology, a PIN verification may not be required (for more details, see question 20).

In the case of off-premises sales, as a rule, the number of the card is required, as well as its validity date and the three-digit security code printed on the back of the card.