I. Secure use of a payment card
1. Remember your PIN; in case of need, always store it separately from the card in a way that is not apparent and not accessible to third parties.
2. Do not tell your PIN to anyone else, including relatives, acquaintances, employees of card issuer (Issuer) or other any individuals that might help you use the card.
3. Never, under any circumstance, allow others to use your card. A payment card that specifies the name and surname of the cardholder may only be used legally by the specified individual.
4. Upon receiving the card, write your signature into the cardholder signature field on the back of the card. This will reduce the risk that the card might be used without your consent if it is lost.
5. To prevent unauthorised withdrawal of the entire balance from your payment card, you can reduce a monthly limit on payment card operations and apply for an automatic notification service.
6. If you are asked to provide your personal data or card information (including the PIN) by anyone, even if they are our employees, do not do so. Instead call the Customer support of Issuer (Customer support) to report each such incident or request confirmation.
7. Do not reply to e-mail messages asking you to provide any personal data to the Issuer. Do not follow links specified in such messages (including links that seem to lead to the Issuer’s website) because they may redirect you to counterfeit or phishing websites. Instead call the Customer support to report each such incident or request confirmation.
8. Only use the means of communication (mobile and landline phones, fax numbers, interactive websites/ portals, mail and e-mail, mobile application or other remote tool) that have been specified in documents you received directly from the Issuer.
9. Remember that, if your PIN or personal data are disclosed or your card is lost, unauthorised operations with funds on your payment card might be performed by third parties.
10. In cases when the card is lost we suggest temporarily suspending the card via mobile application or by calling the Customer support.
11. If the card is stolen or falls into possession of an unauthorized person, the card must be immediately closed by calling the Customer support or via mobile application.
II. Recommendations for performing ATM operations
1. Do not interact with any equipment that requires a PIN to be entered before you can access the ATM directly.
2. If there are other people near the ATM, choose a different time to use the ATM or find a different ATM altogether.
3. Before using the ATM, inspect it for any extraneous equipment that does not appear to be part of the original hardware, particularly near the PIN entry keypad (e.g. an unevenly installed keypad) or card slot. If you find anything unusual, avoid using the ATM.
4. If the keypad or card slot has any additional implements that, in your opinion, do not correspond to its structural composition, avoid using your card at that ATM.
5. Do not force the card into the ATM. If the card does not go in, avoid using the ATM.
6. Enter the PIN in such a way that people nearby cannot see it. Cover the keypad with your other hand while entering the PIN.
7. If the ATM is malfunctioning (waiting too long, rebooting etc.), avoid using the ATM, abort the operation using the CANCEL button and wait until the card is returned.
8. After receiving funds from the ATM, count the banknotes, make sure that the card was returned, await the receipt, put everything in your purse, wallet or pocket, and only then leave the ATM.
9. Keep ATM receipts to verify them later against your account statement.
10. Do not listen to the advice of bystanders and refuse their offers to help with executing ATM operations using your card.
11. If the ATM does not return your card when you use it for an operation, call the Customer Support or the phone number provided on the ATM, explain the circumstances of your incident, and follow the instructions of the institution employee who receives your call.
III. Secure purchases on the Internet
1. Never disclose your card information (including the PIN) in the Internet resources.
2. Use services of well-known and proven merchants (online stores) only. In every Internet search engine, for example, Google can find reviews on pretty much any online store.
3. Before using the card in the Internet, make sure you have the possibility to contact the merchant in case of disputable issue or questions. Make sure the addresses (telephone numbers) provided at the Internet site are correct. The merchant's website must have information on delivery time, type and costs. Carefully read the shipping and return policy.
4. Check the addresses and content of the Internet sites you connect to. Fraudsters might use the names resembling homepage addresses of actually existing companies in order to direct you to fake site.
5. It is strong recommended to shop on websites that support the 3D Secure security system created by the international card companies VISA and MasterCard (it will be confirmed by the logo Verified by VISA and MasterCard SecurCode).
6. Make sure the websites you're using begin with "https" in the address bar. The key letter is that "s," which stands for "secure." You should also see an icon in the address bar that looks like a padlock.
7. Install antivirus software on your computer or mobile phone and regularly update software to reduce the risk of external attacks. Install firewall on your computer in order to prevent unauthorized access to it.
8. Use only your own computer or mobile phone for making purchases. Do not use for it Internet cafes or other available means, where spyware might be installed in order to capture the private data you enter.
9. Don’t use public Wi-Fi to shop online, log in to your account, or access other sensitive sites. Turn off the automatic Wi-Fi connectivity feature on your phone, so it won’t automatically seek out hotspots. If possible use a Virtual Private Network, or VPN, to create a network-within-a-network, keeping everything you do encrypted, or buy an unlimited data plan for your device.
10. Monitor your Bluetooth connection when in public places to ensure others are not intercepting your transfer of data.
11. Implement two-factor authentication when logging into sensitive sites, so even if malicious individuals have the passwords, they won’t be able to log in.
12. Control your e-mail, do not open emails from unknown senders and do not provide your personal information. Use protection tools for sending your personal information to trusted recipients, because ordinary letters can be captured and used to inflict harm on you.
13. Using Internet choose non-trivial passwords that are not related to your personal data. If possible, use alphanumeric passwords. Do not disclose your passwords to anyone.
14. Keep a record of your online purchases. Review your monthly account statement thoroughly. Check all transactions, even the small ones, because criminals test out stolen accounts by buying inexpensive items rather than large ones.
15. If you have some suspicion (while visiting the Internet site, making online purchases, checking monthly account statement or checking email, at example) call the Customer support to report your suspicions.
IV. Secure purchases on the Internet with 3D Secure
1. 3D Secure (3-domain secure) is a security protocol to prevent fraud in transactions with your card online. Currently, this service is provided by Visa and MasterCard under the name Verified by Visa and MasterCard SecureCode, respectively. By participating in the MasterCard Identity Check program (3D Secure), a cardholder ensures that it will not be used by third parties at online shops.
2. This security system performs additional verification of the card user's identity and provides special protection of the card data when online. When purchasing from traders, who use 3D Secure (it will be confirmed by the logo Verified by VISA and MasterCard SecureCode), in addition to the payment card's data you will have to enter also authentication means:
2.1. The Identity check online security protocol allows real-time identification of the cardholder when an operation is made on the Internet. Before a payment is made, authentication means are requested that should be known only to the cardholder themselves.
2.2. The cardholder is redirected to a special, protected webpage hosted by the Issuer. The Issuer will verify the authentication means and give the merchant clearance for proceeding with the online payment.
V. Channels for ongoing communication regarding the correct and secure use of the internet payment service
1. Issuer provides the secured channels for ongoing communication regarding the correct and secure use of the internet payment service – mobile application and web-solution (My Papaya). Any message on behalf of the Issuer via any other means, such as e-mail, which concerns the correct and secure use of the internet payment service, is not reliable.
2. Report to the Issuer (suspected) fraudulent payments, suspicious incidents or anomalies during the internet payment services session and/or possible social engineering attempts using only above mentioned secured channels and follow received instructions.
3. Only through above mentioned secured channels, Issuer inform/ notify:
3.1. about (potential) fraudulent transactions or their non-initiation, or warn about the occurrence of attacks (such as phishing e-mails);
3.2. about updates in security procedures regarding internet payment services;
3.3. any alerts about significant emerging risks (such as warnings about social engineering).
4. Use above mentioned secured channels or Customer Support phone number for all questions, complaints, requests for support and notifications of anomalies or incidents regarding internet payments and related services, and you will be appropriately informed how you to obtain assistance.