Terms and conditions of Viseca Card Services SA for use of "one"
Last amended on 10 December 2018
A General Part
A General Part
1. General terms and conditions for use of "one"
1. General terms and conditions for use of "one"
2. Use of "one"
3. Risks, exclusion of warranty, general duties of care and notification
B Specific Part
5. 3-D Secure
7. Wearable Payment
8. Mobile Pay
1.1 Terms and conditions for use of "one" and other relevant documents
The present terms and conditions apply to the online services ("Services
") provided by Viseca Card Services SA ("Issuer
") to holders ("Cardholders
") of a primary or additional card or a business card of the Issuer ("Card(s)
") under the label "one" (or "one" in connection with the name of an intermediary bank).
"one" is available via:
The present terms and conditions apply in addition to the respective general terms and conditions for the use of cards for private or companies ("Viseca Card Terms and Conditions").
- the "one" website ("Website“) and
- the "one" app ("App“)
In the event of any deviating regulation the present terms and conditions shall have priority to the Viseca Card Terms and Conditions.
The present terms and conditions consist of a general part for the use of "one" and a specific part, for the use of specific Services provided on "one".
1.2 What is "one" and how will it be further developed?
"one" comprises Services of the Issuer. In the course of its further development, "one" will substitute existing Services of the Issuer (e.g. MyAccount / surprize.ch).
The use of "one" requires a registration. Newly provided Services will be made available to registered Cardholders via updates. The Issuer will inform the Cardholder in an appropriate way of further developments and, where applicable, changes to the present terms and conditions.
1.3 What are the functions of "one"?
"one" can – currently or in future – comprise the following functions in particular:
- User account to manage personal data;
- Control and confirmation of payments, e. g. by using 3-D Secure (MasterCard SecureCode or Verified by Visa), in the App or by submitting an SMS-code (see clause 5);
- Control and confirmation of specific operations (e.g. logins, contacts with the Issuer) in the App or by submitting an SMS-code;
- Activation of cards in order to use Masterpass (see clause 6);
- Activation of cards for the usage of payment methods (e.g. payment via mobile phone);
- Exchange of messages and notifications of any sort between the Cardholder and the Issuer (including e.g. notifications of a change of the present terms and conditions) provided that such communication or notification is not subject to any specific form (e.g. written complaints regarding monthly statements);
- Overview of transactions or cards and electronic display of invoices (currently: MyAccount);
- Overview of the bonus program account and the possibility to redeem points (currently: surprize account);
- Information relating to the usage of the card (currently: SMS services).
1.4 Advantages of "one"
"one" offers the following advantages to the Cardholder:
- "one" makes the access to the Services safer: A state-of-the-art procedure for the authentication of the Cardholder allows the verification and confirmation that the operations are actually effected by the Cardholder – by using the Cardholder's mobile phone as a second factor (besides login) and through a secured communication channel between the Cardholder and the Issuer.
- "one" bundles the Issuer's Services on one single platform and is therefore clearer.
- "one" makes access to the different Services of the Issuer easier: one user name and one password allow registration and login for different Services.
- Online payments using 3-D Secure are faster: Instead of entering the 3-D Secure password, the payment can be controlled and confirmed using the App or by submitting an SMS-Code.
- Masterpass allows payment in online shops without having to enter the card and customer information each time.
2. Use of "one"
2.1 Right of use
The Cardholder is entitled to use "one" only under the following conditions:
- He is able to implement the present terms and conditions and the respective requirements (see especially clause 3.2.1 and clause 3.2.3) and
- He is entitled to use a card of the Issuer as the Cardholder of a primary or additional card or a business card of the Issuer.
2.2 Consent upon registration and regarding further developments of "one"
By using "one", the Cardholder expressly gives consent to the Issuer as follows:
Consent to receiving notifications relating to products and services and/or to the processing of data for marketing purposes may be revoked at any time by notification to the Issuer with effect for the future (opting-out right).
- Consent to the processing of data that was or will be collected in the course of the Cardholder's use of "one". This includes consent to combining this data with already existing data at the Issuer and to creating profiles for risk management and marketing purposes by the Issuer or on behalf of entities being part of the Aduno Group (www.aduno-gruppe.ch) and third parties in accordance with the data protection policy.
- Consent to receiving notifications and information relating to products and services of the Issuer, other entities of the Aduno Group and third parties for marketing purposes (advertisements). The Issuer can send these by e-mail or directly via the App or the Website.
- Consent to using the e-mail address provided by the Cardholder during the registration process as well as the Website and the App for reciprocal electronic communication with the Issuer (e.g. notification of address changes, notification of changes of terms and conditions or notifications relating to the prevention of card abuse).
The relevant contact details can be found in the data protection policy
2.3 Declining consent within the course of future development of "one"
If the Cardholder declines his consent to any term or condition in the course of the further development of "one" (e.g. in the case of updates), the App or the Website or specific Services may possibly not or no longer be available for the Cardholder.
2.4 Effect of confirmation
Each confirmation in the App or by submitting an SMS-code counts as an operation effected by the Cardholder. The Cardholder is entitled to prove otherwise.
The Cardholder undertakes to be responsible for any charges to his card resulting from confirmations and authorizes the Issuer to execute the corresponding orders and to perform the corresponding actions.
2.5 Availability / Blocking / Changes
The Issuer has the right to interrupt, restrict, cease or replace the use of "one" at any time and without prior notification, subject to sufficient reasons. In particular, the Issuer may block the Cardholder's access to "one" temporarily or definitely (e.g. in case of a potential abuse).
2.6 Intellectual property rights and licence
All rights (especially copyrights and trademark rights) related to software, texts, images, videos, names, logos and other data and information, which are available or become available in the course of time through "one", belong exclusively to the Issuer or the respective partners of the Issuer (e.g. MasterCard, Visa Europe) unless otherwise specified by the present terms and conditions. The names and logos that appear on "one" are protected trademarks.
For the use of the App the Issuer grants the Cardholder a non-exclusive, non-transferable, unlimited, revocable and royalty-free license in order to download the App, to install the App on a device in the permanent possession of the Cardholder and to use the App for the designated purposes.
For the use of the Website, the Licence terms
(in section "Property rights in the Website, trademarks and copyrights") apply.
3. Risks, exclusion of warranty, general duties of care and notification
3.1 Risks in using "one"
The Cardholder acknowledges and accepts that the use of "one" involves risks.
In particular, the use of "one" may involve the risk that cards, user names and passwords, devices used or personal data of the Cardholder may be abused by unauthorized third parties. Thereby the Cardholder may incur a financial loss (from a charge to his card) or a violation of personality rights (by abuse of personal data). Further, there is a risk that "one" or one of the Services provided through "one" cannot be used (e.g. no login to "one" possible).
Abuse is enabled or promoted in particular by:
- a violation of the duties of care and notification by the Cardholder (e.g. by careless use of the user name / password or by not reporting the loss of his card);
- the Cardholder's settings or defective maintenance of devices or systems employed for the use of "one" (e.g. computer, mobile phone, tablet or other information technology infrastructure) e.g. due to a missing screen lock, missing or insufficient firewall or virus protection or outdated software;
- interference by third parties or faults during data transmission over the internet (e.g. hacking, phishing or data loss);
- incorrect confirmations in the App or by submitting an SMS-code (e.g. due to insufficiently controlling a request for confirmation);
- Weaker security settings for "one" chosen by the Cardholder – especially with respect to the App (e.g. saving of login credentials).
If the Cardholder complies with the following duties of care and notification with respect to the use of mobile devices and passwords as well as with the duty to control requests for confirmation he can reduce the risk of abuse. Further information on how to reduce the risks when using "one" is available on the Website.
The Issuer neither assures nor warrants that the Website or the App are permanently accessible or that they run consistently without any faults or that cases of abuse can always be detected and prevented.
3.2 General duties of care of the Cardholder
3.2.1 General duties of care with respect to the employed devices and systems, especially mobile devices
"one" uses among others Mobile Devices (e.g. mobile phone, tablets; each a "Mobile Device") to authenticate the Cardholder. Safeguarding these Mobile Devices at all time is therefore an essential security factor. The Cardholder must handle Mobile Devices with adequate care and take adequate measures to protect them.
The Cardholder must therefore comply in particular with the following duties of care with respect to the employed devices and systems, especially Mobile Devices:
- A screen lock must be activated on Mobile Devices and further security measures must be applied in order to prevent unauthorized access;
- Mobile devices must be kept in a safe place protected from access by third parties and must not be given to third parties for continuous or unsupervised use;
- Software must be updated regularly (e.g. operating system and internet browser);
- The Cardholder must not interfere with the operating system (e.g. by jailbreaking or rooting);
- The Cardholder must install and keep up-to-date virus protection and internet security programmes on his laptop/computer;
- The App must be downloaded exclusively from the official stores (e.g. Apple Store and Google Play Store);
- App updates must be installed promptly;
- In case of loss of a Mobile Device the Cardholder must undertake all possible measures to prevent unauthorized access by third parties to data transmitted by the Issuer onto the Mobile Device (e.g. by locking the SIM card, locking the device, deleting the respective data for example via "Find My iPhone" or "Android Device Manager" respectively, resetting of the user account by himself or by the Issuer). The loss must be reported to the Issuer (see clause 3.3);
- Before the Mobile Device is sold or otherwise permanently transferred to a third party the App must be deleted
3.2.2 General duties of care with respect to the password
Besides the possession of the Mobile Device, the user name and password serve as additional factors for the authentication of the Cardholder.
With respect to the password, the Cardholder must comply in particular with the following duties of care:
- The Cardholder must determine a password that he has not used for any other service and the combination of which is not easily identifiable (e.g. telephone number, birth date, car license number, names of the Cardholder or related persons, repeated or directly consecutive series of letters or numbers such as "123456" or "aabbcc");
- The password must be kept secret. It must not be given or made accessible to any third party. The Cardholder notes that the Issuer will never request disclosure of the password;
- The password must not be written down anywhere or saved unsecured;
- If the Cardholder suspects that a third party is in possession of the password or other data, the Cardholder must change the password or reset the user account himself or request the resetting of the user account by the Issuer ;
- The password must only be entered in such a way that no third party can see it.
3.2.3 General duties of care with respect to requests for confirmation, especially controls
Confirmations are binding on the Cardholder.
Therefore, the Cardholder has the following duties of care with respect to confirmations in the App or by submitting an SMS-code:
3.3 General duties of notification of the Cardholder
The following events must be reported to the Issuer immediately:
- The Cardholder may only accept a confirmation where the request for confirmation is in immediate connection with a certain action or a certain operation of the Cardholder (e.g. payment, login, contact with the Issuer);
- Before any confirmation, the Cardholder must verify whether the subject of the request for confirmation conforms to the relevant operation. In particular, with respect to requests for confirmation regarding 3-D Secure, the Cardholder must verify the displayed payment details.
- Loss of a Mobile Device, however, not in cases where such device is only misplaced temporarily;
- Requests for confirmations that are not connected to an online payment, a login by the Cardholder, a contact with the Issuer or similar operations (suspicion of abuse);
- Any other suspicion that requests for confirmation in the App or the SMS-code may not originate from the Issuer;
- Suspicion of abuse of the user name, the password, Mobile Devices, the Website, the App etc. or suspicion that any of these items may have come into the possession of an unauthorized third party;
- Change of the Cardholder's telephone number or any other relevant personal data;
- Change of the Mobile Device, which is employed for "one" (in such cases the App must be newly registered).
In any of the above cases, the Cardholder must notify the Issuer immediately over the Website or in another way. Moreover, any possible abuse or loss of a Mobile Device must be reported immediately to the Customer Care Centre of the Issuer by telephone: tel. +41 (0)58 958 84 90 or +41 (0)58 958 83 83 (24h service).
4.1 Liability for damages in general
Subject to clause 4.2, the Issuer shall be liable for the Cardholder's damages (without excess), which are not already covered by insurance,
- if the respective damages:
- have been caused as a result of a verifiably illegal interference against the facilities of network and/or telecommunication operators or the devices and/or systems (e.g. personal computer, Mobile Devices and other data processing devices) used by the Cardholder and
- the Cardholder complied with the general and specific duties of care and notification stipulated in the preceding clauses 3.2. and 3.3 and especially the obligation to control requests for confirmation and the obligations to check monthly transaction statements and report any incorrect transaction to the Issuer immediately, which are stipulated in the Viseca Card Terms and Conditions, and
- the Cardholder is otherwise not at fault for the incurred damages;
- If the respective damages were caused exclusively by a violation of the customary level of due care on the part of the Issuer.
Subject to gross negligence or intent, the Issuer does not assume any liability for any potential consequential or indirect damages incurred by the Cardholder.
The Cardholder bears the risk for damages in the below mentioned cases himself and the Issuer does not assume liability in said cases:
- If the respective damages are not covered by the Issuer according to clause 4.1 (namely in the case of a violation of the duties of care and notification by the Cardholder), or
- if the Cardholder, the partner of the Cardholder, direct relatives (especially children or parents) or other persons close to the Cardholder, representatives, holders of additional cards and/or persons living in the same household as the Cardholder submitted an operation (e.g. a confirmation via the App or via SMS-Code).
B Specific Part
5. 3-D Secure
5.1 What is 3-D Secure?
3-D Secure is an internationally recognized security standard for online credit card payments. This standard is called "SecureCode" by MasterCard and "Verified by Visa" by VISA. According to the Viseca Card Terms and Conditions, the Cardholder is obliged to apply said standard when effecting a payment provided that the standard is offered by the respective point of acceptance ("Merchant").
The use of 3-D Secure is only possible by registering for "one".
5.2 How does 3-D Secure work?
Payments effected with 3-D Secure can be confirmed (authorized) in two ways:
- by using the App or
- by entering a code sent by the Issuer to the Cardholder (SMS-code) in the respective window of the browser during the payment procedure.
According to the Viseca Card Terms and Conditions, every authorised payment using 3-D Secure shall be deemed to have been effected by the Cardholder.
5.3 Activating Cards for 3-D Secure
With the registration for "one", 3-D Secure will be activated for all Cards registered in the Cardholder's name and associated with the registered business relationship between the Cardholder and the Issuer.
5.4 Deactivating Cards for 3-D Secure
For security reasons, 3-D Secure cannot be deactivated once it has been activated.
6.1 What is Masterpass?
In the "Masterpass Wallet" ("Wallet") card and customer information (e.g. address information) of the Cardholder will be stored. If the Cardholder chooses the option "Paying with Masterpass" on the merchant’s website, this information will be transmitted to the Merchant by the Issuer. The Wallet is provided free of charge to the Cardholder by the Issuer in cooperation with MasterCard Europe SA („MasterCard“).
6.2 How does Masterpass work?
If the Cardholder chooses the Option “Paying with Masterpass” when paying at a merchant, the Issuer will transmit the card and customer information of the Cardholder stored in the Wallet to the Merchant via MasterCard, after the Cardholder has logged by entering the "one" user information and the login has been confirmed in in the App or by submitting an SMS-code.
Neither by activating the cards in the Wallet nor by using the Wallet will a contract be concluded between the Cardholder and MasterCard. A liability by MasterCard for any damages of the Cardholder which may result from using Masterpass is therefore excluded – to the extent permitted by law. The Issuer’s liability is governed by clause 4 of the present terms and conditions.
6.3 Activating Cards for Masterpass by registering for "one"
In the course of the registration for "one"
- Masterpass will be automatically activated by the Issuer for all cards registered for "one";
- the login credentials for "one" will be set as the user name and password for the Wallet;
- the card and customer information of the Cardholder stored in the Wallet (first and last name of the Issuer, date of expiry, delivery address) of cards registered for "one" will be saved at the Issuer’s;
- the invoicing addresses stored by the Issuer will be defined as the delivery addresses in the Wallet.
6.4 Deactivation / reactivation of Cards / opting-out of Masterpass
Cards that have been automatically activated for Masterpass can be deactivated or reactivated individually via the "one" user account. When deactivating all cards they will be deleted from the Wallet and the card and customer information will not be automatically updated anymore.
Reactivating a single card or the entire Wallet is possible at any time.
6.5 Changes / updating information saved in the Masterpass Wallet
Changes to the card and customer information will be automatically updated in the Wallet.
Changes to the invoicing address stored by the Issuer will automatically lead to an update of the delivery address in the Wallet.
Delivery addresses added or changed during a payment process will neither change the primary delivery address saved in the Wallet nor the invoicing address stored by the Issuer.
6.6 Special duty of care obligation Masterpass
Because the delivery address in the Wallet may differ from the Cardholder’s actual delivery address, the Cardholder is obliged to check the delivery address transmitted to the Merchant when paying with Masterpass.
6.7 Paying with the Masterpass Wallet
Paying with Masterpass is a normal card transaction. The respective contract will therefore be concluded exclusively between the Cardholder and the respective Merchant. Hence, when using the Wallet no contract will be concluded between the Cardholder and MasterCard.
6.8 Blocking of and changes to the Masterpass Wallet
In the case of a definitive blocking or a cancellation of a card, such card will be deleted from the Wallet.
In the case of deactivation of "one" or the blocking of the "one" user account the Wallet may no longer be available.
The Issuer or MasterCard may further develop or block the Wallet at any time; in particular if there is reason to believe that the Wallet is being misused.
7. Wearable Payment
7.1 What is a wearable? / What is wearable payment?
A wearable is a Mobile Device which is worn (directly) on the Cardholder's body (such as a "smartwatch" or "fitness tracker") or is integrated in the Cardholder's clothing ("wearable"
Wearable payment is the function provided by a provider ("service provider
“) which enables the Cardholder to make contactless payments, with one or more authorised card(s) of the Issuer, and allows additional functions using a compatible wearable ("wearable payment
“). The Issuer's card(s) which are authorised for wearable payment are deposited in this process via a service provider's application as virtual (encrypted) card(s) ("virtual card(s)
"). When a card is activated for Wearable Payment, the number printed on the card (the primary account number or “PAN”) is linked with a digital (encrypted) card number. The digital card number is communicated to the merchant when using Wearable Payment to pay for a purchase.
Information concerning compatible wearables, service providers and authorised cards of the Issuer are available on the Viseca website.
7.2 Activation and deactivation
The Issuer decides which cards can be activated for wearable payment.
When the card is deposited, the Cardholder must - where applicable - activate a lock on the wearable by a secret PIN (wearable PIN) or in some other way.
The general duties of care in connection with the password according to section 3.2.2 shall apply to this.
Upon depositing a card for wearable payment or at the latest when wearable payment is used, in addition to the Viseca Card Terms and Conditions, the Cardholder accepts these provisions concerning wearable payment.
The virtual cards which are activated for a wearable may be used until they are deactivated in the wearable, they are blocked, the wearable service provider's app is uninstalled or deactivated or the contractual relationship between the Cardholder and the Issuer is terminated.
The Cardholder may terminate the use of wearable payment at any time by removing his or her virtual card(s) from any wearable that is used.
7.3 Special duties of card
The Cardholder must treat the virtual cards and wearables with all due care and ensure that they are protected appropriately.
In addition to the duties of care specified in the Viseca card GTC and the general duties of care and notification according to sections 3.2.1 and 3.3
, the Cardholder must comply, in particular, with the following special duties of care
- a wearable must be only used for its intended purpose and must be kept in a safe place protected from access by third parties (like physical cards, virtual cards are personal and cannot be transferred). It must not be passed to third parties for use;
- when a wearable is changed or other passed on (e.g. when it is sold or transferred at no charge) the information must be deleted in the service provider's app and in the wearable.
7.4 Payment with wearables (authorisation)
Any payment which is made using a wearable shall be deemed to be an action by the Cardholder. The Cardholder has the right to prove the contrary.
Contactless payments may be confirmed (authorised) regardless of the transaction amount without entering the card’s PIN code provided this is stipulated. The Cardholder is aware that there is an increased risk as a result of the fact that payments can be made by unauthorised third parties
, particularly after the loss of a wearable that was used with an easily identifiable password (e.g. "1234"). Unless a wearable PIN is provided on depositing the card, payments above a certain threshold (e.g. CHF 40.-) must be confirmed (authorised) by entering the card’s PIN code. The Issuer's liability shall be governed by section 4 of these provisions.
7.5 Exclusion of warranty
The Issuer neither assures nor warrants that wearable payment and or a service provider's application are permanently accessible or that they run consistently without any faults or that cases of abuse can always be detected and prevented.
7.6 Data Protection
The Cardholder agrees by no later than the time he uses his card(s) for wearable payment that his data will be processed in accordance with the data protection policy
Any data protection provisions of the corresponding service provider shall also apply to the processing of the data when wearable payment is used.
8. Mobile Pay
8.1 What is Mobile Pay?
Mobile Pay allows Cardholders who possess a compatible Mobile Device
to use their cards with the App for contactless payments of purchases (through NFC, near field communication) with the Mobile Device. The Viseca Card Terms and Conditions also apply to the use of the cards with Mobile Pay.
8.2 Activation and deactivation
The Issuer decides which cards can be activated for Mobile Pay.
When a card is activated for Mobile Pay, the number printed on the card (the primary account number or “PAN”) is linked with a virtual (encrypted) card number. The virtual card number is communicated to the merchant when using Mobile Pay to pay for a purchase.
In order to ensure security with regard to the use of Mobile Pay, the Cardholder must choose a personal ID code when activating a virtual card, (“Mobile Pay PIN
"). The general duties of care in connection with the password according to section 3.2.2 shall apply to this.
The virtual cards which are activated for Mobile Pay may be used until they are deactivated for Mobile Pay, they are blocked, the App is uninstalled or deactivated or the contractual relationship between the Cardholder and the Issuer is terminated.
Moreover, the Cardholder must comply with the general duties of care and notification according to sections 3.2.1 and 3.3
8.3 Paying with Mobile Pay (authorising)
Any payment made with Mobile Pay shall be deemed to be an action by the Cardholder. The Cardholder has the right to prove the contrary.
Contactless payments generally have to be confirmed (authorised) by entering the Mobile Pay PIN or by some other means designated by the Issuer. Transactions for small amounts may be made without unlocking the Mobile Device (device-dependent) and – provided this is stipulated by the Issuer – without entering the Mobile Pay PIN (authorisation). The Cardholder is aware that there is an increased risk as a result of the fact that payments can be made by unauthorised third parties,
particularly if the Mobile Device is lost. The Issuer's liability shall be governed by section 4 of these provisions.
8.4 Data Protection
The Cardholder agrees by no later than the time he uses Mobile Pay that his data will be processed in accordance with the data protection.