Terms and conditions of Viseca Card Services SA for use of "one"

A General Part
1. General terms and conditions for use of "one"
2. Use of "one"
3. Risks, exclusion of warranty, general duties of care and notification
4. Liability

B  Specific Part
5. 3-D Secure
6. Masterpass
7. Mobile Payment


A  General Part

1. General terms and conditions for use of "one"
1.1 Terms and conditions for use of "one" and other relevant documents
The present terms and conditions apply to the online services ("Services") provided by Viseca Card Services SA ("Issuer") to holders ("Cardholders") of a primary or additional card or a business card of the Issuer ("Card(s)") under the label "one" (or "one" in connection with the name of an intermediary bank).


"one" is available via:

  • the "one" website  ("Website“) and
  • the "one" app ("App“)

Attention should be paid to further information regarding "one" – in particular with regard to data processing and data security – available in the data protection policy, the terms of use of the Website and on the Website itself.
The present terms and conditions apply in addition to the respective general terms and conditions for the use of cards for private or companies ("Viseca Card Terms and Conditions"). In the event of any deviating regulation the present terms and conditions shall have priority to the Viseca Card Terms and Conditions.
The present terms and conditions consist of a general part for the use of "one" and a specific part, for the use of specific Services provided on "one".

1.2 What is "one" and how will it be further developed?
"one" comprises Services of the Issuer. In the course of its further development, "one" will substitute existing Services of the Issuer (e.g. MyAccount / surprize.ch).
The use of "one" requires a registration. Newly provided Services will be made available to registered Cardholders via updates. The Issuer will inform the Cardholder in an appropriate way of further developments and, where applicable, changes to the present terms and conditions.

1.3 What are the functions of "one"?
"one" can – currently or in future – comprise the following functions in particular:

  • User account to manage personal data;
  • Control and confirmation of payments, e. g. by using 3-D Secure (MasterCard SecureCode or Verified by Visa), in the App or by submitting an SMS-code (see clause 5);
  • Control and confirmation of specific operations (e.g. logins, contacts with the Issuer) in the App or by submitting an SMS-code;
  • Activation of cards in order to use Masterpass (see clause 6);
  • Activation of cards for the usage of payment methods (see clause 7 and clause 8);
  • Exchange of messages and notifications of any sort between the Cardholder and the Issuer (including e.g. notifications of a change of the present terms and conditions) provided that such communication or notification is not subject to any specific form (e.g. written complaints regarding monthly statements);
  • Overview of transactions or cards and electronic display of invoices (currently: MyAccount);
  • Overview of the bonus program account and the possibility to redeem points (currently: surprize account);
  • Information relating to the usage of the card (currently: SMS services).

1.4 Advantages of "one"
"one" offers the following advantages to the Cardholder:

  • "one" makes the access to the Services safer: A state-of-the-art procedure for the authentication of the Cardholder allows the verification and confirmation that the operations are actually effected by the Cardholder – by using the Cardholder's mobile phone as a second factor (besides login) and through a secured communication channel between the Cardholder and the Issuer.
  • "one" bundles the Issuer's Services on one single platform and is therefore clearer.
  • "one" makes access to the different Services of the Issuer easier: one user name and one password allow registration and login for different Services.
  • Online payments using 3-D Secure are faster: Instead of entering the 3-D Secure password, the payment can be controlled and confirmed using the App or by submitting an SMS-Code.
  • Masterpass allows payment in online shops without having to enter the card and customer information each time.

2. Use of "one"
2.1 Right of use
The Cardholder is entitled to use "one" only under the following conditions:

  • He is able to implement the present terms and conditions and the respective requirements (see especially clause 3.2.1 and clause 3.2.3) and
  • He is entitled to use a card of the Issuer as the Cardholder of a primary or additional card or a business card of the Issuer.

2.2 Consent upon registration and regarding further developments of "one"
By using "one", the Cardholder expressly gives consent to the Issuer as follows:

  • Consent to the processing of data that was or will be collected in the course of the Cardholder's use of "one". This includes consent to combining this data with already existing data at the Issuer and to creating profiles for risk management and marketing purposes by the Issuer or on behalf of entities being part of Viseca (www.viseca.ch) and third parties in accordance with the data protection policy.
  • Consent to receiving notifications and information relating to products and services of the Issuer, Viseca and third parties for marketing purposes (advertisements). The Issuer can send these by e-mail or directly via the App or the Website.
  • Consent to using the e-mail address provided by the Cardholder during the registration process as well as the Website and the App for reciprocal electronic communication with the Issuer (e.g. notification of address changes, notification of changes of terms and conditions or notifications relating to the prevention of card abuse).

Consent to receiving notifications relating to products and services and/or to the processing of data for marketing purposes may be revoked at any time by notification to the Issuer with effect for the future (opting-out right). The relevant contact details can be found in the data protection policy.

2.3 Declining consent within the course of future development of "one"
If the Cardholder declines his consent to any term or condition in the course of the further development of "one" (e.g. in the case of updates), the App or the Website or specific Services may possibly not or no longer be available for the Cardholder.

2.4 Effect of confirmation
Each confirmation in the App or by submitting an SMS-code counts as an operation effected by the Cardholder. The Cardholder is entitled to prove otherwise. The Cardholder undertakes to be responsible for any charges to his card resulting from confirmations and authorizes the Issuer to execute the corresponding orders and to perform the corresponding actions.

2.5 Availability / Blocking / Changes
The Issuer has the right to interrupt, restrict, cease or replace the use of "one" at any time and without prior notification, subject to sufficient reasons. In particular, the Issuer may block the Cardholder's access to "one" temporarily or definitely (e.g. in case of a potential abuse).

2.6 Intellectual property rights and licence
All rights (especially copyrights and trademark rights) related to software, texts, images, videos, names, logos and other data and information, which are available or become available in the course of time through "one", belong exclusively to the Issuer or the respective partners of the Issuer (e.g. Mastercard, Visa) unless otherwise specified by the present terms and conditions. The names and logos that appear on "one" are protected trademarks.
For the use of the App the Issuer grants the Cardholder a non-exclusive, non-transferable, unlimited, revocable and royalty-free license in order to download the App, to install the App on a device in the permanent possession of the Cardholder and to use the App for the designated purposes.
For the use of the Website, the Licence terms pursuant to the Terms of use of the Website (in section "Property rights in the Website, trademarks and copyrights") apply.



3. Risks, exclusion of warranty, general duties of care and notification  
3.1 Risks in using "one"
The Cardholder acknowledges and accepts that the use of "one" involves risks.

In particular, the use of "one" may involve the risk that cards, user names and passwords, devices used or personal data of the Cardholder may be abused by unauthorized third parties. Thereby the Cardholder may incur a financial loss (from a charge to his card) or a violation of personality rights (by abuse of personal data). 
Further, there is a risk that "one" or one of the Services provided through "one" cannot be used (e.g. no login to "one" possible).

Abuse is enabled or promoted in particular by:

  • a violation of the duties of care and notification by the Cardholder (e.g. by careless use of the user name / password or by not reporting the loss of his card);
  • the Cardholder's settings or defective maintenance of devices or systems employed for the use of "one" (e.g. computer, mobile phone, tablet or other information technology infrastructure) e.g.  due to a missing screen lock, missing or insufficient firewall or virus protection or outdated software;
  • interference by third parties or faults during data transmission over the internet (e.g. hacking, phishing or data loss);
  • incorrect confirmations in the App or by submitting an SMS-code (e.g. due to insufficiently controlling a request for confirmation);
  • Weaker security settings for "one" chosen by the Cardholder – especially with respect to the App (e.g. saving of login credentials).

If the Cardholder complies with the following duties of care and notification with respect to the use of mobile devices and passwords as well as with the duty to control requests for confirmation he can reduce the risk of abuse. Further information on how to reduce the risks when using "one" is available on the Website.

The Issuer neither assures nor warrants that the Website or the App are permanently accessible or that they run consistently without any faults or that cases of abuse can always be detected and prevented.

3.2 General duties of care of the Cardholder
3.2.1 General duties of care with respect to the employed devices and systems, especially mobile devices
"one" uses among others Mobile Devices (e.g. mobile phone, tablets; each a "Mobile Device") to authenticate the Cardholder. Safeguarding these Mobile Devices at all time is therefore an essential security factor. The Cardholder must handle Mobile Devices with adequate care and take adequate measures to protect them.
The Cardholder must therefore comply in particular with the following duties of care with respect to the employed devices and systems, especially Mobile Devices:

  • screen lock must be activated on Mobile Devices and further security measures must be applied in order to prevent unauthorized access;
  • Mobile devices must be kept in a safe place protected from access by third parties and must not be given to third parties for continuous or unsupervised use;
  • Software must be updated regularly (e.g. operating system and internet browser);
  • The Cardholder must not interfere with the operating system (e.g. by jailbreaking or rooting);
  • The Cardholder must install and keep up-to-date virus protection and internet security programmes on his laptop/computer;
  • The App must be downloaded exclusively from the official stores (e.g. Apple Store and Google Play Store);
  • App updates must be installed promptly;
  • In case of loss of a Mobile Device the Cardholder must undertake all possible measures to prevent unauthorized access by third parties to data transmitted by the Issuer onto the Mobile Device (e.g. by locking the SIM card, locking the device, deleting the respective data for example via "Find My iPhone" or "Android Device Manager" respectively, resetting of the user account by himself or by the Issuer). The loss must be reported to the Issuer (see clause 3.3);
  • Before the Mobile Device is sold or otherwise permanently transferred to a third party the App must be deleted

3.2.2 General duties of care with respect to the password
Besides the possession of the Mobile Device, the user name and password serve as additional factors for the authentication of the Cardholder.
With respect to the password, the Cardholder must comply in particular with the following duties of care:

  • The Cardholder must determine a password that he has not used for any other service and the combination of which is not easily identifiable (e.g. telephone number, birth date, car license number, names of the Cardholder or related persons, repeated or directly consecutive series of letters or numbers such as "123456" or "aabbcc");
  • The password must be kept secret. It must not be given or made accessible to any third party. The Cardholder notes that the Issuer will never request disclosure of the password;
  • The password must not be written down anywhere or saved unsecured;
  • If the Cardholder suspects that a third party is in possession of the password or other data, the Cardholder must change the password or reset the user account himself or request the resetting of the user account by the Issuer ;
  • The password must only be entered in such a way that no third party can see it.

3.2.3 General duties of care with respect to requests for confirmation, especially controls
Confirmations are binding on the Cardholder.
Therefore, the Cardholder has the following duties of care with respect to confirmations in the App or by submitting an SMS-code:

  • The Cardholder may only accept a confirmation where the request for confirmation is in immediate connection with a certain action or a certain operation of the Cardholder (e.g. payment, login, contact with the Issuer);
  • Before any confirmation, the Cardholder must verify whether the subject of the request for confirmation conforms to the relevant operation. In particular, with respect to requests for confirmation regarding 3-D Secure, the Cardholder must verify the displayed payment details.

3.3 General duties of notification of the Cardholder
The following events must be reported to the Issuer immediately:

  • Loss of a Mobile Device, however, not in cases where such device is only misplaced temporarily;
  • Requests for confirmations that are not connected to an online payment, a login by the Cardholder, a contact with the Issuer or similar operations (suspicion of abuse);
  • Any other suspicion that requests for confirmation in the App or the SMS-code may not originate from the Issuer;
  • Suspicion of abuse of the user name, the password, Mobile Devices, the Website, the App etc. or suspicion that any of these items may have come into the possession of an unauthorized third party;
  • Change of the Cardholder's telephone number or any other relevant personal data;
  • Change of the Mobile Device, which is employed for "one" (in such cases the App must be newly registered).

In any of the above cases, the Cardholder must notify the Issuer immediately over the Website or in another way. Moreover, any possible abuse or loss of a Mobile Device must be reported immediately to the Customer Care Centre of the Issuer by telephone: tel. +41 (0)58 958 84 90 or +41 (0)58 958 83 83 (24h service).


4. Liability
4.1 Liability for damages in general
Subject to clause 4.2, the Issuer shall be liable for the Cardholder's damages (without excess), which are not already covered by insurance,

  • if the respective damages:
    • have been caused as a result of a verifiably illegal interference against the facilities of network and/or telecommunication operators or the devices and/or systems (e.g. personal computer, Mobile Devices and other data processing devices) used by the Cardholder and
    • the Cardholder complied with the general and specific duties of care and notification stipulated in the preceding clauses 3.2. and 3.3 and especially the obligation to control requests for confirmation and the obligations to check monthly transaction statements and report any incorrect transaction to the Issuer immediately, which are stipulated in the Viseca Card Terms and Conditions, and
    • the Cardholder is otherwise not at fault for the incurred damages; 
  • If the respective damages were caused exclusively by a violation of the customary level of due care on the part of the Issuer.

Subject to gross negligence or intent, the Issuer does not assume any liability for any potential consequential or indirect damages incurred by the Cardholder.

4.2 Exceptions
The Cardholder bears the risk for damages in the below mentioned cases himself and the Issuer does not assume liability in said cases:

  • If the respective damages are not covered by the Issuer according to clause 4.1 (namely in the case of a violation of the duties of care and notification by the Cardholder), or
  • if the Cardholder, the partner of the Cardholder, direct relatives (especially children or parents) or other persons close to the Cardholder, representatives, holders of additional cards and/or persons living in the same household as the Cardholder submitted an operation (e.g. a confirmation via the App or via SMS-Code).



B Specific Part

5. 3-D Secure
5.1 What is 3-D Secure?
3-D Secure is an internationally recognized security standard for online credit card payments. This standard is called "SecureCode" by MasterCard and "Verified by Visa" by VISA. According to the Viseca Card Terms and Conditions, the Cardholder is obliged to apply said standard when effecting a payment provided that the standard is offered by the respective point of acceptance ("Merchant").
The use of 3-D Secure is only possible by registering for "one".

5.2 How does 3-D Secure work?
Payments effected with 3-D Secure can be confirmed (authorized) in two ways:

  • by using the App or
  • by entering a code sent by the Issuer to the Cardholder (SMS-code) in the respective window of the browser during the payment procedure.

According to the Viseca Card Terms and Conditions, every authorised payment using 3-D Secure shall be deemed to have been effected by the Cardholder.

5.3 Activating Cards for 3-D Secure
With the registration for "one", 3-D Secure will be activated for all Cards registered in the Cardholder's name and associated with the registered business relationship between the Cardholder and the Issuer.

5.4 Deactivating Cards for 3-D Secure
For security reasons, 3-D Secure cannot be deactivated once it has been activated.


6. Masterpass
6.1 What is Masterpass?
In the "Masterpass Wallet" ("Wallet") card and customer information (e.g. address information) of the Cardholder will be stored. If the Cardholder chooses the option "Paying with Masterpass" on the merchant’s website, this information will be transmitted to the Merchant by the Issuer. The Wallet is provided free of charge to the Cardholder by the Issuer in cooperation with MasterCard Europe sprl („MasterCard“).

6.2 How does Masterpass work?
If the Cardholder chooses the Option “Paying with Masterpass” when paying at a merchant, the Issuer will transmit the card and customer information of the Cardholder stored in the Wallet to the Merchant via MasterCard, after the Cardholder has logged by entering the "one" user information and the login has been confirmed in in the App or by submitting an SMS-code.
Neither by activating the cards in the Wallet nor by using the Wallet will a contract be concluded between the Cardholder and MasterCard. A liability by MasterCard for any damages of the Cardholder which may result from using Masterpass is therefore excluded – to the extent permitted by law. The Issuer’s liability is governed by clause 4 of the present terms and conditions.

6.3 Activating Cards for Masterpass by registering for "one"
In the course of the registration for "one"

  • Masterpass will be automatically activated by the Issuer for all cards registered for "one";
  • the login credentials for "one" will be set as the user name and password for the Wallet;
  • the card and customer information of the Cardholder stored in the Wallet (first and last name of the Issuer, date of expiry, delivery address) of cards registered for "one" will be saved at the Issuer’s;
  • the invoicing addresses stored by the Issuer will be defined as the delivery addresses in the Wallet.

6.4 Deactivation / reactivation of Cards / opting-out of Masterpass
Cards that have been automatically activated for Masterpass can be deactivated or reactivated individually via the "one" user account. When deactivating all cards they will be deleted from the Wallet and the card and customer information will not be automatically updated anymore.
Reactivating a single card or the entire Wallet is possible at any time.

6.5 Changes / updating information saved in the Masterpass Wallet
Changes to the card and customer information will be automatically updated in the Wallet.
Changes to the invoicing address stored by the Issuer will automatically lead to an update of the delivery address in the Wallet.
Delivery addresses added or changed during a payment process will neither change the primary delivery address saved in the Wallet nor the invoicing address stored by the Issuer.

6.6 Special duty of care obligation Masterpass
Because the delivery address in the Wallet may differ from the Cardholder’s actual delivery address, the Cardholder is obliged to check the delivery address transmitted to the Merchant when paying with Masterpass.

6.7 Paying with the Masterpass Wallet
Paying with Masterpass is a normal card transaction. The respective contract will therefore be concluded exclusively between the Cardholder and the respective Merchant. Hence, when using the Wallet no contract will be concluded between the Cardholder and MasterCard.

6.8 Blocking of and changes to the Masterpass Wallet
In the case of a definitive blocking or a cancellation of a card, such card will be deleted from the Wallet.
In the case of deactivation of "one" or the blocking of the "one" user account the Wallet may no longer be available.
The Issuer or MasterCard may further develop or block the Wallet at any time; in particular if there is reason to believe that the Wallet is being misused.

7. Mobile Payment
7.1 What is Mobile Payment?
Mobile Payment designates solutions for the use of Cards via a Mobile Device. Mobile Payment allows Cardholders who have a compatible Mobile Device to use authorised Cards via a mobile application (app) of Viseca (see clause 7.7) or of a third-party provider for contactless payment and for payment in online shops and in apps. For security reasons, instead of the card number a different number (token) is generated in each case and stored as a "virtual card". Virtual cards may be used via Mobile Payment like a physical Card. When paying with a virtual card, only the generated number (token) and not the card number is communicated to the Merchant.

7.2 What Mobile Devices are compatible, and what Cards are authorised?        
Examples of compatible Mobile Devices are computers, mobile phones, smart watches and fitness trackers, provided they support the use of virtual cards and are authorised by the Issuer. The Issuer is furthermore free to decide which Cards to authorise for which service providers. Further information on compatible devices and authorised Cards is available on the website of the Issuer or on the website of the manufacturer of your Mobile Device. This information is not binding and may be changed at any time.

7.3 Activation and deactivation
For security reasons, a Card cannot be activated unless the Cardholder accepts the respective service provider's terms and conditions of use and the service provider's privacy policy. The Cardholder shall be liable to the Issuer for damages caused by a breach of these terms and conditions.
Virtual cards may be used by the Cardholder via the app until the Card is blocked or deactivated. The foregoing shall be without prejudice to any restrictions on the use of the Card pursuant to the respective applicable Viseca Card Terms and Conditions. The Cardholder may terminate the use of Mobile Payment at any time by removing his or her virtual card(s) from the respective service provider.
Costs associated with the activation and use of virtual cards (such as costs for mobile internet use abroad) shall be borne by the Cardholder.

7.4 Use of the virtual card (authorisation)
The use of a virtual card corresponds to a standard Card transaction. Any use of a virtual card shall be deemed to have been authorised by the Cardholder. The Cardholder has the right to prove the contrary.
The use of virtual cards must be authorised in the manner specified by the service provider or Merchant, e.g. by entering a device PIN or using fingerprint or facial recognition. The Cardholder acknowledges that this increases the risk that virtual cards may be used by unauthorised parties, if the additional means of authorisation, if any, required by the service provider or Merchant (device PIN or Card PIN) consists of easy to determine combinations (“1234”). The Cardholder acknowledges that, depending on the service provider or Merchant, no authorisation may be required up to a certain amount, as determined by such service provider or Merchant.
In all other respects, liability shall be determined in accordance with clause 4 hereof.
7.5 Special duties of care
The Cardholder acknowledges and accepts that the use of Mobile Payment involves risks despite all the security measures taken. In particular, it is possible that virtual card(s) and personal data may be misused or viewed by unauthorised parties. This may result in financial harm to the Cardholder (through wrongful debiting of a Card) and in violations of the Cardholder's privacy (through the misuse of personal data).
The Cardholder must therefore treat the devices and virtual cards used with care and ensure that they are protected. In addition to the duties of care specified in the respective applicable Viseca Card Terms and Conditions and the general duties of care and notification specified in clauses 3.2.1 and 3.3, the Cardholder must comply, in particular, with the following special duties of care:

  • The devices used must be used as intended and kept securely protected from any third-party access;
  • virtual cards, like physical Cards, are personal and non-transferable. They may not be provided to third parties for use (e.g. by storing fingerprints and/or by scanning the faces of third parties in order to unlock the device used);
  • where a Mobile Device is exchanged or transferred on (e.g. in the event of a sale) every virtual card must be deleted in the service provider's app and in the Mobile Device;
  • any suspected misuse of a virtual card or a device used with it must be reported to the Issuer immediately so that the affected virtual card can be blocked.

7.6 Exclusion of warranty
There is no entitlement to the use of Mobile Payment. The Issuer may suspend or terminate the use, i.e. the possibility of using virtual cards, at any time, in particular for security reasons or where there are changes to the Mobile Payment offering or a restriction of the authorised Cards or compatible devices. Furthermore, the Issuer shall not be responsible for actions and offerings of the service provider or other third parties, such as internet and telephone providers.

7.7 Card use on the "one" app
A Cardholder who has a compatible device can activate his/her Card(s) in the Issuer's "one" app and use them as virtual cards. To ensure the security of Mobile Pay, the Cardholder must specify a secret number during activation. The Issuer may adapt this service at any time. In all other respects, the terms and conditions for Mobile Payment shall apply, in particular the special duties of care according to clause 7.5.

7.8 Data protection
The third-party provider and the Issuer shall be independently responsible for their respective processing of personal data. The Cardholder acknowledges that personal data in connection with the offering and the use of Mobile Payment (in particular, information concerning Cardholders and activated Cards and transaction data arising from the use of virtual cards) are collected by the third-party provider and stored and processed in Switzerland or abroad. The processing of personal data by the third-party provider in connection with Mobile Payment and the use of offerings and services of the third-party provider, including the said provider's devices and software, shall be governed by its terms of use and its privacy policy. With each activation of a Card, the Cardholder therefore confirms that he has read and understood the relevant privacy policy of the respective third-party provider and that he/she expressly agrees that the data may be processed accordingly by the third-party provider. If he/she does not wish the data to be processed accordingly, it is the Cardholder's responsibility not to activate a Card or else to notify the third-party provider that he/she objects to the processing. The processing of personal data by the Issuer shall be governed by the Data Protection Policy for one and the general Data Protection Policy of Viseca.

Version 05/2019