Close Menu

Procedural Notes – ENG

Terms & Conditions / Procedural Notes for Mastercard® Identity Check™

1.           Introduction

Mastercard® Identity Check™ is a process to make online payments more secure by verifying the cardholder's identity against personal data. The prerequisite for this is that the online retailer also participates in this procedure. During the payment process, the cardholder confirms that he or she is requesting the payment either by Face ID or Touch ID/Fingerprint or by PIN via the "TransactVerify" app or by entering a transaction number related to the individual transaction and transmitted by SMS (mobileTAN).

To participate in the Mastercard® Identity Check™, you need a mobile device with the option of using the "TransactVerify" app or a device with the option of receiving SMS. Registration is required to participate in the procedure.

2.           Registration

To participate in Mastercard® Identity Check™, cardholders must register via the app or, alternatively, via the homepage of their card-issuing institution. Only after registration is it possible to make an online purchase with Mastercard® Identity Check™. As part of the registration process, the cardholder first requests an identification code. Depending on the settings of the card-issuing institution, there are up to three ways to transmit the identification code:

  • By SMS (after entering certain personal data as well as the mobile phone number)
  • As part of a 1-cent credit to the cardholder's billing account
  • By letter

After entering the identification code, the cardholder determines which variant of the identity check procedure he or she would like to use to identify himself in the future.

a)       In
the registration process for the app procedure, the cardholder is asked to download the "TransactVerify" app to their mobile device via the IOS App Store or Google Play Store. In the app, select the Add credit card option  and follow the process description. The cardholder then identifies himself either by SMS, 1-cent transaction or letter. In order to carry out later payment confirmations, biometric recognition or PIN entry can be selected. If, for example, the app has to be reinstalled due to a change of device or if the PIN to use the app has been forgotten, a new registration must be carried out.

b)     
As part of the registration process for the mobileTAN procedure, the cardholder enters the telephone number of his mobile phone in the registration portal to which the TAN required for payment approval is to be transmitted. For this purpose, a security question must also be determined, which is requested as additional security when purchasing. If the mobile phone number used for the mobile TAN procedure changes or if the answer to the security question has been forgotten, a new registration must be carried out.

The use of secure authentication for online transactions is thus available immediately after registration.

3.           Cost

During registration and when downloading and using the "TransactVerify" app, fees may be charged by the mobile phone or Internet provider used in each case.

If the card-issuing institution charges fees for the use of the mobileTAN procedure, the cardholder will be informed of this during the registration process.

4.           Due diligence requirements for the cardholder

The cardholder must ensure that no third party gains access to his mobile device for the purpose of carrying out secure online transactions. The card-issuing institution will never ask its customers to register or provide their registration details by email or phone call.

The cardholder must compare the correspondence between the transaction data transmitted to him by his card-issuing institution and the data provided by him for the transaction. In the event of discrepancies, the transaction must be cancelled and the card-issuing institution informed.

5.           Unsubscribe Mastercard® Identity Check™

a.         The cardholder can withdraw from participation in the procedure in text form (First Data GmbH, Marienbader Platz 1, 61348 Bad Homburg v. d. Höhe) or by telephone (+49 (0) 69 / 7933 - 2555).

b.         Once the cardholder has opted out, they will no longer be able to use their credit card for online transactions at participating merchants. This requires a new registration for Mastercard® Identity Check™.

6.           Third-Party Service Providers

The card-issuing institution has commissioned First Data GmbH, with a business address in Bad Homburg, Germany, as its service provider to implement Mastercard® Identity Check™. First Data GmbH uses Netcetera AG, based in Zurich, Switzerland, and its subcontractor Entersekt as a service provider, whereby Entersekt does not receive and store any personal data of the cardholder. Registration for Mastercard® Identity Check™ takes place directly at Netcetera, where the cardholder's data from the registration process is stored. If a merchant participates in the Mastercard® Identity Check™ procedure, Netcetera takes over the authentication of the cardholder and informs the merchant whether the authentication process was successful. Netcetera has an adequate level of data protection within the meaning of the General Data Protection Regulation (GDPR). First Data GmbH has agreed with Netcetera on the EU standard contractual clauses on data protection.

 

eStatements

1.       Procedural Notes for eStatements

These procedural instructions for the eStatements govern the use of the additional option of the eStatements. They supplement the terms and conditions of the cards issued by First Data GmbH (hereinafter: "Fiserv"). In the event of any inconsistency between Mastercard's Terms and Conditions and the procedural instructions of the eStatements, Mastercard's Terms and Conditions shall prevail.

2.            Definition and Subject of eStatements

eStatements is an optional additional service that allows credit card statements and individual transactions to be viewed electronically via a secure (encrypted) Internet connection in the app and retrieved from there by means of downloads

3.            Registration; Activation; Other technical requirements

3.1.      In order to use eStatements, the user must activate the eStatements function. Registration for the Mastercard® Identity Check™ service is required. In addition, the function must be activated by the respective financial institution.

3.2.      It is possible to register credit cards from different card issuers (e.g. banks) under one user name.

3.3.      By subscribing to eStatements, the user agrees not to receive the statements for the user card by post, but instead exclusively via the app. Fiserv may continue to send credit card statements to the User by mail or other means if required to do so by law or if it is appropriate due to other circumstances (e.g., the temporary failure of eStatements).

3.4.      The use of eStatements requires the user to have access to the user's device (e.g. mobile device). The user is responsible for the contract for this as well as the associated costs.

3.5.      The app is geared towards smartphones. The use of tablets is possible, but is not recommended by Fiserv. The display on tablets is only supported in portrait format.

4.            Provision of credit card statements; Notification Email

4.1.      Credit card statements are provided to the user once a month, provided that there are card transactions. In the period between two credit card statements, the user can view his transactions by means of a sales query in eStatements. There are currently no explicit notifications of new credit card statements.

4.2.      The statements are provided in PDF format. The statements will be made available in the app for twelve months at the time of creating these procedural notes for eStatements. After that, it will be automatically deleted without a separate message. Fiserv is in a position to provide the User with a paper copy of the statement upon request within the statutory retention periods.

4.3.      The User must retrieve the credit card statements made available in the App as soon as they are made available by Fiserv and immediately check them for accuracy. Any objections must be raised immediately with Fiserv.

5.            Single Transaction Display

5.1.      In addition, Fiserv provides the user with a list of the transactions made (individual transaction display) for viewing for at least three months via eStatements.

5.2.      Fiserv cannot be held liable for the information provided by Mastercard Ethoca in the individual transactions and is without guarantee.

6.            User's due diligence obligations

6.1.      The user must ensure that no other person becomes aware of his access data. In particular, access data may not be stored electronically or noted down in any other form. When using the access data, the user must ensure that third parties cannot spy on them.

6.2.      If the user discovers that another person has gained knowledge of his access data, or if the user suspects misuse of his access data, he is obliged to inform Fiserv immediately by telephone. In this case, Fiserv will block the user's access to eStatements. Fiserv will remove a block or exchange the user's credentials if the reasons for the ban no longer exist. Fiserv will inform the User of this without undue delay.

6.3.      Since attacks on the security of eStatements are possible, it is in the user's own interest to take the necessary measures to ward off these dangers and to keep his smartphone free of all programs that may endanger security. The safety precautions customary in the market must be ensured.

6.4.      If the user enters an incorrect password three times in a row, his access to eStatements is automatically blocked. Access can be released by correctly answering the password question or by requesting a new password via the e-mail address kreditkarteninfo.online@fiserv.com.

7.            Notice

7.1.       The eStatements function can be deactivated in the app at any time. When the card is blocked, the eStatements service is automatically terminated without the need for a separate cancellation.

7.2.      After the expiry of the notice period, the statements will be delivered in paper form to the address specified by the user.

8.            Bank statement after inactivity

8.1.      If the cardholder does not use eStatements for a longer period of time, the cardholder will receive the statements on paper after a time frame defined by the respective financial institution.

9.            No granting of rights

These procedural instructions for eStatements do not grant the user any rights, permissions, rights of use or claims in relation to the systems via the eStatements and the data recorded therein, except for the rights expressly mentioned. A right of use with respect to a patent, trademark, copyright, trade secret or other protected right of Fiserv is not granted to the user on the basis of any prior acquiescence or for any other reason.

 

Additional Terms for Alert Service

1.       Additional Terms for Alert Service

1.1.      These Alert Service Additional Terms govern the use of Alert Service as an add-on option to the eStatements option. They supplement the procedural instructions for eStatements as well as the terms and conditions for the Mastercard. In the event of any inconsistency, the Mastercard Terms shall apply before the Alert Service Procedural Notices and the Mastercard Terms shall apply prior to the eStatements Procedural Notices.

2.           Definition and Subject of Alert Service

2.1.      Alert Service is an optional add-on to the eStatements add-on option. With the help of Alert Service, the user can be informed via push notification about payment transactions made with his card.

2.2.      The activation or deactivation of the Alert Service option is carried out by the respective financial institution.

2.3.      Fiserv reserves the right to change the scope of the Service at any time. The user will be informed of these changes.

3.           Registration and activation; Other technical requirements

3.1.      The use of Alert Service requires the use of the app and registration with Mastercard® Identity Check™.

3.2.      Alert Service requires a mobile device of the user as well as the app. The user is responsible for the contract for this as well as the associated costs of the provider.

3.3.      The push notification can be activated or deactivated via the operating settings of the respective mobile device.

4.           Information about sales made

4.1.      If a corresponding authorization request is made to First Data, the user receives information about transactions made with his card in the app or as a push notification with the help of Alert Service.

4.2.      The notification will be sent immediately after the transaction. Depending on the mobile/internet provider selected by the user, the user may experience delays in receiving these messages; this is outside the area of responsibility of First Data and must be clarified by the user with his mobile phone/internet provider.

4.3.      If the user notices a transaction that was not initiated by him/her, he/she must have the process checked by the service hotline specified in the push notification.

5.           Safety; User's due diligence obligations

5.1.      For security reasons, only the last 4 digits of the card number are transmitted when notified. The user's first and last name are not mentioned. The notification contains information about the merchant and the amount of the transaction.

5.2.      When notifications are sent, the viewing, reading, manipulation or deletion of electronic data by unauthorized third parties cannot be ruled out. The notification is sent unencrypted. Explicit reference is made to this. Fiserv therefore assumes no liability for the security of the data to be transmitted.

5.3.      The user must ensure the security of a notification received on the mobile device or tablet by means of appropriate measures (e.g. a biometrically protected access block).

5.4.      The news is for information purposes only. With regard to sales, only the information on the invoice for the card is legally binding.