中 銀 信 用 卡 購 物 一 次 性 密 碼 網 上 保 安 驗 證 服 務 ( 「 驗 證 服 務 」 ) 乃 中 銀 信 用 卡 （ 國 際 ） 有 限 公 司 ( 「 卡 公 司 」 ) 根 據 下 述 之 條 款 及 細 則 ， 向 卡 公 司 發 行 的 有 效 Visa 信 用 卡 ／ 萬 事 達 信 用 卡 （ 「 信 用 卡 」 ） 的 持 卡 人 提 供 的 服 務 。 在 登 記 及 啟 動 使 用 驗 證 服 務 之 前 ， 謹 請 細 閱 本 條 款 及 細 則 。

中銀信用卡購物一次性密碼網上保安驗證服務之條款及細則

重 要 提 示

中 銀 信 用 卡 購 物 一 次 性 密 碼 網 上 保 安 驗 證 服 務 ( 「 驗 證 服 務 」 ) 乃 中 銀 信 用 卡 （ 國 際 ） 有 限 公 司 ( 「 卡 公 司 」 ) 根 據 下 述 之 條 款 及 細 則 ， 向 卡 公 司 發 行 的 有 效 Visa 信 用 卡 ／ 萬 事 達 信 用 卡 （ 「 信 用 卡 」 ） 的 持 卡 人 提 供 的 服 務 。 在 登 記 及 啟 動 使 用 驗 證 服 務 之 前 ， 謹 請 細 閱 x 條 款 及 細 則 。

本 條 款 及 細 則 旨 在 補 充 管 轄 使 用 信 用 卡 的 持 卡 人 合 約 （ 「 持 卡 人 合 約 」 ） ， 並 須 被 視 作 為 納 入 成 為 持 卡 人 合 約 的 一 部 份 。 除 x 條 款 及 細 則 外 ， 驗 證 服 務 服 務 亦 須 受 卡 公 司 不 時 發 出 並 適 用 於 驗 證 服 務 的 規 則 、 規 例 及 指 引 所 管

轄 。

1. 接 受 條 款

(a) 持卡人使用 驗證服務 時，須受本文所載並經卡公司不時修訂之條款及細則（「此等條款」）所管轄。客戶可於卡公司網址 xxx.xxxx.xxx.xx 查閱此等條款的最新版本。

(b) 每當持卡人登記、啟動或使用 驗證服務 ，該行為將構成持卡人接受此等條款之不可推翻的證據。如持卡人於接獲此等條款的修訂通知後繼續使用 驗證服務 ，該行為將構成持卡人同意接受經修訂的條款，並受其約束。

(c) 除文意另有所指外，任何就增加、提升或修改 驗證服務 而提供的新功能，須受此等條款所管轄。

(d) 卡公司保留權利，在不論有否作出通知的情況下，包括但不限於在懷疑持卡人可能違反保安又或卡公司有合理理由懷疑持卡人所提供的資料可能不全或不準確，又或 驗證服務 系統需進行維修的情況下隨時及不時對 驗證服務 （或其任何部分）作出臨時或永久性的暫停、修改或終止，以保障持卡人的權益。任何持卡人於 驗證服務 終止或暫停前所作出的網上或其他交易將仍有效，而持卡人就該等交易仍需受此等條款及細則項下的責任及義務約束。

(e) 如卡公司提出要求，持卡人須簽署此等條款的文本。 2. 驗 證 服 務 之 說 明

驗證服務 是一項由卡公司提供的服務，卡公司會透過短訊發送一次性密碼到持卡人登記手提電話號碼，持卡人需使用該一次性密碼（或卡公司不時訂明的其他鑑別資料或工具）（「一次性密碼」）核實持卡人身份，藉此為持卡人在互聯網上或透過電訊的方式使用信用卡時提供保障。該一次性密碼將以短訊形式由卡公司發送到持卡人在啟動使用 驗證服務 時所登記的手提電話號碼(或其後登記更新的手提電話號碼)。當持卡人在任何參與 驗證服務 的商號（「 驗證服務商號」）的網站上或透過電訊的方式使用 驗證服務進行交易（統稱「驗證交易」）時，而該驗證交易涉及的金額超過卡公司不時定出的金額時，必須使用一次性密碼(如適用時，持卡人將獲悉要求輸入一次性密碼)。在啟動使用 驗證服務 時，持卡人須向卡公司

提供若干個人資料(包括但不限於手提電話號碼)，以便就任何驗證交易確認其身份。由卡公司提供的 驗證服務 包括 “Visa 驗證”、 “MasterCard SecureCode”以及其他相關及不時由卡公司提供的服務。

3. 服 務 啟 動

(a) 持卡人同意向卡公司提供其真實、準確、有效及完整的個人資料(包括但不限於其手提電話號碼) （「持卡人資料」）以及其他協助確認其身份的資料以啟動使用 驗證服務 ，而持卡人須遵照卡公司不時訂明之任何啟動程序進行服務啟動，方可使用 驗證服務 。持卡人亦確認其具有合法權利使用其所登記使用 驗證服務 的所有信用卡。

(b) 如欲啟動及使用驗證服務，持卡人必須能夠接駁互聯網，亦須自行繳付任何有關接駁服務的費用。 4. 資 料 之 準 確 性

(a) 持卡人承諾維持及即時更新持卡人資料(包括但不限於手提電話號碼)，藉此保持持卡人資料真實、準確、有效及完整性，並於卡公司提出要求後，向卡公司提供卡公司認為適合的資料。若持卡人提供任何不真實、不準確、並非最新或完整的持卡人資料(包括但不限於手提電話號碼)，或卡公司有合理理由懷疑持卡人登記持卡人資料不真實、不準確、並非最新或完整，卡公司有權暫停、終止或拒絕讓持卡人在現時或將來使用 驗證服務 及／或進行任何驗證服務交易。

(b) 若持卡人未能提供充分的資料以確認持卡人的身份，卡公司可能無法向持卡人提供驗證服務，因此卡公司保留不准許持卡人登記驗證服務的權利。若持卡人不能啟動 驗證服務 ，持卡人可能無法進行任何驗證交易。

(c) 若卡公司的內部記錄，與關乎持卡人資料或持卡人的信用卡、相關戶口或持卡人對 驗證服務 的使用的資料有歧異，在沒有反證的情況下，應以卡公司的內部記錄為準。

5. 鑑 別 程 序

(a) 在按照卡公司訂明的方法啟動 驗證服務 後，在持卡人按卡公司指定的程序進行任何適用的驗證交易時，卡公司會向持卡人提供一次性密碼。該驗證交易涉及的金額超過卡公司不時訂出的金額時，持卡人必須先輸入由卡公司以短訊發送予持卡人的一次性密碼，然後有關 驗證服務商號才會接受持卡人以其信用卡支付有關交易的款項。該一次性密碼將以短訊形式（「一次性密碼短訊」）由卡公司發送到持卡人在啟動使用 驗證服務 時所登記的手提電話號碼(或其後登記更新的手提電話號碼)。

若持卡人不能在指定時間內提供一次性密碼，或未能通過 驗證服務的鑑別程序，持卡人可能無法進行任何 驗證交易。

(b) 但凡持卡人啟動或使用 驗證服務 ，即表示持卡人同意使用 驗證服務 以證明其身份，包括用於預先核准定期進行的交易。

(c) 持卡人得悉當持卡人身處外地或使用外地流動電話網絡時，持卡人應知悉能否以短訊方式接收一次性密碼 是視乎流動電話服務供應商所提供的服務。流動電話服務供應商亦可能就接收一次性密碼短訊向持卡人收取費用，卡公司對有關收費或由有關流動電話服務導致的損失概不承擔任何責任。

(d) 持卡人得悉一次性密碼短訊可能因流動電話服務供應商的網絡情況而有所延誤，因流動電話服務網絡而導致一次性密碼短訊服務延誤或中斷所引致持卡人的損失，卡公司概不承擔任何責任。

(e) 一次性密碼短訊只會發送至持卡人向卡公司登記(或其後更新)的手提電話號碼。持卡人得悉即使持卡人已啟動香港流動電話服務供應商提供的「短訊轉駁服務」，一次性密碼短訊亦不會被轉駁至其他手提電話號碼。

6. 持 卡 人 資 料 的 處 理

(a) 就啟動服務而言，卡公司須將若干有關持卡人的資料傳送給其他有關的第三者，以核實持卡人之身份。持卡人謹此授權卡公司使用卡公司不時管有，並由持卡人於使用 驗證服務 時所需提供之任何資料，及就有關 驗證服務 向其他有關第三者披露該等持卡人資料。

(b) 持卡人確認及同意，在作記錄及報告用途、解決交易糾紛以及在(i)遵守法律程序、法律或法規或(ii)執行此等條款所需的合理情況下，卡公司可向任何第三者披露有關持卡人資料及使用 驗證服務 的相關資料。

(c) 持卡人資料及一切可資識別持卡人的個人身份的資料，均受卡公司的資料政策通告管轄(或不時由卡公司 以任何名稱發出有關個人資料的使用、披露及轉移的一般政策的其他文件)。如欲查閱該資料政策通告， 持卡人可瀏覽卡公司於 xxx.xxxx.xxx.xx 的網址。持卡人亦可向卡公司取索取有關資料政策通告的文本。

7. 持 卡 人 保 安 措 施

(a) 持卡人同意就使用 驗證服務 及一次性密碼的保安承擔完全責任，並同意於使用 驗證服務 時審慎地和真誠地行事，包括採取下列(b)、(c)及(d)條下的措施，以保障 驗證服務 及一次性密碼的安全。

(b)_ 持卡人須獨自為其手提電話號碼接收的一次性密碼、持卡人資料、啟動服務的資料及與 驗證服務及驗證交易有關之其他核證資料，以及一切涉及使用上述任何一項的活動或交易的保密事宜而負全責。持卡人同意不會向任何其他人仕透露或以其他形式容許或促使任何其他人仕可取得任何一次性密碼以及其他與 驗證服務及驗證交易有關之其他核證資料,並同意不會將其 驗證服務 使用權或接駁權轉移或轉讓予任何第三者。

(c) 倘若持卡人得悉或懷疑其任何一次性密碼或用於驗證交易有關之其他核證資料實際上有或可能有被誤

用，又或實際上有或可能發生違反此等條款的資料保密條款的情況，或違反任何其他保安程序，持卡人須立即按照持卡人合約所載的通知程序或卡公司不時訂明的其他程序通知卡公司。

(d) 持卡人同意其將嚴格遵守卡公司就使用 驗證服務 及一次性密碼而不時發出的任何規則、規例及指引，包 括但不限於卡公司就使用 驗證服務 及一次性密碼而不時發出的安全建議及通告。

8. 持 卡 人 責 任

(a) 持卡人必須為透過信用卡使用驗證服務（包括任何其他人仕以持卡人的一次性密碼使用驗證服務）進行之所有交易負責，有關之交易款項將記入持卡人的信用卡賬戶內並顯示於信用卡賬戶的結單上。

(b) 持卡人需為其未有遵守此等條款第 7 條下保安措施而招致的所有損失損害負責。

(c) 若持卡人未有遵守此等條款第 7 條下保安措施而令卡公司遭受或招致行動、申索、損失、損害、費用、開支及任何性質的任何其他有關持卡人使用驗證服務（包括任何其他人仕以持卡人的一次性密碼使用驗證服務）進行之所有交易引致的責任，須應卡公司要求賠償。倘若持卡人疏忽地、不誠實地及欺詐性地行事，持卡人亦必須負責所有因使用 驗證服務 而引起的或與之有關的所有申索、損失及後果。

(d) 儘管可能與前文不符，在持卡人容許任何其他人仕以持卡人的一次性密碼使用 驗證服務時，持卡人須為由於使用驗證服務所引起的或與之有關的所有索償、損失、責任及後果負責。

(e) 在持卡人遵守此等條款第 7 條下保安措施、沒有違反此等條款的任何其他條文及沒有疏忽地、不誠實地或欺詐性地行事的前提下，對由於下列原因所引起的損失，持卡人毋須根據此等條款而負責﹕

(i) 驗證服務的保安系統沒有預防的電腦罪行；

(ii) 在卡公司控制之下或卡公司造成的人為錯誤或系統錯誤（不包括卡公司已採取措施提醒持卡人之有關錯誤）；或

(iii) 卡公司或卡公司職員或代理人的欺詐或疏忽。 9. 卡 公 司 的 責 任

(a) 持卡人同意，對於 驗證服務 之任何修改、暫停或終止，卡公司毋須向持卡人或任何第三方承擔責任。

(b) 在任何情況下，對於持卡人因使用 驗證服務 而產生的相應、附帶、特殊或間接損失或其他損害（如持卡人的電腦設備、軟件、通訊或電話服務所蒙受的任何損害），卡公司毋須負責。

(c) 對於持卡人因接駁或使用卡公司的網站、或因從卡公司的網站進行下載而引致任何病毒對持卡人電腦設備或其他財產造成的任何損害，卡公司概不負責，亦不承擔任何責任。

(d) 雖然卡公司將會盡商業上一切合理努力，確保所有驗證交易、密碼資料的安全，但卡公司並不擔保有關資料的絕對安全（尤其是（但不限於）在涉及欺詐或其他互聯網／電訊罪行情況下有關資料的安全）。持卡人確認，在互聯網或透過電訊的方式傳送資料存在固有潛在的風險。而持卡人亦同意及確認，不論持卡人有否嚴格遵守適用於 驗證服務 的規則、規例及指引，對於持卡人因使用 驗證服務 產生的任何損失或損害，卡公司毋須負責。

(e)

持卡人得悉除持卡人合約另有規定外：

(i) 卡公司不會就因持卡人沒有履行此等條款的任何條文，包括但不限於提供不真實、不準確、並非最新或完整的持卡人資料而導致的錯誤交易而負責；

(ii)

持卡人得悉若任何商戶因任何原因拒絕接受以持卡人的信用卡在驗證交易下付款，卡公司均毋須在任何方面負責；以及

(iii) 而對於持卡人因其未能遵守有關規則、規例及指引去使用驗証服務所招致的任何損失或損害，持卡人可能不能向卡公司追討。

10. 終 止 服 務

(a) 持卡人可以書面方式或以卡公司不時訂明的其他通訊方式，要求卡公司終止持卡人之信用卡的 驗證服 務 。卡公司會於實際收訖持卡人終止有關服務的要求通知後的 7 個工作日（不包括星期六）內終止該信用卡之 驗證服務 。

(b) 不論持卡人有否錯失，卡公司亦可隨時在毋須預先通知持卡人的情況下，暫時或永久停止 驗證服務。而持卡人於 驗證服務 停止前使用 驗證服務 進行的任何驗證交易，將不受影響。

11. 與 商 號 進 行 交 易

透過 驗證服務 而與任何驗證服務商號進行的通信或業務往還、對任何驗證服務商號所舉辦的推廣活動的參與（包括有關貨品或服務之付款或交付），以及與該等交易有關的任何其他條款、細則、保證或xx，乃純粹屬於持卡人與該等驗證服務商號之間的事務。持卡人同意，除非適用法例或持卡人合約另有規定，否則對於任何有關交易所產生的任何種類的損失或損害，卡公司毋須負責或承擔責任。持卡人特此確認，卡公司不會核實任何驗證服務商號的身份或驗證服務商號的貨品或服務的質素，這不論有關商號有否參與 驗證服務 。

12. 免 除 保 證 聲 明

(a) 持卡人明確承認及同意，如持卡人使用透過應用 驗證服務 所取得之任何軟件，該等軟件均是在持卡人在行使其獨有的酌情權下決定下載或使用的，而有關風險全由持卡人承擔。除此等條款另有規定外，如持卡人因透過 驗證服務 下載或使用任何有關軟件或其他材料而引致其電腦系統發生任何損毀或數據損失，持卡人須為此負上全責。

(b) 除任何適用法例另有規定外，卡公司並無就 驗證服務 作出任何明確或隱含的xx或保證，包括（但不限於）就任何關於商售性或適合特定用途而作出的保證。

13. 一 般 規 定

(a) 此等條款的英文版本與中文版本若有任何歧異之處，概以英文版本為準。

(b) 就驗證服務而言，若此等條款與持卡人合約本若有任何歧異之處，概以此等條款為準。

Terms and Conditions for BOC Credit Card One Time Password Online Security Service

IMPORTANT

The BOC Credit Card “One Time Password” Online Security Service (the "Verification Service") is provided by BOC Credit Card (International) Limited (the "Company") to cardholders of valid [Visa/ MasterCard] credit cards issued by the Company (the "Card") on the following terms and conditions. Please read these terms and conditions carefully before registering and activating for the Verification Service.

These terms and conditions supplement and are deemed incorporated into the cardholder user agreement(s) governing the use of the Card (the "Cardholder Agreement"). In addition to these terms and conditions, the Verification Service is also subject to the rules, regulations and guidelines applicable to the Verification Service from time to time issued by the Company.

1. ACCEPTANCE OF TERMS

(a) The use of the Verification Service by the Cardholder is subject to the terms and conditions herein as may be amended by the Company from time to time (this "Terms and Conditions"). The most current version of this Terms and Conditions is available on the website of the Company at xxx.xxxx.xxx.xx.

(b) The registration, activation or use of the Verification Service by the Cardholder will constitute conclusive evidence of the Cardholder's acceptance of this Terms and Conditions and that continued use of the Verification Service after the Cardholder has been advised of revisions to this Terms and Conditions shall constitute the Cardholder's Agreement to accept and be bound by such revised terms.

(c) Unless explicitly stated otherwise, any new features that augment, enhance or otherwise change in the Verification Service shall be subject to this Terms and Conditions.

(d) The Company reserves the right at any time and from time to time to modify or suspend or discontinue, temporarily or permanently, the Verification Service (or any part thereof) with or without notice where the Company considers necessary or advisable to do so, including but not limited to, protecting the Cardholder when there is a suspected breach of security, or when the Company has reasonable grounds to suspect that the Cardholder’s registration data is untrue, inaccurate, not current or incomplete or the Company needs to suspend the Verification Service for maintenance or other reasons. Any online or other transactions conducted using the Verification Service prior to its termination or suspension should remain valid and the Cardholder will continue to be bound by his/her liabilities and obligations under this Terms and Conditions in respect of such transactions.

(e) Upon the request of the Company, the Cardholder shall sign a non-electronic version of this Terms and Conditions.

2. DESCRIPTION OF THE VERIFICATION SERVICE

The Verification Service is a service provided by the Company to protect the use of the Card by a Cardholder on the Internet or through means of telecommunication by requiring the Cardholder to verify his/her identity using a one time password (the “One Time Password”) (or such other authentication information or tools from time to time prescribed by the Company), which such One Time Password shall be transmitted through the short message service by the Company to the mobile number registered by the Cardholder during activation of the Verification Service pursuant to Clause 3 of this Terms and Conditions (or as subsequently updated and registered) for transactions that require such One Time Password for verification purpose. The One Time Password will be required (wherever and whenever applicable that the Cardholder shall be informed and requested to do so) when the Cardholder uses his/her Card to make transactions at the websites of any merchants participating in the Verification Service (each a “Designated Merchant”, collectively the "Designated Merchants") or through means of telecommunication utilizing the Verification Service (each a “Designated Transaction and collectively the "Designated Transactions"), provided that the amount involved in such the Designated Transaction exceeds the amount set by the Company from time to time. Activation of the Verification Service involves providing certain personal information of the Cardholder (including but not limited to the mobile number of the Cardholder) to the Company, which is then used to confirm the identity of the Cardholder in connection with any Designated Transactions. The Verification Service based on the protocol and offered by the Company to the Cardholder include “Verified by Visa”, “MasterCard SecureCode” and any other relevant services offered from time to time.

3. ACTIVATION

(a) The Cardholder shall provide true, accurate, current and complete information (including but not limited to the mobile number of the Cardholder) (the "Cardholder’s Information") and any other verification information to the Company to activate the Verification Service, and the Cardholder shall comply with any activation procedures that the Company may from time to time prescribe in order to use the Verification Service. The Cardholder also warrants that he/she has the legal right to use all of the Cards he/she registers for the Verification Service.

(b) In order to activate and utilize the Verification Service, the Cardholder must have the ability to access the internet and must pay any service fees associated with such access.

4. ACCURACY OF INFORMATION

(a) The Cardholder undertakes to maintain and promptly update the Cardholder’s Information, to keep it true, accurate, current and complete and upon the request of the Company provide such information to the Company as it sees fit. The Cardholder acknowledges and confirms that if the relevant Cardholder’s Information provided is untrue, inaccurate, not current or incomplete, or if the Company has reasonable grounds to suspect that the Cardholder’s Information so provided by the Cardholder is untrue, inaccurate, not current or incomplete, the Company shall have the right to suspend, terminate or refuse the Cardholder’s current or future use of the Verification Service and/or to conduct any Designated Transaction.

(b) If the Cardholder is unable to provide adequate information to validate his/her identity, the Company may not be able to provide the Verification Service to the Cardholder and therefore the Company reserves the right to not allow such Cardholder to register and activate for the Verification Service. If the Cardholder has not successfully activated the Verification Service, he/she may not be able to effect any Designated Transactions.

(c) If there is any inconsistency between the Cardholder’s record and the Company’s internal records regarding the Cardholder’s Information, the record of the Designated Transactions conducted by the Cardholder and other information relating to such Cardholder’s Card Account(s) and his/her use of Verification Service, the Company’s internal records will prevail in the absence of evidence to the contrary.

5. AUTHENTICATION

(a) After the registration and activation of the Verification Service in accordance to this Terms and Conditions, the Cardholder will be provided with a One Time Password when performing or effecting the Designated Transaction (wherever and whenever applicable) in the manner prescribed by the Company. When effecting any Designated Transactions and the use of Verification Service is determined applicable for any Designated Transaction which involves a transaction amount exceeding the amount set by the Company from time to time, the Cardholder will be required to insert an One Time Password before the relevant Designated Xxxxxxxx accepts his/her Card in payment for the transaction. Such One Time Password shall be automatically generated and transmitted through the short message service by the Company (the “One Time Password SMS”) to the mobile number registered by the Cardholder (or as subsequently updated and registered).

If the Cardholder is unable to insert the One Time Password which is provided by the Company, within the prescribed period of time as instructed, or if the authentication through the Verification Service otherwise fails, the Cardholder may not be able to effect any Designated Transaction.

(b) By activating or using the Verification Service, the Cardholder assents to the use of the Verification Service to evidence his/her identity, including for purposes of authorization of transactions authorized in advance to recur at substantially regular intervals.

(c) The Cardholder shall acknowledge that he / she may not be able to receive the One Time Password SMS abroad or using overseas mobile network due to the services provided by his / her mobile service provider. The mobile service provider may also levy service charge to the Cardholder on receiving the One Time Password SMS. The Company is not liable to any service charge levied by mobile service provider or damage / loss due to the performance of mobile network.

(d) The Cardholder shall acknowledge that the One Time Password SMS may be delayed in transmission due to the network performance of the mobile service provider. The Company is not responsible for any delay or undelivery of the One Time Password SMS caused by the mobile network.

(e) The One Time Password SMS will only be sent to the Cardholder’s mobile phone number registered with (or subsequently updated) the Company. Cardholder shall acknowledge that the One Time Password SMS will not be forwarded to any other phone number even if the Cardholder has enabled the “SMS Forwarding Service” provided by mobile phone service providers in Hong Kong.

6. CARDHOLDER’S INFORMATION

(a) For the purpose of activation, certain information of the Cardholder and the Cardholder’s Information is to be transmitted by the Company and other relevant third parties to validate the identity of the Cardholder. The Cardholder hereby authorizes the Company to use any information that the Company may have in its possession relating to and provided by the Cardholder to activate the Verification Service and disclose the Cardholder’s Information to other relevant third parties for purposes related to the Verification Service.

(b) The Cardholder acknowledges and agrees that the Cardholder’s Information and other information in relation to the use of Verification Service may be used for record keeping, reporting purposes and the purposes for resolving transaction disputes and may be disclosed by the Company to other third parties if required to do so as reasonably necessary to (i) comply with legal process, laws or regulations or (ii) enforce this Terms and Conditions.

(c) The Cardholder’s Information and all personally identifiable information about the Cardholder are subject to the Company's Data Policy Notices (or such other document(s) issued under whatever name from time to time by BOCCC relating to its general policies on use, disclosure and transfer of Cardholder’s Information) as the same may be amended from time to time)

which can be viewed from the Company's website at xxx.xxxx.xxx.xx. The Cardholder may also request for a hardcopy of such Data Policy Notice from the Company.

7. CARDHOLDER’S SECURITY DUTIES

(a) The Cardholder agrees and undetakes to act prudently and in good faith for the use of the Verification Service and the One Time Password, including taking the measures listed in sub-clauses (b), (c) and (d) below, in order to safeguard the security of the use of Verification Service and the One Time Password.

(b) The Cardholder shall be solely responsible for maintaining the confidentiality of the One Time Password received and other verification information in connection with the Verification Service and all activities or transactions involving the use of any of the above. The Cardholder must not disclose to any other person or otherwise permit or enable any other person to obtain any One Time Password and other verification information and agrees not to transfer or assign his/her use of, or access to, the Verification Service to any third party.

(c) The Cardholder shall immediately notify the Company of any suspected or actual unauthorized use of his/her One Time Password or other verification information, or any other breach of security in accordance with the notification procedure as set out in the relevant Cardholder Agreement or such other procedure from time to time prescribed by the Company.

(d) The Cardholder undertakes to observe all rules, regulations and guidelines (as updated from time to time) including but not limited to the security recommendations and any other notices circulated by the Company from time to time on the utilisation of the One Time Password and/or the Verification Service.

8. LIABILITIES AND OBLIGATIONS OF CARDHOLDER

(a) The Cardholder shall be liable for all transactions conducted through the Card of the Cardholder using the Verification Service (including use of the Verification Service by any other person with the One Time Password), the amounts of which will be charged to the Cardholder’s Card Account and shown in the Cardholder’s Card Account statements.

(b) Should the Cardholder fails to comply with any of the requirements in Section 7 of this Terms and Conditions, the Cardholder shall bear all losses or damages howsoever arising therefrom.

(c) The Cardholder shall indemnify the Company on demand in respect of all actions, claims, losses, damages, costs, expenses and any other liabilities of any nature which

the Company may suffer or incur as a result of the Cardholder’s use of the Verification Service (including use of the Verification Service by any other person using the One Time Password) pursuant to Clause 7 of this Terms and Conditions. The Cardholder shall also be fully liable for all claims, losses and consequences arising out of or in connection with the use of the Verification Service if the Cardholder has acted negligently, dishonestly and/or fraudulently.

(d) Notwithstanding anything herein to the contrary, the Cardholder is liable for all claims, losses and consequences arising from or in connection with all transactions made using the Verification Service by or with the consent any person whom the Cardholder has authorised or otherwise has disclosed the One Time Password to such person.

(e) Provided that the Cardholder have at all times complied with Clause 7 of this Terms and Conditions, not breached any other provision of this Terms and Conditions and not acted negligently, dishonestly or fraudulently, the Cardholder shall not be liable for any unauthorised transaction due to:

(i) a computer crime that is not prevented by the security system of the Verification Service;

(ii) a human or system error caused by or which is under the Company’s control (except where the Company has already taken steps to alert the Cardholder of such error); or

(iii) fraud or negligence on the Company’s part or on the part of the Company’s staff or agents.

9. LIABILITIES OF THE COMPANY

(a) The Cardholder agrees that the Company shall not be liable to the Cardholder or to any third party for any modification, suspension or discontinuance of the Verification Service.

(b) Under no circumstances will the Company be liable for consequential, incidental, special or indirect losses or other damages, such as any damage to the Cardholder's computer equipment, software, telecommunication or telephone service resulting from the use of the Verification Service by the Cardholders, unless such loss or damage is directly and solely caused by the negligence or deliberate default on the Company’s part.

(c) The Company assumes no responsibility for, and will not be liable for, any damages to, or any viruses which may affect, the Cardholder's computer equipment or other property as a result of the Cardholder's access to, use of, or downloading from, the web sites of the Company.

(d) Although the Company will use all commercially reasonable efforts in ensuring the security of all Designated Transactions and the One Time Password, the Company does not guarantee the absolute security in respect thereof especially in circumstances (without limitation) where fraud or other internet/telecommunication crime is involved. The Cardholder acknowledges the potential risks inherent in transmitting information over the internet or through means of telecommunication and agrees and confirms that the Company shall not be responsible for any loss or damage incurred as a result of the use of the Verification Service by the Cardholder regardless of whether the rules, regulations and guidelines applicable to the Verification Service have been strictly observed by the Cardholder.

(e) The Cardholder further acknowledges that except as otherwise provided in the Cardholder Agreement:

(i) the Company shall not be liable for any loss or damages arising from the Cardholder’s failure to comply with this Terms and Conditions (including but not limited to any wrongful transactions or loss caused by the inaccuracy, outdatedness or incompleteness of the Cardholder’s Information provided by the Cardholder);

(ii) the Company shall not be liable, in any circumstances, for the loss and/or damages arising out of or in connection with a merchant’s refusal to accept card for payment under any Designated Transaction; and

(iii) the Cardholder may not be able to claim from the Company for any loss or damages incurred or caused by the usage of the Verification Service as a result of non-observance of the applicable rules, regulations and guidelines by the Cardholder.

10. TERMINATION

(a) The Cardholder may, by written notice to or through such other mode of communication as may from time to time be prescribed by the Company, request the Company to terminate the Verification Service in respect of his/her Card. The Company will terminate the Verification Service in respect of the Card within 7 working days (excluding Saturdays) after actual receipt of a notification from the Cardholder for such purpose.

(b) The Company may, without prior notice to the Cardholder and regardless of whether the Cardholder is at fault, temporarily or permanently deactivate the Verification Service at any time. Any Designated Transaction made by the Cardholder using the Verification Service prior to deactivation will not be affected.

11. DEALINGS WITH MERCHANTS

The correspondence or business dealings with, or participation in promotions of, any Designated Merchant on or through the Verification Service, including payment and delivery of related goods or services, and any other terms, conditions, warranties or representations associated with such dealings, are solely between the Cardholder and such Designated Merchant. The Cardholder agrees that, except as otherwise provided or in the Cardholder Agreement, the Company shall not be responsible or liable for any loss or damage of any sort incurred as the result of any such dealings. The Cardholder hereby acknowledges and confirms that the Company does not and shall not verify the identity of any Designated Merchant or the quality of the Designated Merchants' goods or services, regardless of whether the merchant participates the Verification Service or not.

12. DISCLAIMER OF WARRANTIES

(a) The Cardholder expressly acknowledges and agrees that any software obtained through the use of the Verification Service is downloaded and used at the sole discretion and risk of the Cardholder and that except as otherwise provided in this Terms and Conditions, the Cardholder will be solely responsible for any damage to his/her computer system or loss of data that results from the download or use of any such software or other materials through the Verification Service.

(b) Except as otherwise required by any Applicable Law, the Company makes no representation or warranty (whether express or implied) about the Verification Service, including, without limitation, any warranty as to the merchantability or fitness for a particular purpose.

13. MISCELLANEOUS

(a) If there is any inconsistency or conflict between the English version of this Terms and Conditions and the Chinese version, the English version shall prevail.

(b) In relation to the use of the Verification Service, if there is any inconsistency between this Terms and Conditions and any other applicable terms and conditions, this Terms and Conditions (in relation to the use of the Verification Service) shall prevail.