General Terms and Conditions | Account, Card Use, Agreement, Definitions

The acceptance date refers to the specific day on which the Originator has met all the necessary conditions imposed by us for the execution of a SEPA Credit Transfer. These conditions encompass, but are not limited to, the following: compliance with all regulatory and legal requirements, adherence to prescribed cut-off times, the assurance of sufficient financial resources in the Account, and the provision of all information necessary to carry out the instruction.

Multi-Currency Account

“Multi-Currency Account” means the underlying account maintained by the us in the name of the Customer, comprising multiple currency balances. Each separate currency balance within the Multi-Currency Account is represented to the Customer in the Application as an individual Wallet (for example, EUR Wallet, USD Wallet, etc.).

Currently, we offer Wallets denominated in euro (EUR) only.

Wallet

“Wallet” means the user-facing representation of the Customer’s funds maintained by us in one or more currencies. Each Wallet corresponds to a specific currency balance (for example, an EUR Wallet) that forms part of a single multi-currency Account opened in the Customer’s name with us. The Wallet shows the available balance in the respective currency and allows the Customer to perform payment transactions through the Application.

A Wallet is not a separate bank account; it is a distinct sub-account or balance under the Customer’s overall multi-currency Account, which is operated and safeguarded in accordance with applicable payment services regulations.

Open Banking Wallet

“Open Banking Wallet” means a Wallet visible within the Application that reflects the balance of a payment account held by the Customer with another financial institution participating in an Open Banking framework (for example, under the PSD2 Account Information Service (AIS) and Payment Initiation Service (PIS) provisions).

Such Wallets are provided for information and payment initiation purposes only. Funds held in Open Banking Wallets are not stored or safeguarded by us; they remain with the respective third-party institution. We acts solely as an information and technical service provider enabling the Customer to view and initiate transactions from external accounts.

Linked Wallet

“Linked Wallet” means any account or balance held with a third-party institution (such as a financial institution, virtual asset service provider (VASP), or crypto-asset service provider (CASP)) that is connected to the Customer’s profile in the Application through an interface, API, or bilateral agreement. A Linked Wallet allows the Customer to view balances, execute permitted transactions, or transfer value between the Wallets maintained by us and such external providers.

We does not hold or control the funds in a Linked Wallet. All rights and obligations related to the operation of Linked Wallets remain subject to the terms of the relevant third-party provider.

Wallet Ecosystem

“Wallet Ecosystem” collectively refers to all Wallets accessible through the Application, including:

Wallets maintained directly by us (e.g., EUR Wallets);
Wallets connected under Open Banking arrangements; and
Wallets or accounts linked through bilateral integrations with financial institutions, VASPs, or CASPs.

Each Wallet within the Wallet Ecosystem is identified by the currency, asset type, and provider with which it is associated. We provide the technological interface for access and operation but remains responsible only for the Wallets maintained directly under our license, representing Multi-Currency Accounts of customers.

Wallets Holder

“Wallet Holder” means the natural or legal person in whose name a Multi-Currency Account is opened and who has been onboarded and verified by the Payment Institution under applicable anti-money laundering (AML/CFT) and know-your-customer (KYC) regulations.

The Wallet Holder is the lawful owner and controller of:

all Wallets maintained directly by the Payment Institution in one or more currencies under the Multi-Currency Account;
all Open Banking Wallets linked to the Application under the Customer’s explicit consent via regulated Account Information Service or Payment Initiation Service connections; and
all Linked Wallets or Crypto Wallets connected through bilateral or third-party integrations, provided that such Wallets are held in the same Customer’s name and the connection was authorized by the Customer.

The Wallet Holder bears full responsibility for all activity carried out through the Application under their credentials, including transactions made from or between Wallets, unless otherwise provided by law.

Where the Wallet Holder is a legal entity, any authorized user or representative acting on its behalf shall be deemed an authorized user of the Wallets. In all cases, the Wallet Holder remains the ultimate beneficial owner and party to the contractual relationship with the Payment Institution.

Account Information Services Provider (AISP)

“Account Information Services Provider (AISP)” means a regulated entity authorized under applicable payment services legislation (including Directive (EU) 2015/2366, PSD2) to access payment account data held by financial institutions, for the purpose of consolidating and displaying account information to the customer or providing account-based financial services.

We may act both as:

(a) a data holder, making account and transaction information related to your Wallets accessible to duly authorized AISPs under Open Banking frameworks, subject to your explicit consent and strong customer authentication; and

(b) an AISP, enabling you to connect your external accounts held with other financial institutions, virtual asset service providers (VASPs), or crypto-asset service providers (CASPs), so that we may securely retrieve, display, and manage such account information within our Application.

All such access to or sharing of account data is carried out in accordance with your consent, applicable data protection laws, and the security standards set out by PSD2, the European Banking Authority (EBA) Regulatory Technical Standards (RTS) on Strong Customer Authentication and Secure Communication, and relevant Open Banking interfaces.

Actual Balance

“Actual Balance” means the total amount of funds held in the Customer’s Wallets at a given moment, representing the full sum of money recorded under the Customer’s Multi-Currency Account with us. The Actual Balance includes all transactions that have been authorized but not yet cleared or settled (for example, card authorizations or pending payment instructions).

The Actual Balance may therefore differ from the Available Balance, as it may include funds that are temporarily reserved, subject to settlement, or otherwise not immediately accessible for withdrawal or transfer.

When the Wallet represents an external account connected through Open Banking or a Linked Wallet (including Crypto Wallets), the Actual Balance reflects the information received from the corresponding third-party institution or provider at the time of retrieval, and may not represent real-time availability of funds.

Additional Card

means an additional Card issued to already issued and not expired card linked to the Wallet.

Agreement

means agreement concluded between you and us and consisting of pre-contractual information (in case of distance agreement), these General terms and conditions, Fee Information Document and Data protection policy;

Application for services

means your application for Services following the procedure set by us

APP, Application

“APP” or “Application” means the digital interface provided by us, available either as a mobile application installed on compatible devices or as a web application accessible via supported internet browsers. Both application types require an active internet connection.

The Application enables you to access and manage your Wallets, view balances, initiate and authorize transactions, and use our Services remotely. It also allows you to connect, display, and operate external accounts held with other financial institutions, virtual asset service providers (VASPs), or crypto-asset service providers (CASPs) through Open Banking or bilateral integrations.

For the purposes of these Terms, the expressions “using the APP”, “in the APP”, or “via the APP” refer to any remote access, instruction, or operation executed through the Application, including but not limited to Wallet management, card issuance and use, Open Banking functions, and other Services we make available.

ATM

means the automatic teller machine which accepts the Card

Available Balance

“Available Balance” means the portion of funds in your Wallet that is fully available for use at a given moment. It represents the amount of money that has been successfully cleared, settled, and is not subject to any holds, pending transactions, or other restrictions.

The Available Balance reflects funds that may be immediately used for payments, withdrawals, transfers, or other authorized transactions in accordance with these Terms. It may differ from the Actual Balance, as the Actual Balance may include pending card authorizations, unsettled payments, or reserved amounts.

Where the Wallet represents an external account connected through Open Banking or a Linked Wallet (including Crypto Wallets), the Available Balance shown in the Application reflects the latest information received from the respective financial institution, virtual asset service provider (VASP), or crypto-asset service provider (CASP). Such data may not always reflect real-time availability of funds and is provided for informational purposes only.

The Available Balance is expressed in the currency of the Wallet and may vary between Wallets within your Multi-Currency Account.

Bank Identifier Code (BIC)

An 8- or 11-character code used to identify a financial institution in financial transactions.

Beneficiary

“Beneficiary” means the individual, legal person, or other entity designated by you to receive funds or assets as the result of a payment transaction initiated through any of our Services.

A Beneficiary may receive funds through:

a credit transfer to an account or Wallet held with a financial institution;
a payment to a card number (for example, Visa Direct or Mastercard Send);
a transfer to a crypto-asset address or crypto Wallet operated by a virtual asset service provider (VASP) or crypto-asset service provider (CASP); or
any other payment channel, network, or financial infrastructure supported by us.

The Beneficiary’s account, card, or Wallet must be capable of receiving such funds under the applicable network or provider rules. For regulatory and security purposes, the Beneficiary may also be referred to as the payee.

Where a transaction involves a third-party financial institution, VASP, CASP, or Open Banking connection, the Beneficiary relationship is governed by the respective network’s operational and compliance framework.

Beneficiary Bank

“Beneficiary Bank” means the financial institution, payment service provider, or other regulated entity responsible for receiving and processing payment instructions issued by us for the credit of the Beneficiary.

Depending on the type of transaction, the Beneficiary Bank may include:

the credit institution or payment service provider participating in a payment scheme (for example, SEPA, TARGET, or SWIFT) that receives and executes the Credit Transfer Instruction in accordance with the relevant Scheme Rule Book;
the card issuer or acquiring institution receiving the payment through a card network (for example, Visa Direct or Mastercard Send) for the purpose of crediting the Beneficiary’s card account; or
the virtual asset service provider (VASP) or crypto-asset service provider (CASP) receiving and processing the transfer to a crypto-asset address or wallet.

The Beneficiary Bank (or equivalent receiving institution) is responsible for ensuring that the funds or assets are credited to the Beneficiary’s account, card, or wallet in accordance with the transaction details and the applicable operational and regulatory frameworks of the network or scheme through which the payment is processed.

BlackCatCard KIDS

Additional Card dedicated for the separation of the purchases related to the kids of the Wallet. May be issued as the Virtual card.

BlackCatCard FAMILY

Additional Card dedicated for the separation of the family purchases of the Wallet. May be issued as the Virtual card.

Business Day

Any day on which the Financial Institution is operational for conducting business, specifically excluding Saturdays, Sundays, Public Holidays, and Bank Holidays recognized in Malta and/or in the jurisdiction of the Beneficiary, Intermediary, or Settlement Bank.

Card, BlackCatCard, BCC

means a payment card of MasterCard Worldwide international payment card organization issued by us to you, which may be in the form of a Plastic card or Virtual card;

Cardholder

means a person who has been issued with a Card, and includes a Additional card

Cashback

means an incentive affiliate program. This program part of a partner program, provided by BALTIC TECHNOLOGY SOLUTIONS OÜ in accordance with Terms and Conditions of BALTIC TECHNOLOGY SOLUTIONS OÜ.

Channels

“Channels” means the electronic delivery platforms and access methods provided by us for the use of our Services. These include, without limitation, Mobile Banking and Web Banking, which are accessible through our designated Application (APP), as well as any other secure online or API-based connectivity supporting Wallet access, Open Banking integrations, or bilateral links with financial institutions, virtual asset service providers (VASPs), or crypto-asset service providers (CASPs).

Channels enable you to view balances, manage Wallets, initiate and authorize transactions, and perform other permitted operations remotely in accordance with these Terms. All Channels require an active internet connection and the use of secure authentication mechanisms.

Charging Instructions

“Charging Instructions” means the rules and cost-sharing principles applied to payment transactions executed through any supported payment scheme, including SEPA, SWIFT, or equivalent international transfer systems, irrespective of the Wallet type used.

Each participant in the transaction — the Originator, the Originator Bank (or sending payment service provider), the Beneficiary, and the Beneficiary Bank (or receiving payment service provider) — incurs and settles its own charges independently in accordance with the applicable charging option.

Under the standard shared cost principle (SHA), both the Originator and the Beneficiary bear the fees imposed by their respective institutions. Accordingly, the Originator pays the charges applied by us and any intermediary institutions involved on the sending side, while the Beneficiary bears the charges imposed by the Beneficiary Bank or receiving institution.

For non-SEPA transactions (including cross-border SWIFT transfers or other supported networks), additional fees may be applied by intermediary or correspondent banks according to their tariffs. The determination, application, and scale of such fees are at the sole discretion of each participating institution.

Charging Instructions apply regardless of whether the transaction is executed from or to a Wallet maintained by us, an external account connected through Open Banking, or a Linked or Crypto Wallet, provided the transfer uses a payment rail or network that supports charge-sharing mechanisms.

Commencement Date

means the date when we have accepted your Application for services by setting up an Account.

Corporate Card

means a Card issued in the name of the corporate body and will include the name of the duly authorised representative. Any and all transactions carried out by the said representative shall be considered as having been carried out by the corporate body. For the purposes of Corporate Cards, the terms “Wallet Holder” and “Cardholder” shall refer to the corporate body in whose name the Primary Account is held, and also to its duly authorised representative, as applicable

Cut-off time

The term "cut-off time" refers to the deadline by which the Originator is obliged to provide us with all requisite information and proof demanded by us, and to satisfy all conditions prescribed by us, to ensure that the Credit Transfer Instruction is considered to have been received by us on that particular day, known as the "Acceptance Date." Unless specified otherwise, the cut-off time shall be 13 : 00 hours Central European Time (CET), from Monday to Friday.

CRS

or the Common Reporting Standard is an information standard for the Automatic Exchange of Information (AEOI) regarding bank/financial institutions accounts on a global level, between tax authorities, which the Organisation for Economic Co-operation and Development (OECD) developed in 2014. Its purpose is to combat tax evasion.

CVV

or the Card Verification Value code is a security feature of the card consisting of 3 digits and is located on the back of the card.

Designated Pooled Account

is an account maintained by the Financial institution in the name of a Fiduciary, specifically for the objective of safeguarding funds owned by an identified client of the Fiduciary. The data of this account includes a reference that signifies the identity of the client of Fiduciary.

Digital Card

refers to a digitalised version of the physical Card that has been added to a Digital Wallet.

Digital Wallet

refers to an electronic payment service offered by a Digital Wallet Provider, that allows you to store and manage a digital version of your Card and enables Digital Card payments without the need for physical payment cards.

Digital Wallet applications (such as Apple Pay or Google Pay) are offered by Digital Wallet Providers and are accessible on Supported Devices

Digital Wallet Provider

refers to providers (such as Apple and Google) who offer electronic or digital platforms that allow users to store and manage various forms of payment information, including digitalised credit cards, debit cards, and other financial instruments, in a secure and convenient manner. Digital Wallets enable users to make online and in-store transactions without the need for physical cash or traditional payment cards.

Execution Date

The "Execution Date" pertains to the date on which the debit transaction, as requested by the client, is to be initiated. Should the requested date fall on a non-Banking Business Day, the execution of the payment order will be deferred and conducted on the subsequent Banking Business Day at the latest.

Execution Time

“Execution Time” means the period, expressed in calendar or business days as applicable, commencing from the Acceptance Date of a payment instruction and ending on the date when the Beneficiary’s account, card, or Wallet is duly credited, in accordance with the operational rules of the respective payment system, network, or blockchain through which the transaction is processed.

Execution Time depends on the type of payment and the underlying infrastructure used, and may vary as follows:

For SEPA and other regulated credit transfers, the Execution Time shall comply with the statutory settlement periods established under applicable EU payment services regulations.
For SWIFT or other international transfers, the Execution Time is determined by the processing standards and cut-off times of the participating intermediary and beneficiary institutions.
For card-based payments (e.g., Visa Direct, Mastercard Send), the Execution Time is typically near-instant or within the timeframe defined by the relevant card network.
For crypto-asset transfers, the Execution Time depends on the transaction confirmation speed and network conditions of the applicable blockchain.

For Linked Wallets and Open Banking Wallets, the Execution Time is defined and governed by the institution that holds the respective account or wallet, and we have no control over the timing or processing cycles applied by such external institutions.

We are not responsible for delays caused by intermediary or beneficiary institutions, card networks, blockchain congestion, or external system limitations. Execution Time applies irrespective of the Wallet type from which the transaction originates, including Wallets maintained by us or connected via Open Banking, VASPs, or CASPs.

Expiry Date

Means the last day of validity of the card (inclusive).

Fiduciary (Practitioner, Trust)

a) A natural or legal entity that is obliged to adhere to fiduciary duties as prescribed by law may include, but is not limited to, the following professions and entities, where licenses may be issued by the Maltese authorities or the authorities of another EEA country:

a. Auditors, external accountants, and tax advisors who are required to maintain professional standards and confidentiality.

b. Real estate agents engaged in transactions involving the buying and selling of real property.

c. Notaries and other independent legal professionals who perform legal duties with due diligence.

d. Company service providers that offer corporate management and administrative services.

e. Trustees and nominee companies that are granted a warrant under the Malta Financial Services Authority (MFSA) or other EEA countries authority per the country of the registration or licensing.

f. Entities holding Gaming Licences that operate under the strict regulatory frameworks.

g. Financial institutions that are licensed and regulated to provide financial services.

h. Insurance service providers that are licensed under the Insurance Business Act or other similar act of the country of the licensing to offer various insurance products.

i. Investment service providers that are licensed under the Investment Services Act or other similar act of the country of the licensing to engage in investment-related activities.

j. Virtual Assets Service providers that are licensed by the country of their registration or service providing and regulated to provide various Virtual Assets Services services.

FATCA

or Foreign Account Tax Compliance Act is a tax law that compels U.S. citizens at home and abroad to file annual reports on any foreign account holdings. FATCA was endorsed in 2010 as part of the HIRE Act to promote transparency in the global financial services sector.

Financial Institution (Papaya ltd, we, us, Papaya)

Papaya Ltd (C55146), 31 Sliema Road, Gzira, GZR 1637 – Malta

Fee Information Document

This document is a standardized disclosure statement provided to clients that outlines all fees, charges, and associated costs levied by a financial institution for the services and products it offers. This document is designed to promote transparency and enable clients to understand fully and compare the costs associated with maintaining and operating their account(s), as well as engaging in various banking transactions and services.

Instruction, Credit Transfer Instruction

“Instruction” or “Credit Transfer Instruction” means any order, command, or authorization transmitted by you as the Originator through our Services, directing us to execute a payment or transfer of funds or assets to a designated Beneficiary.

A Credit Transfer Instruction may include, but is not limited to:

a payment order within the SEPA or equivalent scheme for crediting a Beneficiary’s account or Wallet;
a cross-border or international transfer executed via SWIFT or other supported correspondent networks;
a card-based transfer (such as Visa Direct or Mastercard Send) for crediting a Beneficiary’s card number;
a transfer to a crypto-asset address or Wallet, executed via a VASP or CASP integration; or
a payment initiation made through an Open Banking interface from a Linked Wallet or external account.

Each Instruction must contain all mandatory information required by the applicable payment network, scheme, or blockchain to ensure proper routing and settlement. We process Instructions based on the details you provide; errors or omissions in the Beneficiary’s details, Wallet identifiers, or other transaction data may result in delay or failed execution for which we are not responsible.

Execution of an Instruction begins upon its acceptance by us and continues in accordance with the applicable Execution Time and Charging Instructions, subject to the operational rules of the underlying payment system, network, or institution that holds the relevant Wallet.

InterBank Settlement

“Interbank Settlement” means the process of reconciling and discharging payment obligations between us and the Beneficiary Bank (or other participating financial institution) through the use of established Clearing and Settlement Mechanisms or Supported Correspondent Networks.

Interbank Settlement involves the exchange, matching, and confirmation of payment instructions and the subsequent transfer of funds or equivalent value between financial institutions to complete the transaction.

Depending on the payment type, Interbank Settlement may occur:

through automated clearing systems such as SEPA, TARGET, or other regulated payment schemes for euro and domestic transactions;
via correspondent banking arrangements (for example, through the SWIFT or other Supported Correspondent Networks) for cross-border or multi-currency payments;
through card network settlements (e.g., Visa or Mastercard) for payments directed to card numbers; or
through blockchain-based settlement layers facilitated by virtual asset service providers (VASPs) or crypto-asset service providers (CASPs) for digital asset transactions.

All Interbank Settlements are carried out in accordance with the operational rules, timelines, and regulatory requirements applicable to the respective Clearing and Settlement Mechanisms or Correspondent Networks.

International Bank Account Number (IBAN)

A number used internationally to uniquely identify the Account of a customer at a financial institution.

Internet Transaction

“Internet Transaction” means any commercial or financial transaction initiated and completed by you through an online platform, website, application, or other internet-based service, involving the exchange of goods, services, or funds, where the entire process — from selection to payment authorization — is carried out electronically without the need for physical interaction at a retail or service location.

An Internet Transaction may be executed through:

card-based payments performed on e-commerce or merchant websites using a card issued by us or linked to your Wallet;
account-based payments initiated via Open Banking mechanisms (such as payment initiation services) from your Wallet or a Linked Wallet held with another financial institution; or
digital asset transfers performed through integrated virtual asset service providers (VASPs) or crypto-asset service providers (CASPs).

All Internet Transactions are processed using secure authentication protocols and in compliance with the technical and regulatory standards applicable to each payment method (for example, PSD2 Strong Customer Authentication for card and Open Banking payments, or blockchain confirmation for crypto transfers)

Where the Internet Transaction is executed from a Linked Wallet or Open Banking Wallet, the timing, settlement, and regulatory framework governing the transaction are determined by the institution that holds the related account or wallet, and we act solely as a technical or facilitating service provider.

Intrabank Payment

“Intrabank Payment” means a financial transaction executed entirely within our Wallet Ecosystem, where both the Originator’s Wallet and the Beneficiary’s Wallet are held and managed by us.

An Intrabank Payment facilitates the transfer of funds between two Wallets maintained within our infrastructure, whether the Wallets belong to the same Wallet Holder or to two different Wallet Holders. Such transactions are processed directly within our systems without the involvement of external payment networks or correspondent institutions.

If the Originator’s Wallet and the Beneficiary’s Wallet are denominated in different currencies, a currency exchange operation will be automatically initiated as part of the transaction. The applicable exchange rate, fees, and conversion terms are defined in our Tariffs and Fees Schedule and depend on the rates and liquidity sources available at the time of execution.

Intrabank Payments are executed in real time or within the operational timelines applicable to internal transfers and are subject to the same verification, compliance, and security procedures as other payment types within the Wallet Ecosystem.

Merchant

“Merchant” means any natural or legal person, business entity, or organization designated as the Beneficiary of a payment transaction for the sale of goods or the provision of services.

A Merchant may receive funds originating from a Wallet or payment instrument issued by us, or from other financial institutions, through various supported channels, including:

physical payment networks, such as card-present transactions performed via POS terminals;
Internet Transactions, where payments are made online through e-commerce platforms or applications;
recurring or subscription-based transactions, where periodic charges are authorized by the Wallet Holder or cardholder; and
card-not-present operations, where payment credentials are provided remotely without physical presentation of the card.

Merchants are independent third parties who may receive payments through payment networks, Open Banking mechanisms (including BCC pay), or digital asset transfer services supported within our Wallet Ecosystem.

For the purposes of these Terms, a Merchant is treated as a Beneficiary, and the timing, settlement, and processing of payments to the Merchant depend on the rules and infrastructure of the respective payment network or financial institution facilitating the transaction.

Minor

A child under sixteen (16) years of age

Non STP

Should a payment necessitate manual processing by the Bank due to the provision of incorrect or invalid details, such as BIC/IBAN, it shall be classified as a Non-Straight Through Processing (Non-STP) payment. The official working hours during which such matters will be attended to are established as from 09 : 00 hours to 15 : 00 hours on a Business Day.

Notice

means any information, data, documents, orders, applications, instructions, notices, complaints and requests arising out of the business relations between us and you. Notices in English languages only shall be legally valid.

Originator

“Originator” means the Wallet Holder or customer who initiates a payment transaction by providing us with an Instruction to transfer funds or assets to a designated Beneficiary.

The Originator may initiate a payment:

from a Wallet maintained by us within the Wallet Ecosystem;
from a Linked Wallet or Open Banking Wallet connected to an external financial institution through regulated Open Banking or bilateral integrations;
via card-based payments using a card issued by us or linked to the Wallet; or
through a digital asset transaction executed via an integrated virtual asset service provider (VASP) or crypto-asset service provider (CASP).

The Originator is responsible for the accuracy and completeness of all payment details contained in the Instruction, including the Beneficiary’s identifiers, payment amount, and currency. Execution of the Instruction begins once we accept it in accordance with the applicable Execution Time, Charging Instructions, and operational rules of the relevant payment network, clearing system, or blockchain.

Originator Bank

“Originator Bank” means the Payment Institution (us) or any other financial institution that participates in a payment scheme, network, or settlement system and receives a Credit Transfer Instruction from the Originator for execution. For outgoing payments initiated from a Wallet maintained by us, we act as the Originator Bank and are responsible for executing the Instruction in accordance with the applicable payment network, scheme, or blockchain rules. This includes transmitting, settling, and reconciling the funds or assets to the Beneficiary Bank through the designated Clearing and Settlement Mechanism or Supported Correspondent Network.

For incoming payments, the Originator Bank is the external financial institution, payment service provider, card issuer, or virtual asset service provider (VASP/CASP) that initiated the payment on behalf of its customer (the Originator) and transmitted it to us for crediting the Beneficiary’s Wallet within our system.

Depending on the payment type, the Originator Bank may operate through:

regulated payment schemes, such as SEPA, TARGET, or SWIFT networks;
card networks, such as Visa or Mastercard, for card-based transfers; or
digital asset settlement systems, through licensed VASPs or CASPs, for crypto-asset transfers.

All responsibilities and liabilities of the Originator Bank are determined by the operational and regulatory rules of the payment scheme or network through which the transaction is executed.

Where the payment is initiated from a Linked Wallet or Open Banking Wallet held with another institution, that respective institution shall be deemed the Originator Bank and is solely responsible for acting upon the Instruction and determining the applicable Execution Time, fees, and settlement process.

Originator Reference

A reference number used to identify a customer.

Payee

The person or entity receiving a payment (Beneficiary) sent by a Payer.

Payer

An individual or entity sending a payment to a Payee.

Payment Initiation Service Provider (PISP)

“Payment Initiation Service Provider (PISP)” means a regulated entity authorized under applicable payment services legislation (including Directive (EU) 2015/2366, PSD2) to initiate a payment order from a customer’s account held with a financial institution, without the use of a payment card, and with the customer’s explicit consent and strong authentication.

We may act as a PISP when you use our Services to initiate a payment directly from your Wallet, or from a Linked Wallet or Open Banking Wallet connected to an external financial institution, for execution through the corresponding payment scheme or network.

When we act as the PISP, we securely transmit your payment order to the account-holding institution for authorization and execution in accordance with Open Banking standards, while you remain the Originator of the payment.

For payments initiated from accounts or wallets held with other institutions, those respective institutions or their authorized service providers act as the PISP and determine the applicable Execution Time, fees, and processing conditions.

A PISP may operate through regulated payment schemes (e.g., SEPA or domestic credit transfers) or, where applicable, through integrations enabling the initiation of payments across Supported Correspondent Networks or digital payment infrastructures.

Payment Instructions

“Payment Instruction” means any order, request, or authorisation initiated by the Wallet Holder, directly or via a Trusted and Secure Communication Channel, to execute, schedule, or cancel a payment, transfer, top-up, withdrawal, or other transaction involving funds held within the Wallet, Linked Wallet, or Open Banking Wallet. A Payment Instruction may include, without limitation, SEPA or non-SEPA Credit Transfers, Card Payments, Top-Ups (including by card or by codes), Payments to Card Number, Payments to Mobile Phone Number, or IntraBank Transfers. A Payment Instruction is deemed legally binding once authenticated through Strong Customer Authentication (SCA) mechanisms and received by Papaya Ltd in accordance with Article 64 of PSD2, at which point we becomes responsible for its execution to the extent defined in these Terms and Conditions.

Payment Service

A service to deposit or withdraw funds in physical or digital format.

Payment Service Provider

A third-party company that assists Payees and Payers in making online payments.

Personal data

means any information about personal or factual circumstances of a specific or identifiable natural person, such as e.g. name and surname, date of birth, place of birth, identification document (including type of identification document, issue date, ID number, issuing authority), address, telephone number, mobile number, e-mail address, IP address, online identifier, location data, images and information on transactions and accounts.

PIN

"Personal Identification Number (PIN)" encompasses two distinct classifications with separate values: the "Card PIN," which is a unique numeric code allocated for the authentication of a cardholder during card-related transactions, and the "App PIN," which is an independent numeric code used specifically for securing and validating access to a mobile or web-based application, as well as confirming actions within that application. Each PIN is individually established and must be used in its respective context to maintain transactional security.

Plastic card, Plastic BCC

means a physical (plastic) card, which is a copy of Virtual BCC;

Priority Outward Credit Transfer

An Instruction from a Payer which is being sent with urgency.

Processing Date

“Processing Date” means the business date on which an Instruction accepted by us is registered and processed within our systems for execution through the applicable payment scheme, network, or blockchain.

The Processing Date marks the moment when the transaction is formally entered into the payment workflow and determines the start of the applicable Execution Time. Depending on the type of transaction, the Processing Date may represent:

the date when the Originator’s Wallet is debited (for outgoing transactions);
the date when the payment message is accepted and validated for onward transmission to the Beneficiary Bank or corresponding institution; or
for incoming payments, the date when funds or assets are received by us from the Originator Bank and registered for crediting the Beneficiary’s Wallet.
For Linked Wallets or Open Banking Wallets, the Processing Date is determined by the financial institution that holds the respective account, and we reflect this information in the Application once received.
For card-based and crypto-asset payments, the Processing Date corresponds to the date of authorization or blockchain confirmation, as recognized by the relevant network or provider.

Where the Instruction is submitted outside our operational cut-off times or on non-business days, the Processing Date shall be deemed the next applicable business day in accordance with the processing rules of the payment scheme or network involved.

Real Time

“Real-Time” means the immediate or near-immediate processing and execution of a payment transaction or operation within our systems or through a connected payment network, resulting in the posting of funds to the Beneficiary’s Wallet, account, or card without undue delay.

A transaction is considered to be processed in Real-Time when both the authorization and settlement occur continuously and automatically, without requiring manual intervention or batch-based end-of-day processing.

Real-Time processing may apply to:

Intrabank Payments executed within our Wallet Ecosystem, where transfers between Wallets (including those belonging to different Wallet Holders) are settled instantly once authorized;
SEPA Instant or other regulated instant-payment schemes supported through our Supported Correspondent Networks;
card-based transactions processed via real-time settlement networks (e.g., Visa Direct, Mastercard Send); and
crypto-asset transfers, where the transaction becomes final upon blockchain confirmation.

For Linked Wallets and Open Banking Wallets, Real-Time processing depends on the technical and operational capabilities of the external financial institution or provider that holds the respective account. We display or update the transaction status in the Application as soon as confirmation is received from that institution or network.

Refund

“Refund” means the transactional reversal process initiated upon the request of the Originator or triggered automatically by a payment network, whereby a previously executed transaction is reversed partially or in full, and the corresponding funds are returned to the Originator’s Wallet or payment account.

A Refund may occur in connection with various types of payment transactions, including but not limited to:

SEPA Credit Transfers, executed in accordance with the SEPA Rulebook and the regulatory framework governing refund rights and time limits;
card-based transactions (e.g., Visa or Mastercard payments), where the reversal follows the applicable card scheme’s chargeback or refund procedures;
Open Banking or Linked Wallet transactions, where the financial institution holding the respective account applies its own refund or dispute resolution rules; and
digital asset transfers, where a refund is possible only if supported by the involved virtual asset service provider (VASP), crypto-asset service provider (CASP), or blockchain protocol.

The eligibility for and execution of a Refund are subject to the rules of the payment scheme, network, or settlement layer through which the original transaction was processed. We facilitate the refund process where applicable but are not obliged to guarantee its completion if dependent on third-party systems or networks.

Refund requests must be submitted within the timeframes and under the conditions established by the relevant scheme or by us in our Tariffs and Fees Schedule or operational procedures. Where required, the consent of the Beneficiary Bank, intermediary institution, or network operator may be necessary before a Refund can be finalized.

Reject/Rejected/Rejection

“Reject”, “Rejected”, or “Rejection” means the non-acceptance or refusal of an Instruction, payment order, or application prior to its execution or settlement through any supported payment scheme, network, or system.

In the context of payment transactions, Rejection refers to the refusal to accept a payment order for standard processing before Interbank Settlement occurs between the Originator Bank and the Beneficiary Bank, or before funds or assets are transferred between Wallets within our Wallet Ecosystem.

A payment or Instruction may be Rejected due to, but not limited to:

missing, incorrect, or invalid payment details (e.g., invalid Wallet ID, IBAN, card number, or blockchain address);
insufficient available balance or authorization failure;
failure of technical validation, security, or compliance checks (e.g., AML/CFT, sanctions screening, or fraud controls);
rejection by an external network, payment scheme, or financial institution involved in the transaction (e.g., SEPA, card network, VASP, or Open Banking provider).

Additionally, the term extends to include the refusal of an application for services or products provided by us when such application does not meet the acceptance criteria defined in our internal policies, risk assessment standards, or applicable regulatory requirements.

Where applicable, we will inform the customer of the Rejection, its cause, and any corrective actions or options for resubmission, unless prohibited by law or regulatory restrictions.

Return

“Return” means the process by which a payment transaction that has already been accepted for processing but not yet completed or settled is reversed and sent back by the receiving institution, network, or intermediary to the Originator Bank or the us.

A Return typically occurs after acceptance but before final settlement within the applicable payment scheme, clearing system, or blockchain, and is initiated by the Beneficiary Bank, intermediary institution, or payment network due to one or more of the following reasons:

incorrect or invalid payment information (e.g., invalid IBAN, Wallet ID, card number, or blockchain address);
closure or inaccessibility of the Beneficiary’s account or Wallet;
refusal by the Beneficiary to accept the payment;
non-compliance with the scheme rules, regulatory restrictions, or sanctions controls; or
technical or operational errors identified during processing.

In the context of the Wallet Ecosystem, a Return refers to the reversal of a transaction between Wallets that could not be completed or credited to the Beneficiary’s Wallet and is therefore restored to the Originator’s Wallet.

Depending on the payment type:

For SEPA or SWIFT transactions, Returns are processed in accordance with the respective rulebooks and settlement timelines.
For card-based transactions, Returns follow the operational procedures of the applicable card network.
For Open Banking or Linked Wallet payments, Returns are handled by the financial institution holding the account.
For crypto-asset transactions, a Return is possible only where supported by the underlying blockchain or facilitated by a cooperating VASP or CASP.

All Returns are subject to the operational and regulatory requirements of the relevant network or institution. We will notify the customer of the Return and, where possible, the reason provided by the returning party.

SEPA Credit Transfer Instruction

“SEPA Credit Transfer Instruction” means a payment order initiated by the Originator and transmitted to us, as the Payment Institution, to execute a euro-denominated credit transfer within the Single Euro Payments Area (SEPA) in accordance with the SEPA Rulebook and other applicable regulatory requirements.

A SEPA Credit Transfer Instruction may be submitted through our Application (APP), web interface, or any other trusted and secure communication channel authorized by us for initiating payment operations.

Upon acceptance, we process the Instruction by debiting the Originator’s Wallet and transmitting the corresponding payment message through the designated Clearing and Settlement Mechanism or Supported Correspondent Network for crediting the Beneficiary’s account or Wallet at the Beneficiary Bank.

A SEPA Credit Transfer Instruction must contain all mandatory information as required by the SEPA Scheme, including valid identifiers of the Originator and Beneficiary, the amount, currency (EUR), and any other reference data necessary for execution.

We may reject or delay the processing of a SEPA Credit Transfer Instruction if:

it does not meet technical or regulatory requirements;
the Originator’s Wallet lacks sufficient available balance;
mandatory information is missing or invalid; or
processing is prohibited under applicable AML/CFT, sanctions, or compliance rules.

All SEPA Credit Transfer Instructions are subject to the applicable Execution Time, Charging Instructions, and operational conditions defined in these Terms and in the SEPA Rulebook.

SEPA Credit Transfer Scheme Rulebook / Rulebook

The Rulebook issued by the European Payments Council (EPC) in relation to The Scheme. The Rulebook is amended from time to time and is available on the European Payments Council website www.europeanpaymentscouncil.eu.

Strong Customer Authentication, SCA

a European regulatory requirement part of the revised Payment Services Directive (PSD2) with the aim to reduce fraud and make online payments more secure through multi-factor authentication.

Supported Correspondent Network

“Supported Correspondent Network” means any payment, settlement, or message-exchange infrastructure through which we process or route international or cross-currency transactions on your behalf. Such networks include, but are not limited to, systems operated by correspondent and intermediary financial institutions (for example, SWIFT, TARGET, or other regional or bilateral clearing networks) that facilitate the execution of payments between institutions in different jurisdictions or currencies.

The list of Supported Correspondent Networks, together with the currencies available, applicable limitations, and processing conditions for each network, is specified in our Tariffs and Fees Schedule and may be amended from time to time.

Transactions initiated through a Supported Correspondent Network are executed in accordance with the operational rules, settlement cycles, and compliance requirements of the respective network and its participating institutions. We may route a transaction through one or more intermediary institutions as necessary to complete the transfer in the selected currency.

Where a payment is initiated in a currency or to a destination not supported by any of our listed Correspondent Networks, the Instruction may be rejected or require alternative arrangements prior to execution.

SWIFT

Society for Worldwide InterBank Financial Telecommunications which is a worldwide payment messaging service.

Tariff of Charges

“Tariff of Charges” refers to the official document issued by us, forming an integral part of these Terms and Conditions, which specifies all applicable fees, commissions, exchange margins, and other financial obligations associated with the use of our products and services.

The Tariff of Charges defines, among other things:

fees applicable to operations performed within your Wallets in the defined currencies;
charges for card-based transactions, SEPA Credit Transfers, cross-border payments, and currency exchange operations;
costs associated with digital asset transactions, if applicable; and
any other service-related charges or limits established by us.

Transactions initiated through Linked Wallets or Open Banking Wallets are subject to the pricing policies, tariffs, or fee schedules of the respective financial institutions or providers that hold those accounts or wallets. We are not responsible for fees, exchange rates, or charges applied by such external institutions or their intermediaries.

The Tariff of Charges is published in the form of a Fee Information Document and made available to all customers through our Application (APP), website, or any other Trusted and Secure Communication Channel. We may amend the Tariff of Charges from time to time in accordance with the procedures and notice periods established in these Terms.

The Scheme

The Scheme is applicable to credit transfers (“SEPA Credit Transfers”) made in Euro (EUR) between International Bank Account Numbers (IBANs) located within SEPA

Third Party Provider (TPP)

Service providers licensed to manage your Accounts and information upon your consent.

Top-up Facility

“Top-up Facility” means the service provided by us that enables the increase of the Available Balance in a Wallet through methods other than a standard Payment Instruction.

The Top-up Facility allows you to add funds to your Wallet using one or more of the following supported methods:

card-based top-ups using debit or credit cards (VISA, Mastercard, or other supported schemes), where funds are credited immediately upon authorization by the card issuer;
electronic transfers from other accounts or Wallets, including through Open Banking integrations or Linked Wallets;
redeemable instruments such as vouchers, gift cards, or promotional credits, where applicable; and
other funding mechanisms expressly enabled and approved by us from time to time.

Top-ups made by card are processed in real time, subject to authorization by the issuing institution. If the issuer requires 3D Secure or other authentication, the top-up can be completed only after successful confirmation.

We may impose operational limits, compliance checks, or hold periods depending on the payment method, currency, and jurisdiction involved. No maximum top-up limit is set by us; however, limits may be applied by the card issuer, originating financial institution, or payment network.

For transactions initiated through third parties (such as Open Banking providers or Linked Wallet institutions), their applicable fees, exchange rates, or restrictions may apply.

All Top-ups are subject to the applicable provisions of these Terms, the Tariff of Charges, and any specific scheme or regulatory requirements governing the chosen funding channel.

Trusted and Secure Communication Channel

“Trusted and Secure Communication Channel” means any communication method, platform, or process recognized and approved by us as sufficiently secure and reliable for the transmission or authentication of information, documents, or payment Instructions between you and us.

Trusted and Secure Communication Channels include, but are not limited to:

the Application (APP), including in-app chat functionality, where the Initiator is duly authenticated;
standard payment or service request forms submitted via the Application or web interface after successful authentication;
electronically signed documents, verified through qualified or advanced electronic signature mechanisms compliant with applicable eIDAS or equivalent regulations;
original hardcopy documents bearing handwritten signatures submitted directly to us;
in-person communication during a verified personal meeting with our authorized employee; and
documents notarized or certified by licensed lawyers, notaries, or other authorized legal professionals, confirming the authenticity of the submission and the identity of the signatory.

We reserve the right to determine, from time to time, which communication methods meet the security and authenticity standards required to qualify as Trusted and Secure Communication Channels, taking into account applicable laws, technological standards, and internal risk management procedures.

Any Instruction or document submitted through such a channel shall be deemed validly authorized and binding upon acceptance by us, unless proven otherwise.

UnDesignated Pooled Account (General Clients Account)

“Undesignated Pooled Account” or “General Clients Account” means an account or wallet held by a Fiduciary, Financial Institution, or Payment Service Provider with a licensed bank or other authorized entity, established for the purpose of holding money or assets belonging to multiple clients or wallet holders of that fiduciary or institution.

Such an account does not include in its title or structure any reference to the identity of specific clients or Wallet Holders whose funds are pooled within it. Instead, the account represents an aggregated balance that corresponds to client holdings maintained in segregated internal records of the Fiduciary, Financial Institution, or Payment Service Provider.

Funds or assets maintained in an Undesignated Pooled Account remain legally attributable to the underlying clients and are managed in accordance with the safeguarding, segregation, and reconciliation requirements imposed by applicable laws and regulatory standards.

In our operations, Undesignated Pooled Accounts may be used for settlement, reconciliation, or safeguarding purposes with partner financial institutions or payment processors, where the pooled balance reflects the cumulative value of multiple Wallets or client accounts held within our Wallet Ecosystem.

All operations on such accounts are subject to internal and external controls, reconciliation procedures, and any obligations arising under payment services, e-money, or financial institutions regulatory frameworks.

User

“User” means a private individual who accesses and uses our Application (APP), web interface, or other Trusted and Secure Communication Channels to interact with our services, including the management of Wallets, initiation of payment transactions, or access to account-related information.

A User may act:

for personal use, as the Wallet Holder, where the individual owns and operates one or more Wallets within our Wallet Ecosystem; or
as an authorized representative of a legal entity, where the individual has been duly empowered to act on behalf of that entity under valid authorization or mandate, verified in accordance with our identification and verification procedures.

Use of the Application is limited to private individuals; legal entities cannot directly access or operate the Application but may do so exclusively through their authorized representatives (Users).

Each User is responsible for maintaining the confidentiality and security of their access credentials, for the accuracy of information provided, and for ensuring that all actions carried out via the Application are lawful and authorized. Any operation initiated through the Application or another Trusted and Secure Communication Channel by an authenticated User shall be deemed validly authorized.

The rights, obligations, and liabilities of the User apply both to the individual acting in their own name and, where applicable, to the legal entity they represent.

User ID

The identification number or code which we will give you to use our Channels.

Verification of Payee (VoP)

“Verification of Payee (VoP)” refers to a service that enables the Payer (or the Payer’s Payment Service Provider) to verify whether the name of the Payee provided in a Payment Instruction corresponds to the name registered with the Beneficiary’s (Payee’s) Payment Service Provider before the execution of a SEPA payment or other credit transfer.

The VoP service operates as a preventive security and accuracy mechanism, designed to reduce misdirected payments, fraudulent redirections, and typographical errors in beneficiary details. Upon initiation of a payment, the service performs a comparison between the Payee’s name and account identifier (e.g., IBAN) and returns a match result such as:

Exact Match, confirming the Payee’s identity;
Partial Match, indicating minor discrepancies requiring User confirmation; or
No Match, suggesting the details may not correspond.

When we act as the Payer’s Payment Service Provider, we shall perform or facilitate Verification of Payee checks before the payment execution, where such functionality is supported by the receiving institution or national SEPA infrastructure.

When we act as the Payee’s Payment Service Provider, we shall respond to Verification of Payee requests initiated by other institutions in accordance with applicable European Payment Council (EPC) rules and data protection requirements.

Where the receiving institution does not support VoP, the transaction may still proceed; however, in such cases, we shall inform the User that verification could not be completed and that liability for any resulting misdirected payment shall rest with the Payer, subject to the applicable legal and regulatory provisions.

Virtual card, Virtual BCC

means a non-physical card linked to the Wallet, the use of which is limited to online purchases.

We, us, our

Papaya Ltd (C55146), 31 Sliema Road, Gzira, GZR 1637 – Malta

You, your, client

Any person, whether legal or natural, using the our channels, products or services.

2 GENERAL INFORMATION ON THE AGREEMENT

2.1 Scope and Acceptance

This document, comprising the Important Information and these Terms and Conditions (collectively the “Agreement”), governs the access to and use of all Channels and Services made available by Papaya Ltd (C55146).

By accessing any Channel or executing any operation through the Application (APP) or other Trusted and Secure Communication Channels, you confirm that you have read, understood, and agreed to be bound by this Agreement.

The Agreement is concluded for an indefinite term and shall remain in force until terminated in accordance with its provisions.

2.2 Parties and Eligibility

“We / us / our” means Papaya Ltd, incorporated in Malta, authorised to provide payment and e-money services under Maltese and EU legislation.

“You / your / User” refers to the natural or legal person that has entered into this Agreement with us, acting either directly as a Wallet Holder or through an authorised representative.

Use of the Channels requires that:

You hold a Multi-Currency Account maintained by us (currently represented through EUR Wallets only);
You have submitted an Application for Services which has been duly accepted by us; and
Your identity and, where relevant, that of your ultimate beneficial owners or authorised users have been verified in accordance with applicable AML/CFT requirements.

2.3 Channels and Services Provided

Our Channels comprise the following:

the Application (APP), available in both mobile and web versions; and
any other authenticated Trusted and Secure Communication Channels approved and maintained by us for communication, instruction, or service delivery.

Through these Channels, you may access and operate a range of Services provided within our Wallet Ecosystem, including but not limited to the following:

Wallet Opening and Management – the ability to open and operate one or more Wallets representing your Multi-Currency Account (currently denominated in euro), view balances, monitor transactions, and manage associated features.
Cards (Mastercard) – issuance and use of Virtual, Plastic, Corporate, and Additional Cards under the Mastercard network, linked to your Wallet(s).
Mastercard Cards are available only to customers residing in or originating from territories expressly listed in our Tariff of Charges.
Card usage is subject to Mastercard Rules and the applicable cardholder terms.
Top-up by Card – the facility to increase the Available Balance of your Wallet in real time by using a payment card (Mastercard or VISA) issued in your own name.
Where a VISA card is used for Top-up, the transaction is executed via the VISA network; otherwise, Mastercard rules apply.
Transfer to Card – the ability to transfer funds to a Beneficiary identified by their card number.
If the Beneficiary’s card is part of the VISA network, the transaction is executed through VISA; in all other cases, through Mastercard.
Such transfers are processed in Real-Time, subject to network and scheme availability.
Payments by Card to Merchants – the execution of payment transactions using your Mastercard Card for the purchase of goods or services from participating Merchants or online providers.
These transactions are governed by Mastercard network rules and applicable card payment regulations.
Authorisation of a payment results in immediate reservation and/or deduction of funds from your Wallet.
Intrabank Payments – transfers of funds between Wallets held within the Papaya Ltd system (i.e., from one Wallet Holder to another Wallet Holder), executed in real time and without interbank settlement.
Top-up Using Codes refers to a transaction method by which the Wallet Holder credits funds to their Wallet by entering a unique alphanumeric code (“Top-up Code”) issued and distributed through authorised retail or partner networks of us.
Each Top-up Code represents a predefined transaction type and amount determined at the time of issuance and linked to a specific payment instruction configuration within our systems
CashBack Service means an ancillary loyalty and reward service integrated within packaged Wallet products provided by us, operated and managed by Baltic Technology Solutions OÜ (“CashBack Operator”).
The CashBack Service enables eligible private individual Wallet Holders to receive monetary rewards or rebates based on qualifying payment transactions executed through their Wallet or associated payment instruments.
Payment to Mobile Phone Number means a payment service functionality offered by us that enables a Wallet Holder to initiate a transfer of funds by designating a Beneficiary through a verified mobile phone number, instead of by directly entering an IBAN or account identifier.
Where the specified mobile phone number corresponds to an existing Wallet Holder with an active Wallet, the payment is executed as an IntraBank Payment and processed in Real-Time within our systems.
If the mobile phone number does not correspond to an existing Wallet Holder, we will, invite the intended recipient via SMS to submit their IBAN and full legal name for the purpose of completing the transfer. Upon such confirmation, the payment is executed as a SEPA Credit Transfer in accordance with the SEPA Credit Transfer Scheme Rulebook, Articles 86–88 of Directive (EU) 2015/2366 (PSD2), and the applicable provisions of these Terms and Conditions.
For payments initiated from a Linked Wallet, execution is permitted only where the Beneficiary holds a Linked Wallet with the same issuer and in the same currency or asset as that of the Originator’s Linked Wallet.
Currency Exchange Operation”means an automated or user-initiated process by which funds are converted from one currency or asset denomination to another within the our Wallet Ecosystem, including conversions between Wallets, Linked Wallets, and Open Banking Wallets, or in the course of a payment or transfer transaction.
A Currency Exchange Operation is executed at the exchange rate published by us on its official website or Application (“APP”) at the time of authorisation, or, where applicable, at the rate provided by a third-party Linked Wallet or Open Banking Wallet issuer.
SEPA Credit Transfers (SCT) and SEPA Instant Credit Transfers (SCT Inst) – euro-denominated transfers to and from other payment institutions within the SEPA area.
SEPA Instant payments are processed in real time, subject to scheme availability and transaction limits.
Verification of Payee (VoP) – a pre-payment mechanism enabling validation of the Beneficiary’s identity against the account or card details provided, designed to reduce payment errors and fraud.
Linked Wallets – Wallet functionality provided via our technical partner Manerio UAB, accessible through integration within our Wallet Ecosystem.

At present, Open Banking Wallets are not available.

Each of the Services described above may be subject to specific scheme rules (including, where relevant, Mastercard, VISA, or SEPA Rulebooks), operational terms, and our internal risk and compliance procedures. Use of any such Service constitutes your acceptance of the applicable rules and operational framework.

2.4 Authorisation, Security and Monitoring

Access to our Channels is restricted to duly onboarded and authenticated customers.

All operations validated through Strong Customer Authentication (SCA), PIN, or App PIN are deemed to have been authorised by the Wallet Holder and are legally binding. We may record, monitor, and audit all electronic interactions for security, legal-compliance, and service-quality purposes.

Any unauthorised use or attempt to gain unauthorised access to our Channels constitutes a breach of this Agreement and may give rise to civil and/or criminal liability.

3 Transaction Limits, Cut-off Times and Processing

3.1 General Principles

Each payment type and transaction channel is subject to operational, technical, and regulatory limits as prescribed by applicable Maltese law and forthcoming European Union legislation, including the proposed Payment Services Regulation (PSR) under PSD3. Current monetary, daily, and cumulative limits are set out in our Tariff of Charges and published at https://blackcat.app/pricing.

We reserve the right to revise such limits to reflect updates to internal risk management frameworks, scheme rules (e.g. Mastercard, VISA, SEPA), or applicable supervisory guidance. Any such change will not affect limits individually agreed with you unless expressly permitted by law or regulatory obligation.

3.2 Processing and Cut-off Times

(a) SEPA Credit Transfers (SCT) – Orders received and verified by 15 : 00 CET on a Business Day are processed on the same day. Orders received thereafter, or on a non-Business Day, are deemed received on the next Business Day.

(b) SEPA Instant Credit Transfers (SCT Inst) – Processed continuously in real-time (24/7/365), subject to scheme availability and individual payment caps.

(c) Top-up by Card and Transfer to Card – Executed in real-time via the Mastercard or VISA networks, depending on the scheme associated with the funding or Beneficiary card.

(d) Intrabank Payments – Transfers between Wallets held with us are executed in real-time and are not subject to interbank settlement procedures.

(e) Card Payments to Merchants – Executed via standard card-scheme authorisation procedures, with settlement governed by Mastercard clearing rules.

3.3 Limits under PSD3 and Verification of Payee (VoP)

To comply with PSD3 and the associated PSR, including Articles 20 and 51 thereof:

(a) You may set and modify transaction limits for SEPA Credit Transfers, including SCT Inst, at your discretion via the Application (APP) or other agreed Trusted and Secure Communication Channels. These limits are part of your framework contract with us and may be changed by you at any time, subject to verification and operational feasibility.

(b) We may define an upper ceiling (plafond) for such transaction limits, in line with our internal policies, technical capabilities, and risk thresholds. Any increase above this plafond requires your explicit request and our prior approval, submitted via Trusted and Secure Communication Channels as defined in this Agreement.

(c) Transactions governed by Verification of Payee (VoP) protocols are additionally subject to outcome-dependent controls. Transactions that fail VoP verification or trigger risk indicators may be delayed, suspended, or declined, and we may request reconfirmation or additional information from you before proceeding.

3.4 Card-related Limits

(a) Cash Withdrawal Limits – A fixed upper limit applies to cash withdrawals using Cards issued by us. This limit is non-adjustable by the User and is disclosed in the Tariff of Charges.

(b) Card Purchase Limits – You may set and modify card purchase limits within the APP. All limit changes initiated by you take effect upon confirmation, unless flagged under our fraud or risk-prevention systems.

3.5 Right to Refuse, Delay or Batch Transactions

We reserve the right to refuse, delay, suspend, or batch the processing of any transaction where:

execution would breach regulatory, AML/CFT, or sanctions obligations;
internal risk thresholds, card scheme rules, or fraud filters are exceeded;
technical, network, or operational constraints prevent immediate processing; or
the transaction exceeds any agreed or legally permissible limits.

We shall not be liable for delays or failures in execution arising from such legitimate controls, provided actions are taken in good faith and in accordance with applicable law and network rules.

3.6 Fees and Charges

i. All applicable fees, charges, commissions, and mark-ups in connection with Wallets, Cards, Transfers, Currency Exchange, and all other Services offered by us are set out in the Tariff of Charges and the Fee Information Document. Both documents form an integral part of this Agreement and are maintained in accordance with the applicable provisions of Directive (EU) 2014/92 (Payment Accounts Directive), Directive (EU) 2015/2366 (PSD2), and forthcoming EU legislative acts under the Payment Services Regulation (PSD3/PSR).

ii. The Wallet Holder or Business User shall be categorised into one of the following fee groups, which determine the applicable pricing tier:

Private Individuals;
Legal Persons established within the European Union (EU) and possessing a valid VAT registration number;
Legal Persons established within the EU but not registered for VAT;
Legal Persons established outside of the EU;
FinTech Entities, including, but not limited to, regulated payment institutions, electronic money institutions, credit institutions, virtual asset service providers (VASPs), and crypto-asset service providers (CASPs).

iii. Notwithstanding the foregoing, the Financial Institution may, at its sole discretion, enter into a bilateral pricing arrangement with any Wallet Holder or Business User. In such instances, the pricing terms set forth in the bilateral agreement shall prevail over those stated in the publicly published Tariff of Charges, solely to the extent of any inconsistency and without prejudice to mandatory provisions of applicable law.

iv. The Tariff of Charges is publicly available at https://blackcat.app/pricing and may be accessed via the mobile or web Application (APP). The Fee Information Document and the Tariff of Charges shall also be provided to the Wallet Holder, upon request, through a Trusted and Secure Communication Channel, as defined under this Agreement.

v. Where the execution of a Service involves the participation of intermediary institutions, card schemes (e.g. Mastercard), correspondent banks, VASPs, CASPs, or other external network operators, such parties may levy additional fees beyond our control. The Wallet Holder or Business User shall be solely responsible for bearing any such third-party charges, and we shall not be liable for such amounts.

vi. By using any Service, the Wallet Holder or Business User hereby grants us full and irrevocable authorisation to debit any fees, charges, commissions, or other applicable amounts directly from the Wallet or from any available balance held with us. Such authorisation is deemed to have been granted by virtue of the Wallet Holder’s or Business User’s acceptance of this Agreement and their continued use of the Services.

3.7 Cancellation of Payment Instructions

Irrevocable Payments: Transactions executed in Real-Time — including Top-up by Card, Transfer to Card, and SEPA Instant — are irrevocable once authorised.

Charges and Losses: We may impose administrative charges and recover exchange-rate losses or intermediary fees as defined in the Tariff of Charges.

Refunds: Executed SEPA SCTs cannot be cancelled; however, the Originator may request a Refund under the SEPA Rulebook, subject to approval by the Beneficiary’s Payment Service Provider.

Card-based Deferred Payments: For transactions based on stored card details (e.g. recurring or deferred Merchant payments), you must address any dispute or cancellation directly with the Beneficiary.

Any cancellation attempt, whether or not successful, may result in charges.

3.8 Card Blocking and Security Measures

You may block or unblock any Card (Virtual, Plastic, Corporate, or Additional) through the APP.

Immediate blocking is mandatory in cases of loss, theft, suspected compromise, or unauthorised use.

Unblocking may occur only after confirming that the Card and related credentials are secure.

You acknowledge that offline transactions processed through the Mastercard networks may still be completed despite a block, and you remain liable for such transactions.

3.9 Standing Orders

A standing order remains in effect until it is cancelled by the Wallet Holder or replaced by a new instruction.

A standing order cannot be cancelled on the scheduled payment date or within the two Business Days immediately following that date.

If a standing order is designated as a “Split Payment,” it remains active for its specified validity period and cannot be revoked during that time.

If the Wallet lacks sufficient Available Balance to execute two consecutive scheduled payments, we reserve the right to cancel the standing order, and the Wallet Holder will be responsible for any applicable processing or insufficient-funds fees.

All specific terms of the standing order — including amount, frequency, and duration — are agreed at setup and are governed by this Agreement.

3.10 Manage Users

Within this Application, the term "Users" has a specific meaning depending on context. For the purpose of account opening procedures, "Users" is synonymous with "Agents" as defined in the FIAU Implementing Procedures. In other communications with us, "Users" may refer to the Wallet Holder themselves or to individuals they have designated, referred to as Authorized Persons. These Users are granted access to our web and mobile applications (the Channels), subject to the following rules:

Access Rights: Users may be assigned one of three access privileges. Each level grants increasing capabilities:
View: Permits the user only to access the application to view information.
Create: Includes the View privileges plus the ability to create payment instructions (without confirming them).
Sign: Includes View and Create privileges and additionally allows the user to confirm and initiate payment instructions, as well as to make requests for new cards, accounts, and other services.
Designation of Authorized Persons: Wallet Holders must designate their Authorized Persons by providing explicit instructions to us in the prescribed manner. These instructions formally authorize the named individuals to act on behalf of the Wallet Holder within the Channels.
Unique Credentials: Each User is provided with separate, unique login credentials for accessing the Channels. Users must keep these credentials confidential and secure at all times.
User Responsibility: Each User is responsible for all transactions and operations executed under their credentials within the applications. Users should act in accordance with their assigned access rights and the instructions of the Wallet Holder.
Changes to Authorized Persons: The Wallet Holder must promptly inform us of any additions, removals, or changes to their Authorized Persons. This ensures that only current and properly designated individuals have access.
Regulatory Compliance: We reserve the right to request additional information or documentation about any User at any time to comply with legal, regulatory, or security requirements.
Account Holder Liability: Any actions taken by a User within the Channels are deemed to be actions of the Wallet Holder. The Wallet Holder remains fully responsible for all such actions.
Compliance with Terms: It is the Wallet Holder’s obligation to ensure that all Users are aware of and comply with our Terms and Conditions and any security requirements applicable to the Channels.
Security Breach Notification: In the event of any unauthorized use of a User’s credentials or any security breach involving a User’s access, the Wallet Holder must immediately notify us.

This "Manage Users" section is intended to ensure proper administration of user access rights and to uphold the security and integrity of the Wallet Holder’s information and transactions within our Channels.

3.11 Exchange Rates and Currency Conversion

Scope of Application

This Article governs all currency exchange operations conducted by us in connection with the use of Wallets (including Linked Wallets and Open Banking Wallets), Cards, Top-up by Card and Transfer to Card Services, and any other Payment Services provided through the Channels. It applies where a transaction involves a conversion from one currency into another, whether outgoing or incoming, at the instruction or for the benefit of the Wallet Holder.

Exchange Rate Determination

We calculate exchange rates based on prevailing interbank or market reference rates, which may be obtained from publicly accessible and reliable financial sources (such as the European Central Bank or other reference providers), to which a fixed margin is added. Exchange rates are subject to intra-day and daily fluctuations and may be modified at any time without prior notice. The currently applicable exchange rates are published and made available via the Channels and our official website at https://www.papaya.eu/currency-exchanges.

Customer Disclosure and Approval

Where a transaction involves currency conversion, we shall, prior to the Wallet Holder confirming the transaction, disclose the exact exchange rate (inclusive of any margin) and any applicable Currency Conversion Fee. The Wallet Holder’s confirmation of the transaction constitutes their acceptance of the disclosed rate. For inbound transactions requiring conversion, the applicable rate shall be that in force on the date the transaction is processed by us.

Indicative Rates and Temporary Suspension

Exchange rates displayed within the Channels are provided for information purposes only and do not constitute a binding rate for future transactions. We reserve the right to suspend temporarily the execution of currency conversions and/or the display of exchange rates where required by extraordinary market conditions, system unavailability, or regulatory instructions.

Wallet and Card Transactions Involving Currency Conversion

Currency conversion applies where funds are sent, received, or otherwise processed in a currency different from the denomination of the Wallet or Card used. This includes transactions conducted through the Linked Wallets and, once available, Open Banking Wallets. The applicable exchange rate shall be determined at the point of transaction execution by the Financial Institution.

Card Transactions in the EEA in Non-Euro Currencies

Where a Card is used within the European Economic Area (EEA) for a purchase or ATM withdrawal in a currency other than Euro:

a) Dynamic Currency Conversion (DCC): At the point of sale or withdrawal, the Wallet Holder may be offered the option to pay either in the local currency of the payee or ATM, or in Euro.

i. If the Wallet Holder opts to pay in Euro, the merchant or ATM operator shall perform the conversion at its own exchange rate and may impose its own currency conversion fee. We bears no responsibility for any such rate or fee.

ii. If the Wallet Holder opts to pay in the local currency, the conversion shall be executed by the applicable Card scheme (e.g. Mastercard) using its prevailing exchange rate, and the Financial Institution shall apply a Currency Conversion Fee.

b) Currency Conversion Fee (Mark-up): For such transactions, we apply a Currency Conversion Fee calculated as a percentage mark-up over the European Central Bank’s reference exchange rate.

i. The standard mark-up is 3% of the converted amount.

ii. No mark-up shall be applied to transactions conducted in the following currencies: Swedish Krona (SEK), Czech Koruna (CZK), Polish Zloty (PLN), and Romanian Leu (RON).

c) Regulatory Disclosure Obligations: In compliance with Regulation (EU) 2021/1230, we notify the Wallet Holder of the percentage mark-up over the ECB rate when performing a currency conversion on card-based transactions denominated in an EEA currency. The Wallet Holder may opt out of receiving such notifications via the Application or other available Channel.

Final Provisions

All fees and charges applicable to currency conversion transactions are further detailed in the Tariff of Charges and Fee Information Document, both of which form an integral part of this Agreement. The Wallet Holder is responsible for reviewing the applicable rates and mark-ups prior to initiating any currency conversion.

3.12 Statements

General Provision

In accordance with Article 57 of Directive (EU) 2015/2366 on payment services (PSD2), and with Regulation (EU) 2021/1230 on cross-border payments, we provide Wallet Holders with periodic Statements summarising the activities on their Accounts. These include executed payment transactions, associated charges and fees, the applicable exchange rates, and available balances. Such Statements constitute the official record of account activity and are provided in durable medium in line with Article 41 PSD2.

Method of Delivery

Pursuant to Regulation 26 of the Financial Institutions Rule FIR/03 issued by the Malta Financial Services Authority (MFSA) and Article 41(1) PSD2, Statements made available through the secure Online Banking platform, including the Financial Institution’s mobile and web-based Application (“APP”). Unless otherwise requested by the Wallet Holder, no paper-based delivery will occur.

Frequency

Monthly account Statements provided by default, as required under Article 57 PSD2. The annual provision of Fee Statements is governed by the EU Payment Accounts Directive 2014/92/EU and follow the standardised Fee Information Document format, which is integrated into this Agreement.

Notification of Statement Availability

Notifications confirming the availability of Statements will be delivered through trusted and secure Channels (as defined), including in-application messages (“chat”) and/or push notifications within the APP. The Wallet Holder shall remain responsible for enabling such notifications and for accessing the statement in a timely manner. In accordance with MFSA guidance, failure to receive a notification shall not relieve the Wallet Holder from the obligation to review statements in a reasonable period.

Review and Error Notification

Wallet Holders must review their Statements promptly. Under Article 71(1)(b) PSD2, any unauthorised or incorrectly executed payment transactions must be reported without undue delay and no later than thirteen (13) months from the debit date. However, we require, for operational clarity, that any errors or disputes relating to statement entries be submitted within fifteen (15) calendar days of issuance.

Record Retention

We retain all Statements and underlying records in accordance with Article 15(1)(d) of Directive 2009/110/EC (EMD2) and Regulation 3 of the Prevention of Money Laundering and Funding of Terrorism Regulations (S.L. 373.01), for a minimum of five (5) years or longer if required by law. Wallet Holders are advised to download and archive statements for their own use.

Statement Amendments and Corrections

If a discrepancy or reporting error is confirmed by either Party, we undertake to rectify the Statement and reflect necessary adjustments in the subsequent reporting cycle. Such corrections shall comply with Article 88 PSD2 where relevant.

Optional Paper Statements

Upon express request, Wallet Holders may receive paper-based statements, subject to fees as outlined in the Tariff of Charges. This service complies with Article 41(1) PSD2 and shall be executed using secure postal methods. Charges for postage and preparation are borne by the requesting party.

Transaction History Access

The APP and web platforms enable real-time access to transaction history. However, in accordance with MFSA consumer protection guidelines and standard industry practice, such transaction logs are provided strictly for reference and do not constitute formal account Statements within the meaning of PSD2 or this Agreement.

3.13 Copyright and Trademarks

All content accessible via the Channels (including the APP, web platform, and Trusted and Secure Communication Channels) is protected by applicable intellectual property legislation, including but not limited to Directive 2001/29/EC on the harmonisation of certain aspects of copyright and related rights in the information society (the "Copyright Directive"), Regulation (EU) 2017/1001 on the European Union trade mark, and national laws of the Republic of Malta on copyright and trademarks, including the Copyright Act (Chapter 415 of the Laws of Malta) and the Trademarks Act (Chapter 597 of the Laws of Malta).

The Channels, their design, source code, layout, content, and materials, including but not limited to software, text, photographs, illustrations, audiovisual content, trademarks, service marks, logos, sounds, music, data compilations, and user interfaces, are the intellectual property of us and/or its licensors or third-party rights holders. All such rights are reserved.

Use of the Channels is granted strictly on a non-exclusive, non-transferable basis for the sole personal and lawful use of the Wallet Holder. Except as expressly permitted by law or with the prior written authorisation of us, it is strictly prohibited to reproduce, modify, adapt, translate, publish, resell, license, distribute, transmit, publicly perform or display, reverse-engineer, decompile, or otherwise exploit any part of the Channels or related content, whether in whole or in part.

The inclusion or display of any trademark, logo, or trade name within the Channels does not constitute or imply the grant of a licence, right, or authorisation to use such intellectual property unless expressly granted by us or the lawful rights holder. Misuse of any trademarks displayed on the Channels may result in civil and/or criminal liability under EU and national law.

Any unauthorised use, copying, or redistribution of proprietary materials, as defined in Directive 2001/29/EC and Directive (EU) 2019/790 on copyright and related rights in the Digital Single Market (DSM Directive), is strictly prohibited. We reserve the right to pursue all legal remedies available under applicable intellectual property laws.

This provision shall apply mutatis mutandis to any Channel content made available via white-labelling, partnership platforms, or integrated third-party services, to the extent such content is governed by intellectual property laws or contractually licensed rights.

3.14 No Offer or Advice

All content, materials, and communications made available through the Channels, including but not limited to the APP, web platform, or any Trusted and Secure Communication Channels, are provided strictly for general information purposes. They shall not, under any circumstances, be interpreted or construed as a public offer, solicitation, investment advice, tax guidance, legal counsel, or recommendation to engage in any transaction, financial instrument, or service.

No part of the information communicated via the Channels constitutes a personal recommendation within the meaning of Article 9 of Directive 2014/65/EU (MiFID II), nor does it amount to an investment research or marketing communication as defined under applicable regulatory technical standards. Any financial, legal, or tax implications referenced in the Channels are of a general nature and may not reflect the personal or legal circumstances of the Wallet Holder.

We disclaim any liability for actions taken or not taken based on the content of the Channels. The Wallet Holder remains solely responsible for obtaining professional advice, where appropriate, from suitably qualified advisers (including legal, tax, or financial advisers) prior to making any investment, transactional, or strategic decision.

The inclusion of product or service descriptions, features, pricing, or other commercial information within the Channels does not constitute an offer or binding commitment by us unless expressly stated otherwise in a specific contractual communication or regulated disclosure.

Nothing contained in the Channels shall override the Wallet Holder’s obligation to make informed, independent decisions in line with their own financial capacity, risk appetite, regulatory status (if applicable), and legal obligations.

3.15 Any Instructions to Us

For the purposes of this Agreement, any Instruction transmitted to us via the Channels—whether relating to payment orders, transfer requests, applications, declarations of intent, or service requests—shall be deemed valid, irrevocable (once processed), and legally binding upon you when duly authenticated using the required Strong Customer Authentication (SCA) credentials. These may include, but are not limited to, your Personal Identification Number (PIN), biometric identification, password, or one-time password (OTP) transmitted via Trusted and Secure Communication Channels, such as SMS or in-app notification.

By submitting an Instruction through the Channels and successfully completing the authentication process, you:

Authorise us to execute the Instruction on your behalf;
Confirm that all data provided is complete, accurate, and true to the best of your knowledge;
Accept full legal and financial liability for the outcome of the Instruction.

In accordance with Article 64 and 88 of PSD2 and applicable national transpositions thereof, we are not obliged—unless explicitly required by applicable law or agreed otherwise in writing—to verify, correct, supplement, confirm, or authenticate the content of any Instruction beyond the SCA applied. Consequently, we disclaim any liability for errors, omissions, delays, or rejections arising from incorrect, incomplete, or unauthorised Instructions provided by you or your Authorised Users.

We reserve the right, without liability, to suspend the processing of any Instruction pending receipt of:

Additional information or documentation, including verification of the source of funds under AML/CFT obligations (pursuant to Directive (EU) 2015/849 and national AML legislation);
Clarification regarding a transaction that raises suspicion under our fraud prevention, sanction screening, or internal compliance controls.
Unless otherwise expressly agreed or permitted by applicable legislation, Instructions shall be deemed received:
On the date of transmission through the Channels, provided that it is a Business Day and the relevant cut-off time has not passed;
On the next Business Day in all other cases.

Instructions shall not be automatically cancelled upon closure or suspension of your access to the Channels or the Account unless otherwise expressly communicated and accepted by us.

You may cancel or amend an Instruction:

Prior to its execution by submitting a new Instruction via the Channels;
Subject to the availability of such modification functionality for the relevant transaction type;
Provided that such cancellation is not restricted by SEPA rules, Mastercard scheme procedures, or applicable clearing timelines.

We may apply a fee for processing cancellation or amendment requests, as specified in our Tariff of Charges. You are also liable for reimbursing us for any third-party costs incurred as a result of executing or reversing an Instruction.

Once an Instruction has been marked as "processed" or "initiated" by us it is considered irrevocable, and you forfeit any right to withdraw, amend, or reverse the transaction, unless such reversal is expressly permitted under applicable law or scheme rules.

3.16 Equipment

You are solely responsible for the provision, maintenance, and secure operation of all hardware, software, network connections, and authentication tools (including but not limited to your mobile device, SIM card, Trusted Communication Channel components, and any Card or security credentials) necessary to access and use our Channels. Such equipment must meet minimum security and compatibility standards as may be notified by us from time to time, in line with ICT and security risk management requirements under applicable law.

You must take all reasonable steps to prevent the loss, theft, disclosure, or misuse of any equipment or authentication device used to access our Services, in accordance with Article 69(2) of PSD2 and the EBA Guidelines on operational and security risks.

In particular, you are required to promptly notify us—through our designated 24/7 customer support chat or other Trusted and Secure Communication Channels—immediately upon becoming aware of:

Any suspected or confirmed loss, theft, compromise, or unauthorised access to your mobile device, SIM card, Card, authentication means (such as OTP or PIN), or any element used to access the Channels;
Any circumstance in which control over your equipment or security credentials has been compromised, including malware infection or unauthorised data access.

Upon receipt of such notification, we, without undue delay and in compliance with Article 69(2)(b) of PSD2, block access to the affected Services and take the necessary steps to prevent further unauthorised use. Such action does not relieve you of liability for any Instructions executed prior to our receipt of your notice, unless otherwise provided under Article 74 of PSD2 or applicable consumer protection laws.

You remain fully liable for all operations carried out through the Channels until:

We received your notification in accordance with Clause 2.16.3;
And we have implemented the necessary suspension or blocking of access, as recorded by our systems.

We shall not be liable for any loss, damage, or interruption in Service caused by your use of incompatible, outdated, or insecure devices, software, or network connections. You are responsible for ensuring that your equipment:

Is kept updated with the latest security patches and anti-malware protection;
Supports secure communications protocols and two-factor authentication mechanisms required by us;
Is not subject to jailbreaks, root access, or other modifications that undermine device integrity or security.

We may suspend or limit access to the Channels if we detect, suspect, or are notified of potential equipment-related security risks, in accordance with our regulatory obligations and internal risk management protocols.

4 GENERAL APPLICABLE TERMS

4.1 Use of Wallet via Channels, ATM, and POS Networks

The Wallet Holder may access, view, and use funds available in their Wallet through the Channels, including:

a) the Application (APP) (mobile and web);

b) Automated Teller Machines (ATM);

c) Point of Sale (POS) terminals within the Mastercard network;

d) Other MasterCard network card acceptance method (like ClicktoPay and so on) and

e) other approved Trusted and Secure Communication Channels.

Transactions executed through the Channels are governed by the operational and security standards of the applicable payment schemes (e.g. Mastercard), SEPA Rulebooks, and our internal compliance procedures.

All fees and charges applicable to ATM withdrawals, POS purchases, SEPA transfers, or other Channel-based services are specified in the Tariff of Charges and the Fee Information Document, which form an integral part of this Agreement. The most current versions are accessible on https://blackcat.app/pricing

In case if any charge is applied by the Merchant by adding it to transaction amount within the ATM, POS terminal or other MasterCard network card acceptance method we assume it like part of the product or service purchased and does distinct within our statements.

We ensure that the Wallet Holder’s access to Channels and transaction execution comply with the principles of Strong Customer Authentication (SCA) under Articles 97–98 of PSD2 and relevant EBA Regulatory Technical Standards (RTS on SCA and secure communication).

4.2 Transaction Limits

General Scope

All financial and non-financial transactions—including but not limited to deposits, withdrawals, SEPA Credit Transfers (SCT), SEPA Instant Credit Transfers (SCT Inst), Top-ups by Card, Transfers to Card, Intrabank Payments, and Card-based operations—are subject to operational, technical, and regulatory limits (collectively, “Transaction Limits”).

Transaction Limits are established by:

a) We in accordance with internal risk scoring, fraud-prevention and compliance obligations under PSD2, AMLD, and EBA Guidelines; and

b) Third Parties, including payment networks, correspondent or beneficiary banks, Linked Wallet or Open Banking Wallet providers, merchants, and ATM/POS operators, in accordance with their own operational and regulatory requirements.

Transaction Limits Defined by us

a) General Regulatory Limits and Government Orders

We may be required to impose or maintain restrictions, freezes, or maximum thresholds on specific transactions or Wallet balances pursuant to:

Judicial or administrative orders, including court injunctions, garnishments, or freezing orders issued by Maltese or EU courts;
Orders of competent authorities, including the Malta Financial Services Authority (MFSA), Financial Intelligence Analysis Unit (FIAU), Central Bank of Malta, European Central Bank (ECB), European Banking Authority (EBA), or any equivalent foreign regulator acting under mutual legal assistance;
Law-enforcement and sanctions authorities, such as the Police, the Attorney General, Europol, Eurojust, or the Sanctions Monitoring Board, when a freeze or restriction is necessary under criminal, AML/CFT, or sanctions legislation.

We shall comply with such directives immediately upon receipt and shall inform the Wallet Holder when legally permitted to do so.

b) Amount Freeze Orders

Funds in the Wallet may be temporarily or permanently frozen in whole or in part when ordered by the competent authorities listed above or when required by AML/CFT investigations pursuant to Regulation 15 of the Prevention of Money Laundering and Funding of Terrorism Regulations (S.L. 373.01) or Article 33 of Directive (EU) 2015/849.

Frozen amounts shall remain inaccessible until the lifting or expiry of the relevant order.

c) Antifraud Limits for SEPA Transactions

In accordance with the forthcoming Payment Services Directive (PSD3) and Payment Services Regulation (PSR) requirements on customer-defined security parameters and dynamic transaction-risk monitoring, we appliy antifraud limits to all SEPA Credit Transfers (SCT) and SEPA Instant Credit Transfers (SCT Inst) as follows:

Customer-Defined Controls

The Wallet Holder may define and adjust their own individual payment ceilings (daily, and cumulative) for SEPA transactions directly within the APP.

Any modification of such customer-defined limits shall be authenticated through Strong Customer Authentication (SCA) in accordance with Articles 97–98 of PSD2 and the relevant RTS on SCA and Secure Communication.

A newly increased limit will take effect only after a minimum cooling-off period of twenty-four (24) hours from the confirmation time, unless the increase is confirmed through a separate Trusted and Secure Communication Channel.

A reduction of a limit or temporary suspension thereof shall take effect immediately upon confirmation in the APP.

Institutional Dynamic Controls

We continuously evaluates outgoing SEPA transactions using risk-based algorithms and behavioural analytics compliant with EBA Guidelines EBA/GL/2019/04 and EBA/GL/2020/01.

Where risk indicators (including unusual frequency, value, or geolocation) exceed predefined thresholds, we may automatically apply temporary or permanent antifraud limits, defer execution for manual review, or request re-authentication.

In such circumstances, a transaction execution delays not exceeding one (1) Business Day may apply, consistent with Article 86(1) of PSD2 and the forthcoming PSD3 risk-management provisions.

Transparency and Notification

All applicable antifraud limits—whether defined by the Wallet Holder or imposed by us—are displayed transparently in the APP and communicated through a Trusted and Secure Communication Channel prior to their enforcement.

We notify the Wallet Holder of any institutional antifraud limit adjustments or deferred-execution actions, unless prohibited by law or regulatory instruction.

Override Requests

The Wallet Holder may request a temporary or permanent increase beyond our’s default ceilings by submitting a verified request through a Trusted and Secure Communication Channel.

Approval is subject to enhanced due diligence, verification of the source of funds, and internal compliance review under Articles 11 and 13 of Directive (EU) 2015/849 (AMLD).

Legal Effect

The application of antifraud limits, delays, or authentication requirements under this Clause shall not constitute a service failure. These measures are lawful security mechanisms.

d) Antifraud Controls for Card Use

We in cooperation with Mastercard, applies real-time fraud-detection and transaction-validation mechanisms, which may include:

mandatory chip & PIN verification at least once every five contactless transactions or after defined cumulative value limits;
automatic blocking of serial high-value transactions occurring in rapid succession;
temporary suspension of card use in atypical geographical regions or following anomalous merchant patterns; and
automatic deactivation following suspected compromise, until the Wallet Holder re-authenticates.

Such antifraud measures comply with Mastercard Security Rules and EBA Guidelines EBA/GL/2019/04 on operational and security risk management.

e) Antifraud Limits for Card Purchases (Defined by Wallet Holder)

The Wallet Holder may configure personal antifraud limits for Card Purchases directly within the APP.

Limits may be set on a daily and monthly basis.

The Wallet Holder may temporarily override a limit for a single transaction or for a five-minute period, after SCA authentication.

Any changes take immediate effect but remain within the plafond established by us.

f) Cash Withdrawal and Cash Advance Limits

Cash-related limits (ATM withdrawals or cash advances) are fixed by us for security and AML/CFT purposes and cannot be altered by the Wallet Holder.

Such limits are published in the Tariff of Charges and are based on cumulative daily and monthly ceilings consistent with AML thresholds under Directive (EU) 2015/849.

g) Top-Up by Card Limits

Top-ups via the Mastercard or VISA network are subject to predefined per-transaction, daily, and monthly ceilings determined by us and published in the Tariff of Charges.

We may refuse or delay a top-up that exceeds those thresholds or conflicts with the card-network risk parameters.

Transaction Limits Defined by Third Parties

Transaction execution may also be restricted by limits imposed by external parties beyond our control, including but not limited to:

(a) Merchants and ATM/POS Operators – may set maximum or minimum per-transaction, daily, or monthly withdrawal or purchase amounts applicable to their own terminals or acquiring networks.

(b) Beneficiary Banks – may define acceptance limits or reject incoming SEPA Credit Transfers that exceed their internal or regulatory ceilings.

(c) Linked Wallet or Open Banking Wallet Providers – may establish transaction ceilings, frequency caps, or cumulative daily thresholds pursuant to their own risk management or regulatory obligations.

We do not disclose, control, or guarantee such Third-Party Limits.

If a transaction is declined due to a Third-Party Limit, the Wallet Holder must address any inquiry or dispute directly to the relevant third party that initiated or processed the transaction.

Modification of Limits by the Wallet Holder

(a) The Wallet Holder may adjust daily or per-transaction limits for Card Payments and SEPA transfers through the APP, within the plafond defined by us.

(b) Requests to exceed our’s plafond must be submitted via a Trusted and Secure Communication Channel and may require enhanced due diligence, including proof of source of funds.

(c) Limit reductions or temporary suspensions made by the Wallet Holder take effect immediately upon confirmation in the APP.

Amendment and Application of Limits by us

We reserve the right to modify Transaction Limits, temporarily or permanently, without prior notice, in order to:

a) ensure compliance with applicable laws, court or administrative orders, or card-scheme rules;

b) respond to detected fraud trends, AML/CFT alerts, or sanctions obligations;

c) protect the integrity and liquidity of its payment systems; or

d) comply with risk-based operational thresholds set by regulatory or supervisory authorities.

All modifications become effective upon publication in the Tariff of Charges or notification through the APP or other Trusted and Secure Communication Channels.

Effect and Transparency

a) All limits—whether imposed by us, Third Parties, or competent authorities—are binding on the Wallet Holder.

b) We publish or notify its own applicable limits in a clear and transparent manner consistent with Articles 44 and 52 of PSD2 and Regulation (EU) 2021/1230 on cross-border payment transparency within the Fee Information Documents.

c) Limits imposed by Third Parties or governmental bodies shall be communicated only when disclosure is legally permissible.

Liability and Rejection of Transactions

A transaction rejected due to a Third-Party Limit, governmental freeze, or antifraud control shall not be deemed a failure or breach by us.

In such cases, our’s liability is expressly excluded to the fullest extent permitted under Article 88 of PSD2.

The Wallet Holder may request confirmation of the rejection reason, and we will provide it where lawfully allowed.

Summary

Our’s Transaction Limit framework ensures compliance with EU and Maltese regulatory standards, card-scheme rules, and internal risk policies.

The Wallet Holder acknowledges that all limits—whether system-based, regulatory, or imposed by external parties—are integral to the secure and lawful operation of our’s Services and consents to their application.

4.3 Non-Transferability of Wallet

Principle of Non-Transferability

The Wallet, including any Linked Wallets, Open Banking Wallets, or other sub-accounts maintained under the Wallet Holder’s profile, is established strictly for the personal or business use of the Wallet Holder identified during onboarding.

The Wallet and all rights, access credentials, and balances therein are non-transferable, non-assignable, and non-heritable except as permitted by applicable law or with our prior written approval.

The Wallet Holder acknowledges that all Wallets are issued under the legal and regulatory framework of us, licensed as an Electronic Money Institution by the Malta Financial Services Authority (MFSA) pursuant to the Financial Institutions Act (Cap. 376) and the Electronic Money Regulations (S.L. 376.03).

Prohibition on Assignment, Pledge, or Transfer

The Wallet Holder shall not assign, transfer, sell, gift, lease, or otherwise dispose of their Wallet, Linked Wallet, or any related rights or credentials to any third party, whether for consideration or otherwise.

The Wallet Holder may not pledge, encumber, or use the Wallet balance as collateral or security for any obligation to third parties, unless expressly authorised in writing by us through a Trusted and Secure Communication Channel and in full compliance with applicable financial and consumer protection laws.

The Wallet Holder may not authorise any person other than duly registered Authorised Users (as defined in Article 2.10 of this Agreement) to access, operate, or transact through their Wallet. Any unauthorised delegation of control or access shall constitute a material breach of this Agreement.

The Wallet Holder acknowledges that the transfer or pledge of e-money or stored-value balances without our’s authorisation constitutes a prohibited activity under Article 10 of Directive 2009/110/EC (E-Money Directive) and may also contravene Article 64(1) of PSD2, which requires explicit payer consent for each transaction.

Linked Wallets and Third-Party Providers

Linked Wallets provided by Manerio UAB or any other authorised third-party institution remain subject to the contractual and regulatory framework of their respective providers. The Wallet Holder may not transfer ownership, access rights, or balances from Linked Wallets independently of the agreement concluded between us, the Linked Wallet Provider, and the Wallet Holder.

In accordance with PSD2 Articles 66–67, where the Wallet Holder authorises a Payment Initiation Service Provider (PISP) or Account Information Service Provider (AISP) to access the Wallet, such authorisation does not transfer ownership or control of the Wallet. The Wallet Holder remains fully responsible for all actions performed via those providers.

Enforcement and Regulatory Obligations

Any unauthorised assignment, pledge, or use of the Wallet or its credentials by a third party shall be treated as a material breach of this Agreement and may result in:

Immediate suspension or termination of the Wallet;
Blocking of all associated Wallets and Cards;
Freezing of funds in accordance with Article 33 of Directive (EU) 2015/849 and the Prevention of Money Laundering and Funding of Terrorism Regulations (S.L. 373.01); and
Reporting to the competent authorities, including the FIAU, MFSA, Europol, or European Banking Authority, as required by law.

We may also take immediate action if it reasonably suspects that Wallet credentials or balances have been sold, leased, shared, or otherwise transferred to third parties for purposes including but not limited to money laundering, tax evasion, terrorist financing, fraud, or sanctions evasion.

Exceptional Cases of Legal Transfer

cases of death or legal incapacity of the Wallet Holder, the rights to the Wallet balance may be transferred solely to lawful heirs, executors, or administrators recognised under Maltese law, upon submission of:

Certified copies of probate or court orders;
Satisfactory identification and KYC documentation; and
Confirmation that the transfer complies with AML/CFT obligations.

Any such transfer shall be executed only after internal and legal verification in accordance with Article 40 of Directive (EU) 2015/849 and the MFSA’s Conduct of Business Rulebook.

Effect of Breach

Any attempt to assign, sell, transfer, or pledge a Wallet or its balance without prior written authorisation shall:

a) Render the transaction void ab initio;

b) Authorise us to freeze or recall the funds involved; and

c) Constitute sufficient cause for immediate termination of the Wallet Holder’s Agreement under Article 3.5 of these Terms and Conditions.

Recordkeeping and Transparency

We retain full records of any requests, communications, or actions relating to the attempted or authorised transfer of Wallet ownership for a minimum period of five (5) years in compliance with Article 40 of Directive (EU) 2015/849 and applicable data protection laws.

4.4 Blocking of Wallet or Refusal to Execute Transactions

Right of Refusal

We reserve the right to refuse to execute, accept, or process any transaction, in whole or in part, where there exist reasonable grounds to believe that:

a) the transaction or its purpose contravenes applicable EU or Maltese law, including but not limited to provisions on anti-money laundering (AML), counter-terrorist financing (CFT), tax evasion, sanctions, or fraud-prevention;

b) the transaction fails to satisfy Strong Customer Authentication (SCA) requirements under Articles 97–98 of PSD2 or under successor provisions of PSD3;

c) the transaction is inconsistent with the Wallet Holder’s known risk profile, source of funds, economic activity, or stated business purpose;

d) the transaction has been initiated using invalid, forged, compromised, or unauthorised credentials;

e) the transaction breaches applicable limits, card-scheme operational rules, or SEPA scheme participation conditions; or

f) We has received an order from a competent authority, court, FIAU, MFSA, or law-enforcement body to suspend or block execution.

We shall not be liable for any loss or delay arising from such lawful refusal performed in accordance with Article 88 of PSD2 and the principle of proportionality under EU law.

Immediate Suspension or Termination of Processing

We may immediately suspend, terminate, or delay any transaction subject to internal or external investigation under:

Articles 33–34 of Directive (EU) 2015/849;
Regulations 15 and 21 of the PMLFTR (S.L. 373.01); or
fraud-risk or sanctions-screening controls prescribed by card-schemes or network providers.

Transactions under review shall remain pending until the Financial Institution’s compliance and AML officers have completed due diligence and determined whether execution may lawfully proceed.

Transaction Reversal

We may reverse, in full or in part, any transaction that is determined to be erroneous, fraudulent, duplicated, unauthorised, or contrary to applicable law.

Such reversals shall be carried out in accordance with Article 75 of PSD2 and the Mastercard Chargeback Rules, and shall be reflected in the next official Statement and transaction history.

Blocking of Wallet or Transactions

We may block a Wallet, Card, Linked Wallet, or any specific transaction when:

a) blocking is required by AML/CFT, PSD2/PSD3, TFR, or sanctions obligations;

b) unauthorised or suspicious activity is detected by automated monitoring systems compliant with EBA/GL/2019/04;

c) the Wallet Holder fails to provide requested KYC, KYB, or source-of-funds documentation; or

d) the transaction originates from or is destined to a jurisdiction, entity, or person listed under EU Council Regulations (restrictive measures).

Notification of Blocking or Refusal

In line with Article 88(2) of PSD2, we inform the Wallet Holder, without undue delay, of any refusal, blocking, or reversal of a transaction, including the reason for such action, unless:

a) such notification would breach national or EU law;

b) court order, FIAU directive, or law-enforcement instruction prohibits disclosure; or

c) notification would compromise an ongoing investigation or pose a material security risk.

Where permitted, notification will be provided through a Trusted and Secure Communication Channel.

Refund of Erroneous Credits

We may, without prior notice, debit or recall any funds erroneously credited to a Wallet or sub-account, in accordance with Article 75 of PSD2 and Regulation 15(6) of the PMLFTR.

The correction shall appear in the subsequent Statement, accompanied by an explanatory entry.

Duration of Blocking and Restoration

Funds or Wallets subject to blocking shall remain frozen until:

a) the Wallet Holder provides documentary evidence substantiating the legitimacy of the funds and the purpose of the transaction; and

b) We obtain clearance from competent authorities, where applicable.

Release of any freeze or restriction will occur only after completion of internal verification, risk review, and, where required, regulatory approval pursuant to Article 33 of AMLD.

Termination for Non-Compliance

We may terminate this Agreement with immediate effect if:

a) the Wallet Holder fails to provide satisfactory clarification, documentation, or explanation requested under Articles 11–13 of Directive (EU) 2015/849;

b) We considers that continuation of the business relationship poses a regulatory, operational, reputational, or sanctions risk; or

c) the Wallet Holder has engaged in activities incompatible with this Agreement or with Article 8 of the Financial Institutions Act (Cap. 376).

Information Disclosure

We, our correspondent banks, intermediary financial institutions, and payment-network operators may exchange or disclose relevant customer and transaction data, including Beneficial Ownership and originator/beneficiary information, when required to comply with:

Directive (EU) 2015/849 (AMLD IV);
Regulation (EU) 2023/1113 (TFR);
FATF Recommendations 16 and 20; or
any legally binding request or order from competent supervisory or law-enforcement authorities.

Such disclosures are limited to what is necessary and proportionate for regulatory compliance.

Delay for Compliance Verification

We or our correspondent banks may delay execution of a transaction to complete enhanced due-diligence checks, sanctions screening, or fraud investigation, provided that such delay:

a) is necessary and proportionate under Article 88(1) of PSD2;

b) does not exceed the maximum processing period allowed by law, except where a freeze order or legal hold applies; and

c) is duly documented and subject to post-event review by our’s Compliance Officer.

Recordkeeping

All decisions to block, refuse, delay, or reverse transactions shall be recorded, time-stamped, and retained for a minimum of five (5) years pursuant to Article 40 of Directive (EU) 2015/849 and Regulation 16 of the PMLFTR.

Legal Effect

Blocking, delay, or reversal of transactions undertaken under this Article constitutes a lawful preventive and compliance measure. Such actions shall not be deemed a breach of our’s contractual obligations, provided they are executed in good faith and in accordance with the applicable regulatory framework.

4.5 Termination of the Relationship

Ordinary Termination

In accordance with Article 52(2) of Directive (EU) 2015/2366 (PSD2), we may terminate this Agreement by providing the Wallet Holder with not less than two (2) months’ prior written notice, unless a shorter period is permitted by applicable law or agreed contractually in writing via a Trusted and Secure Communication Channel.

The notice shall specify the effective date of termination, the method of settlement for remaining balances, and any consequential effects on Linked Wallets, Cards, or associated services.

During the notice period, We may restrict certain functionalities or transaction types to facilitate orderly closure and compliance with Article 88 of PSD2 and safeguarding requirements under the Electronic Money Directive (2009/110/EC).

Immediate Termination for Just Cause

We may terminate this Agreement with immediate effect and without prior notice where justified by cause, including but not limited to the following circumstances:

a) Material breach by the Wallet Holder of any provision of these Terms and Conditions or any breach of applicable law, regulation, or scheme rule;

b) Regulatory, judicial, or supervisory order from a competent authority, court, or law enforcement agency requiring suspension, freezing, or termination of the business relationship;

c) Discovery that the Wallet Holder has provided false, misleading, or incomplete information in the course of onboarding, transaction processing, or subsequent due diligence;

d) Suspicion or confirmation of unauthorised, fraudulent, or sanctionable activity, including but not limited to breaches of AML/CFT, sanctions, or terrorist financing regulations;

e) Where continuation of the relationship poses an unacceptable regulatory, operational, liquidity, reputational, or sanctions risk as assessed under EBA Guidelines EBA/GL/2019/04 and EBA/GL/2020/01;

f) Non-cooperation or failure to provide required KYC, KYB, or source-of-funds documentation within the timeframe set by us under Articles 13 and 14 of Directive (EU) 2015/849; or

g) Insolvency, cessation of business, or incapacity of the Wallet Holder to perform contractual obligations.

Obligations Upon Termination

Upon termination, whether ordinary or immediate, the Wallet Holder shall:

a) Settle all outstanding obligations, including fees, commissions, chargebacks, penalties, or any other liabilities due to us;

b) Return or destroy all Cards or other payment instruments linked to the Wallet in accordance with the instructions provided by us;

c) Provide settlement instructions for any remaining positive balance in the Wallet, subject to AML/CFT verification and the satisfaction of all compliance checks;

d) Cease using all Channels, including the mobile and web applications, Linked Wallets, and associated Cards, as of the termination date; and

e) Acknowledge that any continued access to the Channels after termination shall be unlawful and may result in legal action under applicable Maltese civil and financial laws.

Retention, Freezing, and Regulatory Hold

a) In accordance with Article 33 of Directive (EU) 2015/849 and Regulation 21 of the PMLFTR, we reserve the right to retain or freeze remaining funds until it has obtained regulatory clearance or concluded internal or external investigations concerning the Wallet Holder, the source of funds, or any related transaction.

b) Such retention or freezing shall not constitute a breach of this Agreement and shall be deemed a lawful preventive compliance measure executed in good faith.

c) We may also place a hold on funds where a court order, FIAU directive, or sanctions authority notice requires such action.

Post-Termination Recordkeeping and Reporting

a) We maintain all records related to the terminated relationship, including KYC, transaction, and communications data, for a minimum period of five (5) years from the date of termination, in compliance with Article 40 of Directive (EU) 2015/849 and Regulation 16 of the PMLFTR.

b) Upon lawful request by a Competent Authority or Regulated Third Party, we may disclose relevant termination and account information in accordance with Articles 33–34 of AMLD and Regulation (EU) 2023/1113 (TFR).

Legal Effect of Termination

Termination of this Agreement shall:

a) Extinguish all future obligations between the Parties except those expressly surviving termination (including data retention, liability, and dispute resolution clauses);

b) Not prejudice our’s right to recover any losses or damages arising prior to termination; and

c) Be deemed to have been executed in compliance with Article 52 of PSD2 and relevant Maltese financial regulations.

Termination by the Wallet Holder

a) The Wallet Holder may terminate this Agreement at any time by providing one (1) month’s prior notice through a Trusted and Secure Communication Channel.

b) The Wallet Holder shall ensure all pending transactions are completed and any outstanding liabilities are settled before the closure date.

c) We reserve the right to refuse termination where the Wallet or related transactions are subject to ongoing regulatory review, court order, or AML/CFT investigation.

Notice and Communication

All notices of termination, whether issued by us or the Wallet Holder, shall be:

a) Delivered through a Trusted and Secure Communication Channel (as defined in Section 1 of these Terms); and

b) Deemed duly served when the Wallet Holder receives confirmation of delivery within the APP, by secure email, or by written correspondence.

Final Settlement

Final settlement and closure of the Wallet will be performed in accordance with:

a) Applicable safeguarding and redemption provisions under Articles 7–10 of the Electronic Money Directive (2009/110/EC);

b) Article 56 of PSD2 on refund and redress; and

c) Our’s internal policies on fund redemption, anti-fraud screening, and residual balance handling.

5 GENERAL PAYMENT TERMS

5.1 Scheduling, Debiting and Fees

Execution and Debiting of Scheduled Payments

a) Any Payment Instruction scheduled for execution on a future date (the “Execution Date”) shall be deemed received by us on that Execution Date, as defined in Article 2.9 – Any Instructions to Us, provided such date constitutes a Business Day.

b) Where the Execution Date falls on a day that is not a Business Day, the Payment Instruction shall be deemed received and processed on the next Business Day in accordance with Article 80 of Directive (EU) 2015/2366 (PSD2) and Article 87 of the proposed PSD3, as applicable.

c) The debit to the Wallet or relevant Account will occur on the Execution Date, and from that moment, the relevant Fees and Charges shall accrue in accordance with the Tariff of Charges referenced in Article 2.6 – Fees and Charges, together with any applicable foreign exchange conversion rates and mark-ups defined under Article 2.11 – Exchange Rates and Currency Conversion.

d) The Wallet Holder hereby authorises us to debit the specified amount, including all associated transaction costs and conversion fees, from the Wallet or Account balance on the designated Execution Date, without the requirement for further consent or confirmation.

Real-Time Processing and Conditions of Execution

Unless otherwise specified for a particular Service, accepted Payment Instructions shall be executed in Real-Time, meaning that the transaction is processed and transmitted to the relevant payment system, scheme, or Beneficiary Payment Service Provider (PSP) immediately upon acceptance, subject to system availability and verification under the applicable payment network, scheme, or regulatory controls.

Real-Time processing remains conditional upon:

i. Sufficient Available Balance in the Wallet or Linked Wallet at the time of initiation;

ii. Compliance with all operational and regulatory Transaction Limits established by us and set out in Article 3.2 – Transaction Limits;

iii. The successful completion of Strong Customer Authentication (SCA) under Articles 97–98 of PSD2 and the EBA Regulatory Technical Standards (EU) 2018/389; and

iv. Clearance under applicable anti-fraud, anti-money laundering (AML), and counter-terrorism financing (CFT) procedures in line with the Prevention of Money Laundering and Funding of Terrorism Regulations (S.L. 373.01, Laws of Malta) and Articles 33–34 of Directive (EU) 2015/849 (AMLD IV).

We reserve the right to delay, suspend, or refuse execution where risk analysis systems, network or scheme controls, or compliance checks require further verification, as provided under Article 3.4 – Blocking of Wallet or Refusal to Execute Transactions.

Payment Instructions shall be considered executed once they have been successfully transmitted to the Beneficiary’s Payment Service Provider or clearing system, in accordance with applicable scheme rules and the provisions of Article 86 of PSD2.

Confirmation and Record of Execution

Each Payment Instruction successfully executed or scheduled shall be accompanied by a Transaction Confirmation or digital receipt within the relevant Channel (as defined in Article 1 – Definitions), showing the following mandatory information:

i. The Acceptance Date and Time, being the precise timestamp at which the Instruction was accepted for processing; or

ii. For scheduled or future-dated payments, the Execution Date and Time, reflecting the date of actual debit from the Wallet or Account; and

iii. The unique transaction reference, currency, amount, and status.

Such confirmation serves as prima facie evidence of receipt, acceptance, and execution of the Payment Instruction in accordance with Article 71(1) of PSD2 and shall be recorded in the transaction history and monthly Statement as prescribed under Article 2.12 – Statements.

Any discrepancy between the confirmation and the Statement must be reported by the Wallet Holder in accordance with Article 2.12.5 – Review and Notification within the prescribed timeframe.

Contractual and Security Information

During the contractual relationship, the Wallet Holder shall have the right to obtain, upon request and at any time, a copy of the applicable Agreement, these Terms and Conditions, and any associated Security Management Policies or user-specific security information necessary to ensure safe use of the Channels.

Such requests shall be submitted via Trusted and Secure Communication Channels (as defined in Article 1) or through the mobile application (APP), in accordance with the procedures set forth in Article 2.10 – User Management.

We may provide the requested documents electronically or, at the Wallet Holder’s explicit request, in paper format, subject to the applicable fee specified in the Tariff of Charges.

All security information disclosed shall comply with our’s internal Security Management Policies, EBA Guidelines on ICT and Security Risk Management (EBA/GL/2019/04), and the MFSA ICT and Security Risk Management Framework.

Legal Effect of Execution and Fee Accrual

Once a Payment Instruction has been executed in accordance with this Article, it shall be deemed final, irrevocable, and binding on the Wallet Holder, subject to any limited refund rights under Articles 72–75 of PSD2 and corresponding provisions of Maltese law.

All fees, charges, and exchange rate margins applied in connection with the transaction are non-refundable once the Payment Instruction is executed, unless otherwise required under law or as determined by our internal dispute resolution procedures.

Fee calculation and accrual commence on the date of debit and are governed by the applicable Tariff of Charges (see Article 2.6) and Exchange Rate provisions (see Article 2.11).

5.2 Cut-off Times and Receipt

Determination of Cut-off Times

The Cut-off Time designates the latest time on a Business Day by which a Payment Instruction must be received by us for same-day processing.

For SEPA Credit Transfers (SCT), the standard Cut-off Time shall be 15 : 00 Central European Time (CET), after which the Payment Instruction shall be deemed received on the following Business Day, in accordance with Article 80(2) of Directive (EU) 2015/2366 (PSD2) and the SEPA Credit Transfer Rulebook.

Specific cut-off times may apply to other payment types or currencies as published in the Tariff of Charges or operational schedule. We may amend these cut-off times for operational or regulatory reasons, subject to prior notice via the Trusted and Secure Communication Channels (see Article 2.10 – User Management).

Continuous and Real-Time Processing

The following transaction types are processed on a continuous, real-time basis, independent of the standard Cut-off Time:

i. SEPA Instant Credit Transfers (SCT Inst), in accordance with the EPC SEPA Instant Credit Transfer Scheme Rulebook,

ii. Top-up by Card transactions (inbound funding through approved card networks),

iii. Transfer to Card transactions (card-based outgoing transfers), and

iv. Intrabank Payments, where both the Originator and Beneficiary maintain Wallets with us.

Execution of these transactions is contingent upon:

i. scheme/network availability,

ii. infrastructure uptime, and

iii. completion of mandatory AML/CFT, fraud risk, and sanctions-screening checks pursuant to the Prevention of Money Laundering and Funding of Terrorism Regulations (S.L. 373.01) and Article 33 of Directive (EU) 2015/849 (AMLD IV).

In accordance with Article 3.4 – Blocking and Refusal, we reserve the right to suspend real-time execution if a transaction triggers risk-based controls, anomaly detection, or scheme-based restrictions, particularly under the Mastercard or VISA network compliance regimes.

Deemed Receipt of Instructions

A Payment Instruction received:

i. after the applicable Cut-off Time; or

ii. on a day that is not a Business Day, shall be deemed received on the next Business Day for the purpose of execution timelines as prescribed by Article 83 of PSD2.

Instructions received electronically outside business hours are time-stamped upon receipt by our’s systems. The timestamp constitutes the official proof of receipt and forms part of the transaction audit trail under Article 2.12 – Statements.

Where a Payment Instruction is received within the designated timeframe but held for compliance or authentication review, the date of receipt shall remain unchanged; however, execution may be deferred until completion of such verification, without prejudice to the execution period permitted under Article 86(1) of PSD2.

Priority Outward Credit Transfers

Priority Outward Credit Transfers, whether SEPA or cross-border within the EEA, submitted prior to the Cut-off Time, shall be dispatched to the correspondent or Beneficiary Payment Service Provider on the same Business Day, in accordance with the execution timelines set out in Article 83 of PSD2 and the SEPA Regulation (EU) No 260/2012.

Such transactions are subject to scheme prioritisation, liquidity availability, and completion of mandatory security and compliance checks.

Instructions received after the Cut-off Time will be processed on the next Business Day unless real-time or priority arrangements are available and explicitly confirmed through the relevant Channel.

Publication and Amendments of Cut-off Times

We maintain and publish the applicable Cut-off Times, Processing Windows, and Settlement Schedules in the Tariff of Charges and on the official website.

Amendments necessitated by regulatory, operational, or scheme changes shall take immediate effect upon publication, and shall be deemed duly notified through Trusted and Secure Communication Channels.

5.3 Execution Liability, Scope and Transfer of Responsibility

Scope of our Responsibility

We are responsible for the correct execution of a Payment Instruction only up to the point where the Instruction has been:

i. properly authenticated and authorised by the Wallet Holder in accordance with Strong Customer Authentication (SCA) requirements under Articles 97–98 of PSD2;

ii. verified under the Verification of Payee (VoP) mechanism, when applicable; and

iii. securely transmitted to, and acknowledged as accepted by, the relevant Beneficiary Payment Service Provider (PSP) or Clearing and Settlement Mechanism (CSM).

Upon acknowledgment of receipt by the Beneficiary PSP or CSM, our execution obligation shall be deemed fulfilled in accordance with Articles 86 and 88 of PSD3 and the SEPA Credit Transfer Rulebook.

Verification of Payee (VoP) Responsibility and Effects

i. Implementation of Verification of Payee

We perform Verification of Payee (VoP) in accordance with Article 5 of Regulation (EU) 2024/886 and the EBA Guidelines on Fraud Risk Management (EBA/GL/2023/16). The VoP mechanism is applied to all eligible SEPA Credit Transfers, SEPA Instant Payments, and other electronic payments executed in euro within the European Economic Area.

ii. Purpose of VoP

The VoP process ensures that the Beneficiary’s name provided by the Wallet Holder (the Originator) corresponds to the name associated with the IBAN as held by the Beneficiary’s Payment Service Provider (PSP). The objective of this measure is to prevent fraud, misdirected payments, and impersonation scams, as required under Recitals (20)–(23) and Article 5(1)–(3) of Regulation (EU) 2024/886.

iii. Possible Outcomes of Verification of Payee

The VoP process may return one of the following five results:

Match – the Beneficiary name exactly matches the account name registered with the Beneficiary PS
We will proceed with the execution of the Payment Instruction automatically.
Both we and the Wallet Holder share standard liability as defined in Articles 86–89 of PSD3 and Article 5(5) of Regulation (EU) 2024/886
Close Match – minor differences exist between the Beneficiary name provided and the account name held by the Beneficiary PSP.
We will disclose the registered Beneficiary name to the Wallet Holder and request explicit confirmation before proceeding.
Upon confirmation, the Wallet Holder authorises execution accepting full liability for the correctness of the Beneficiary identity and the consequences of any misdirection.
Our responsibility is limited to the accurate performance of VoP and the secure transmission of the confirmed instruction in accordance with Article 86(1) PSD3.
No Match – the Beneficiary name does not correspond to the account holder name registered at the Beneficiary PSP.
We will inform the Wallet Holder of the “no match” result and require reconfirmation to proceed.
If the Wallet Holder elects to proceed, we will execute the instruction only upon explicit confirmation from the Wallet Holder, who thereby assumes full liability for the payment, including any loss arising from a misdirected or fraudulent transfer, pursuant to Article 5(4) of Regulation (EU) 2024/886.
We will not be liable for funds credited to an unintended recipient when the VoP result indicated “no match” and execution occurred with the Wallet Holder’s consent.
Verification Not Available – the Beneficiary PSP either does not support VoP or temporarily cannot perform verification.
We will notify the Wallet Holder that the VoP check is unavailable and request explicit confirmation to proceed.
By confirming, the Wallet Holder accepts full liability for any misdirected payment or loss caused by reliance on incomplete beneficiary verification.
Our liability is limited to performing its obligations under Article 5(7) of Regulation (EU) 2024/886 — namely, providing transparent communication and maintaining records of the Wallet Holder’s consent.
Service Not Available – the VoP system or communication interface is unavailable due to a temporary technical issue not constituting an IT incident under EBA/GL/2019/04 on ICT and Security Risk
the VoP system or communication interface is unavailable due to a temporary technical issue not constituting an IT incident under EBA/GL/2019/04 on ICT and Security Risk Management.
We will inform the Wallet Holder that VoP services are temporarily unavailable.
If the Wallet Holder confirms the payment despite such notification, We will execute the payment and bear full liability for the consequences of any misdirection, loss, or fraud resulting from the inability to perform VoP verification, in accordance with Article 5(8) of Regulation (EU) 2024/886.

iv. Definition of Liability Under Regulation (EU) 2024/886

Under Article 5(5)–(8) of Regulation (EU) 2024/886:

When the VoP check returns a match or close match and the Wallet Holder confirms execution, our liability is limited to ensuring that the VoP service was correctly implemented, operated, and communicated;
When the Wallet Holder chooses to proceed after a no match or verification not available result, the Wallet Holder bears all financial and legal liability for any loss, misdirection, or unauthorised transaction arising from an incorrect beneficiary identity;
When the VoP service is not available due to a fault attributable to us or its technical service providers (and not the Beneficiary PSP), we bears full liability for any direct financial loss resulting from the inability to perform VoP;
Any dispute regarding VoP result interpretation or operational errors will be handled according to Articles 88–92 of PSD2 and Article 2.12 – Statements of these Terms and Conditions.

v. Evidence and Audit Trail

We retain complete and tamper-proof records of:

the VoP result received;
the notification displayed to the Wallet Holder; and
the Wallet Holder’s explicit confirmation (if required),
in accordance with Article 5(6) of Regulation (EU) 2024/886 and the EBA Guidelines on ICT and Security Risk Management (EBA/GL/2019/04). These records constitute prima facie evidence in any dispute or regulatory investigation concerning the execution of the payment.

vi. Obligations of the Wallet Holder (Originator)

The Wallet Holder shall:

i. ensure that all payment data, including Beneficiary name, IBAN, BIC and purpose, are complete and accurate before submission;

ii. review any VoP result notification displayed within the Application or Channel prior to confirmation; and

iii. accept that execution liability for incorrect Beneficiary details rests with the Wallet Holder where the payment was processed in accordance with the IBAN supplied, pursuant to Article 88(1)(a) of PSD2 and Article 5(1) of Regulation (EU) 2024/886.

If the Beneficiary PSP or intermediary rejects or returns a payment due to an incorrect or incomplete identifier, we may recover any related costs or fees as provided in Article 2.6 – Fees and Charges.

Mutual Limitations of Liability

We not be liable for:

i. delays, reversals, or misdirections occurring after a Payment Instruction has been accepted by the Beneficiary PSP or CSM;

ii. losses caused by the Wallet Holder’s failure to act upon or properly interpret a VoP mismatch warning; or

iii. ifailures resulting from technical or operational issues in external payment networks, card schemes, or clearing systems.

We remain liable only for errors directly attributable to its own systems or processes, in accordance with Articles 89 and 90 of PSD2.

Finality of Execution

A Payment Instruction is deemed executed and final when it has:

i. passed the Verification of Payee process (if applicable); and

ii. been accepted for settlement by the Beneficiary PSP or CSM.

From this point, all subsequent obligations, including the crediting of the Beneficiary’s account, rest exclusively with the Beneficiary PSP under Article 86(1) of PSD2 and Article 5 of Regulation (EU) 2024/886.

5.4 Intrabank Payments

Definition and Scope

An Intrabank Payment refers to any transfer of funds between two Wallets, Linked Wallets, or Accounts maintained within us, including transactions between Wallet Holders under the same or different product types (e.g. individual Wallets, Linked Wallets, or Multi-Currency Wallets).

Such transfers are settled entirely within our internal systems, without the use of external clearing or settlement mechanisms, and are therefore not subject to SEPA or interbank payment scheme rules.

Execution Obligation

Our execution obligation for Intrabank Payments continues until the Beneficiary’s Wallet or Account has been credited with the corresponding amount. The transfer of funds between internal ledgers constitutes final settlement once the Beneficiary Wallet or Account has been updated and reflected in the transaction history in accordance with Article 83 of Directive (EU) 2015/2366 (PSD2).

Processing and Confirmation

Intrabank Payments are processed in Real-Time, as defined in Article 4.2.2, and are immediately confirmed to both the Originator and Beneficiary via the Wallet interface or other Trusted and Secure Communication Channels. Completion of the transfer is evidenced by a transaction reference number, timestamp, and confirmation message generated within the Application (APP).

Finality and Irrevocability

Upon successful execution, Intrabank Payments are deemed final and irrevocable, consistent with Article 80(2) of PSD2. Revocation or refund is only permissible in the case of a proven technical error or duplicate entry attributable solely to us. In such cases, corrective action will be taken promptly in line with Articles 86 and 89 of PSD2.

Liability and Error Correction

We bear full responsibility for the correct execution and posting of Intrabank Payments within our internal environment.

Where an Intrabank Payment is incorrectly credited, duplicated, or misdirected due to our system error, we rectify the transaction without undue delay and notify both parties.

If the error results from incorrect data provided by the Originator, we may recover associated administrative costs pursuant to Article 2.6 – Fees and Charges.

AML/CFT and Sanctions Controls

Although Intrabank Payments do not transit through external payment networks, we apply Anti-Money Laundering, Counter-Terrorist Financing (AML/CFT), and sanctions screening controls in accordance with the Maltese Prevention of Money Laundering and Funding of Terrorism Regulations (PMLFTR) and Directive (EU) 2015/849 (AMLD).

Where transactions raise compliance alerts or sanctions hits, we reserve the right to suspend, block, or reverse the payment in line with Article 3.4 – Blocking of Wallet or Refusal to Execute Transactions.

Open Banking Wallets

Payments involving Open Banking Wallets are not classified as Intrabank Payments, as they are executed via the SEPA Credit Transfer or SEPA Instant Credit Transfer schemes operated by third-party institutions.

In such cases, we acts solely as the interface provider and is not responsible for the settlement, execution, or final crediting of funds.

All liability for execution, Verification of Payee (VoP) validation, settlement, refund, or reversal rests with the Open Banking Wallet holder institution, in accordance with Articles 86–89 of PSD3, Article 5 of Regulation (EU) 2024/886, and any other applicable SEPA scheme rules.

Our responsibility is limited to ensuring that the Payment Instruction is correctly transmitted to the Open Banking Wallet provider and that any errors in transmission are rectified in compliance with PSD2 Article 88.

Dispute Resolution

Disputes concerning Intrabank Payments shall be resolved in accordance with Article 4.3.1 (Execution Liability and Transfer of Responsibility).

For payments involving Open Banking Wallets, any claim or redress shall be directed to the Open Banking Wallet provider, which bears full regulatory and operational liability for SEPA-based execution under PSD2 and Regulation (EU) 2024/886.

5.5 Scope of Responsibility for Card-Based Transactions

General Framework

We are, acting solely as Issuer under the Mastercard scheme, provides Wallet Holders with Cards (physical, virtual, or tokenised) for use in Mastercard-authorised environments.

Card-based transactions include:

POS purchases;
ATM cash withdrawals and cash advances;
e-commerce and other internet transactions;
recurring or card-not-present (CNP) payments;
third-party top-ups of the Card; and
transactions performed through Digital Wallets (e.g., Apple Pay, Google Pay).

Our role and obligations as Issuer are governed by:

Directive (EU) 2015/2366 (PSD2) and the forthcoming Payment Services Regulation (PSR);
Mastercard Transaction Processing Rules (TPR), including Sections 5.10, 7.6 and 11;
EBA/GL/2023/16 on fraud risk management; and
applicable local and cross-border payment scheme rules.

We are responsible only for the correct authorisation, transmission, and debiting of the Wallet or Account. Liability ends once a transaction has been validly authorised and accepted by the Mastercard network or a corresponding acquiring institution.

We, acting as Issuer, is not obliged under Maltese law to release funds reserved under a valid merchant authorisation prior to receipt of a corresponding clearing or reversal message through the applicable card scheme.

Clearing or reversal instructions shall only be deemed valid and binding when transmitted through the Mastercard network in accordance with the Mastercard Transaction Processing Rules; We will not accept or act upon any alternative form of communication or evidence of merchant cancellation or refund (including but not limited to e-mail, telephone calls, letters, screenshots, or acquirer confirmations outside the Mastercard network).

Where the authorisation remains valid under card-scheme rules, the Wallet Holder shall liaise directly with the Merchant (or its Acquirer) to request the reversal through proper Mastercard channels. We will, however, provide reasonable assistance and access to complaint mechanisms as required under Central Bank of Malta Directive No. 1 on the Provision and Use of Payment Services, including referral to the Office of the Arbiter for Financial Services where applicable.

POS Terminal Purchases

i. Execution and Authentication

Transactions executed at POS terminals are authorised by chip-and-PIN, contactless authentication, biometric verification, or other Strong Customer Authentication (SCA) methods, as required under Article 97 PSD2 and Regulation (EU) 2018/389 (RTS on SCA).

ii. Acceptance by Signature Outside the EEA

For transactions executed outside the European Economic Area, where cardholder verification by manual signature on a sales slip is permitted under local Mastercard scheme rules, such a signature constitutes a valid and final form of authorisation. Once accepted and cleared by the merchant’s acquirer, the transaction is deemed properly authorised.

iii. Issuer Liability

Our responsibility ceases once the authorisation (whether by SCA or signature) is accepted by Mastercard and the merchant’s acquirer in accordance with TPR 5.10.2.

Where all applicable authentication procedures were duly completed — including contactless limits, PIN verification, or signature acceptance — we shall bear no liability for subsequent unauthorised use, skimming, cloning, or merchant fraud. In such cases, our sole obligation is to initiate a Chargeback under Mastercard Chargeback Rule 11.3, where eligibility exists.

ATM Withdrawals and Cash Advances

i. Transactions are authorised and routed through Mastercard’s network or its certified acquirers.

ii. Our liability extends only to accurate authorisation and posting of the debit.

iii. In the event of non-dispense or partial dispense, we will investigate and, if confirmed under Mastercard Chargeback Rule 11.2, refund the Wallet Holder.

iv. Where SCA was applied or the transaction involved a valid signature (outside the EEA), we bear no liability for subsequent unauthorised use of card data.

Internet and Card-Not-Present (CNP) Transactions

i. CNP transactions require 3-D Secure 2.0 or equivalent SCA unless exempt under the RTS.

ii. Once SCA is successfully completed and the transaction is authorised by Mastercard, our responsibility ends.

iii. For unauthorised or fraudulent transactions that occurred after valid SCA, we have no liability but will support the Wallet Holder in raising a chargeback under Mastercard rules.

iv. Where the merchant relied on an SCA exemption, the merchant’s acquirer bears responsibility under PSD2 Article 97(3).

Recurring Transactions

i. The initial recurring payment must be authorised using SCA; subsequent merchant-initiated transactions may be processed using stored credentials under Mastercard TPR 7.6.1.

ii. We are responsible only for verifying that each transaction corresponds to a valid authorisation mandate.

iii. Merchant disputes (e.g., non-delivery or cancellation issues) must be resolved between the Wallet Holder and the merchant, although we will provide chargeback assistance where permitted.

Third-Party Card Top-Ups

i. Third-party top-ups via Mastercard are treated as incoming credits once settled through the scheme.

ii. Our execution obligation ends once settlement confirmation is received and funds are available.

iii. We are not liable for delays, reversals, or failed settlements originating from third-party PSPs, but will initiate a chargeback where applicable under Mastercard’s dispute framework.

Digital Wallet Transactions (Apple Pay, Google Pay)

i. Adding a Card to a digital wallet generates a tokenised credential through Mastercard’s Digital Enablement Service (MDES) under EMV tokenisation standards.

ii. Transactions authenticated via device-level biometrics or passcode meet PSD2 SCA requirements.

iii. Once authorisation is transmitted through Mastercard and accepted, our liability ends.

iv. We bear no liability for fraudulent or unauthorised use when SCA, tokenisation, and network authentication mechanisms functioned properly. Its role is limited to initiating a chargeback where applicable.

v. We are not responsible for any failure of third-party mobile platforms, device hardware, or wallet service providers.

Fraud Monitoring and Preventive Controls

i. We perform continuous fraud monitoring, geo-blocking, and adaptive authentication in compliance with EBA/GL/2023/16 and Mastercard’s Fraud Management Program (FMP).

ii. Transactions may be temporarily blocked when patterns suggest risk (multiple high-value or geographically inconsistent authorisations, compromised BIN ranges, etc.).

iii. Notification of any blocking or refusal will be made as soon as legally permitted under PSD2 Article 88(2).

iv. Where fraud occurs despite valid authentication (SCA or signature), we bear no liability.

Liability and Refund Framework

i. Where a transaction occurred without SCA or valid authorisation, we refund the Wallet Holder unless the Holder acted fraudulently or with gross negligence (per PSD2 Articles 73–75).

ii. Where SCA or another legally recognised authentication (e.g., valid signature) was properly applied, we will bear no liability for resulting fraud. Its sole obligation shall be to support the Wallet Holder in the chargeback process in accordance with Mastercard Chargeback Guide Section 3.

iii. We act as Issuer in the dispute resolution procedure, adhering to the time limits and evidentiary requirements established by Mastercard.

Termination of Issuer Responsibility

i. Our execution obligation terminates once the transaction has been correctly authorised—whether through SCA, tokenisation, or valid signature—and transmitted via the Mastercard network.

ii. All subsequent clearing, settlement, and merchant crediting responsibilities rest with the Mastercard network and the merchant’s acquirer, under Mastercard TPR 5.10.2 and PSD2 Article 86(2).

iii. We remain responsible only for correct authorisation, debiting, and the recording of such transactions in the Wallet Holder’s account in accordance with Article 2.12 – Statements.

5.6 Scope of Responsibility for Top-Up by Card

Nature of Service

The Top-Up by Card service enables the Wallet Holder to increase the Wallet balance by debiting another payment card (VISA or Mastercard) issued by a third-party financial institution (“Source Card Issuer”).

The process is executed through Mastercard Send or VISA Direct infrastructure and is subject to the authentication and authorisation procedures of the Source Card Issuer.

Top-Up Process Flow

i. Initiation

The Wallet Holder initiates a Top-Up by Card within our application by entering:

the Source Card number, expiry date, and amount; and
confirming possession of the Source Card credentials (and 3-D Secure access, where applicable).

ii. Authentication and Authorisation

Once the Top-Up request is submitted, an authorisation process is initiated through the Source Card Issuer:

If the Source Card Issuer supports 3-D Secure (3DS), a Strong Customer Authentication (SCA) challenge (e.g. SMS OTP, biometric, or app confirmation) is triggered;
The cardholder must complete this SCA step in accordance with Article 97 PSD2 and Regulation (EU) 2018/389.

iii. Settlement and Credit

Following successful authorisation by the Source Card Issuer and confirmation via Mastercard or VISA network:

The corresponding amount is settled us through its acquiring partner;
We credit the equivalent amount to the initiating Wallet Holder’s Wallet in Real Time or as soon as settlement confirmation is received.

Our Responsibility

i. Scope of Execution Liability

We act as the receiving (beneficiary) payment service provider, responsible for:

securely transmitting the Top-Up request to the acquiring processor;
crediting the Wallet upon confirmed authorisation; and
maintaining transaction records under Article 86 PSD2 and Article 2.12 – Statements.

ii. Exclusion of Liability for Source Card Authorisation

We bear no responsibility for:

the authentication process of the Source Card Issuer;
the availability, timing, or failure of the Source Card Issuer’s 3-D Secure service; or
declined, delayed, or reversed transactions originating from the Source Card Issuer or network.

iii. Properly Authorised Transactions

Where the Top-Up was duly authorised by the Source Card Issuer (including completion of 3-D Secure or equivalent SCA), our role is limited to crediting the Wallet once settlement occurs.

If later fraud (e.g. card cloning, skimming, or account compromise) is reported on the Source Card, we bear no financial liability, provided that the Top-Up transaction was authenticated and executed in accordance with scheme rules.

Our sole obligation is to co-operate with the Source Card Issuer and its acquirer in the chargeback and refund process, following the Mastercard / VISA dispute-resolution timelines.

iv. Failed or Reversed Top-Ups

If a Top-Up transaction is declined, cancelled, or reversed by the Source Card Issuer or card scheme, the corresponding Wallet credit will be automatically reversed. We will reflect such reversal in the Wallet statement and notify the Wallet Holder through Trusted and Secure Communication Channels.

Verification and AML/CFT Controls

We perform transaction monitoring and screening in line with the Prevention of Money Laundering and Funding of Terrorism Regulations (PMLFTR) and Directive (EU) 2015/849 (AMLD IV).

A Top-Up may be delayed, blocked, or reversed where required by law or internal AML/CFT procedures (see Article 3.4 – Blocking or Refusal).

Refunds and Chargebacks

i. Initiation

Refunds of Top-Up by Card transactions can be processed only through Mastercard or VISA chargeback channels initiated by the Source Card Issuer.

ii. Issuer Dispute Handling

We provide all requested transaction evidence (authorisation code, settlement trace, etc.) to the Source Card Issuer or acquirer upon demand, in accordance with Mastercard TPR 11.3 and VISA Core Rules 11.5.

iii. Wallet Reversal

Where a chargeback is successfully upheld, We will debit the corresponding amount from the Wallet and inform the Wallet Holder accordingly.

Completion of Responsibility

Our execution obligation for a Top-Up by Card transaction terminates once:

authorisation has been confirmed by the Source Card Issuer via Mastercard / VISA network;
funds are settled to our account; and
the Wallet has been credited in accordance with these Terms and Conditions.

All subsequent liability and any consumer redress rest with the Source Card Issuer, subject to its own regulatory obligations under PSD2 Articles 73–75 and applicable scheme rules.

5.7 Scope of Responsibility for Incoming Bank Transfers

General Scope

Incoming Bank Transfers include all inbound payments—SEPA Credit Transfers (SCT), SEPA Instant Credit Transfers (SCT Inst), and non-SEPA (cross-border) transfers—directed to Wallets or Accounts held with us.

We act as the Beneficiary Payment Service Provider (PSP) and is responsible for ensuring that payments correctly addressed to IBANs issued by us are received, validated, and credited in accordance with applicable EU and Maltese law, including:

Directive (EU) 2015/2366 (PSD2);
Regulation (EU) No 260/2012 (SEPA Regulation);
EPC SEPA Credit Transfer and SEPA Instant Credit Transfer Rulebooks; and
Regulation (EU) 2024/1623 (on Instant Payments and Verification of Payee).

Our role is limited to:

receiving and processing the payment message via SEPA or corresponding networks;
conducting all required sanctions, AML/CFT, and fraud checks; and
crediting the Wallet corresponding to the IBAN issued by us.

Receipt and Credit Timing

i. SEPA Credit Transfers (SCT)

We will credit funds to the Wallet Holder’s Wallet no later than the end of the Business Day following the day on which funds are received in our settlement account, in accordance with Article 87(1) PSD2 and Section 5.6 of the EPC SEPA Credit Transfer Rulebook.

ii. SEPA Instant Credit Transfers (SCT Inst)

We support SEPA Instant execution when:

the Beneficiary IBAN is active;
the IBAN is not restricted, blocked, or subject to limitations under Article 3.2 (Transaction Limits), Article 3.4 (Blocking or Refusal), or any judicial, regulatory, or sanctions-related order; and
the transfer meets the scheme and liquidity thresholds set by the SEPA Instant framework.

If the Beneficiary IBAN is subject to an active limitation, such as a regulatory freeze, antifraud block, or internal transaction restriction, the payment will be declined or queued for standard SEPA processing.

Funds for SEPA Instant payments shall be made available immediately upon receipt confirmation, subject to these conditions and technical availability under EPC SCT Inst Rulebook Section 5.3.

iii. Non-SEPA Transfers

For cross-border payments outside SEPA, we credit funds upon receipt and validation through its correspondent network.

Value dating corresponds to the date our account with its correspondent is credited.

Verification of Payee (VoP) for SEPA Incoming Transfers

i. Provision of VoP Service

We provide Verification of Payee (VoP) capability to Originator PSPs and their customers (Originators) to verify that the Beneficiary Name corresponds to the Wallet Holder Name linked to the IBAN issued by us.

This functionality complies with Regulation (EU) 2024/1623, PSD2 Articles 86–88, and EPC VoP Standard (Version 1.1, 2024).

ii. VoP Outcomes and Impact on Liability

Result: Match

Description: Full correspondence between Beneficiary Name and Wallet Holder Name for the IBAN.

Our Action: Payment credited without delay.

Liability Allocation: We assumes Beneficiary PSP responsibility under PSD2 Art. 86(2).

Result: Close Match

Description: Minor differences (abbreviations, punctuation, or formatting).

Our Action: Originator PSP must seek confirmation from its customer before execution. If executed despite a “Close Match,” liability rests with the Originator PSP.

Liability Allocation: We bear no liability if the Originator or Originator PSP executes despite a “Close Match” alert.

Result: No Match

Description: Beneficiary Name does not correspond to the IBAN Holder Name.

Our Action: If executed despite a “No Match,” liability rests with the Originator PSP.

Liability Allocation: We bear no liability if the Originator or Originator PSP executes despite a “No Match” alert.

Result: Verification Not Available

Description: Originator PSP does not support VoP or fails to perform it.

Our Action: We credit according to IBAN data received. Liability lies with the Originator PSP under PSD2 Article 88(1) and Regulation (EU) 2024/1623 Article 7(3).

Liability Allocation: We bear no liability if the Originator or Originator PSP do not verify the IBAN correspondence to Beneficiary name and still executed the payment.

Result: Service Not Available

Description: Temporary VoP system outage

Our Action: If the payment is executed, we bears no liability for incorrect beneficiary identification; responsibility remains with the Originator PSP.

Liability Allocation: We bear no liability if the Originator or Originator PSP executes despite a “Verification Not Available” alert.

Compliance and Screening

All incoming payments are subject to real-time AML/CFT and sanctions screening, as required under:

the Prevention of Money Laundering and Funding of Terrorism Regulations (PMLFTR);
Directive (EU) 2015/849 (AMLD IV) and subsequent amendments; and
EU Restrictive Measures Regulations (EU 269/2014, EU 833/2014) and related instruments.

We may delay or block an incoming transfer pending screening or verification. Such delay or non-crediting does not constitute a breach under PSD2 Article 83(3).

Returns, Recalls, and Reversals

i. Return by us

We may return or reverse an incoming transfer SEPA SCT Credit transfer where:

IBAN are incorrect;
the payment contravenes AML/CFT, sanctions, or regulatory obligations; or
instructed to do so by a competent authority, intermediary, or correspondent bank.

ii. Recall by Originator PSP

A recall of an already executed SEPA payment may be processed only in accordance with the EPC SEPA Credit Transfer Rulebook Section 4.3.3.

We execute the recall only if the Beneficiary (Wallet Holder) has provided explicit consent to return the funds.

If such consent is not obtained within the prescribed timeframe (currently 10 Business Days under EPC standards), We will refuse the recall and notify the Originator PSP accordingly.

Where funds have already been withdrawn, converted, or otherwise disposed of, we bear no liability for non-recovery.

iii. Notification of Return or Recall

We will notify the Wallet Holder of any return, reversal, or recall via Trusted and Secure Communication Channels, unless prohibited by law or regulatory order.

iv. Exchange Rate Adjustments

For returned or recalled non-EUR transfers, the conversion rate applicable on the day of reversal shall apply, in accordance with Article 2.11 – Exchange Rates and Currency Conversion, and the Wallet Holder shall bear any rate difference.

Liability Framework

i. Correctly Executed Transfers

Our obligation ends once the payment is credited to the Wallet corresponding to the IBAN provided in the payment order, in compliance with PSD2 Article 88(1).

We are not responsible for mismatches between IBAN and Beneficiary Name, nor for payments sent by an Originator PSP that did not use or disregarded VoP results.

ii. Originator PSP Responsibility

If the Originator PSP has not implemented, offered, or performed VoP verification prior to execution, or has executed despite a “Close Match” “No Match” or “Verification Not Available” result, it bears full liability for any misdirected payment, sharing it between them and Originator under Regulation (EU) 2024/1623 Article 7 and PSD2 Article 88(1).

iii. Our Errors

If we incorrectly credit funds to a Wallet not corresponding to the IBAN indicated in the received payment message, wel correct the error and restore the Wallet Holder’s balance without undue delay per PSD2 Article 89(1).

Termination of Responsibility

Our execution responsibility concludes when:

the payment is credited to the Wallet corresponding to the specified IBAN;
compliance, sanctions, and VoP checks (where applicable) are complete; and
the transaction confirmation is made available through the Wallet interface or Trusted and Secure Communication Channels.

Subsequent disputes concerning incorrect payee data, non-performed VoP verification, or Originator PSP negligence shall be resolved between the Originator and the Originator PSP, without recourse to us.

Scope of Responsibility for Payments to Card Number

i. Nature of the Service

This provision governs payments initiated by the Wallet Holder to a payment card number issued under the VISA or Mastercard network (“Payment to Card Number”). The service enables the transfer of funds from the Wallet Holder’s selected Wallet to a Beneficiary Card using the relevant international card processing network.

ii. Initiation and Input Requirements

The Wallet Holder shall, through the Application (APP), select the source Wallet from which the transfer is to be made and provide the required Beneficiary Card credentials, including the card number and expiry date.

Where the Beneficiary Card does not belong to the Wallet Holder, the Wallet Holder must additionally provide the Beneficiary’s full name and address, in accordance with anti-money laundering and counter-terrorism financing (AML/CFT) requirements and card scheme rules.

iii. Processing and Settlement

Upon submission and authorisation of the Payment to Card Number, the transaction is executed in Real-Time through the corresponding card processing network (VISA or Mastercard). The authorised amount is transmitted and made available in the Beneficiary Card’s currency as a network authorisation, temporarily increasing the Beneficiary Card’s available balance.

Final settlement and posting of the transaction are completed by the Beneficiary Bank in accordance with the operational and settlement procedures prescribed by the respective card scheme.

iv. Currency and Conversion Responsibility

All Payments to Card Numbers initiated from Wallets are transmitted by us in Euro (EUR), unless otherwise indicated in the Application.

If the Beneficiary Card or the Beneficiary Bank operates in a currency other than EUR, the currency conversion is performed by the Beneficiary Bank or its acquirer. We bear no responsibility for the conversion process, exchange rate applied, or any resulting amount received by the Beneficiary.

In accordance with Article 45(1)(h) of PSD2 and Regulation (EU) 2019/518, the Beneficiary Bank is solely responsible for displaying or otherwise making available the applicable exchange rate and any associated conversion charges to the Beneficiary.

v. Liability and Scope of Responsibility

Our responsibility shall be strictly limited to the accurate and secure transmission of the authorised payment order to the VISA or Mastercard network.

Once the transaction has been transmitted and acknowledged by the network, our execution obligation is considered fully discharged.

All subsequent responsibilities—including settlement, posting, crediting, and any foreign exchange applied—rest solely with the Beneficiary Bank or its acquiring institution, in accordance with Articles 86 and 88 of Directive (EU) 2015/2366 (PSD2) and the Mastercard/VISA Transaction Processing Rules.

vi. Right of Refusal and Compliance Controls

We reserve the right to refuse, suspend, or delay execution of a Payment to Card Number where:

the transaction or the Beneficiary is suspected of money laundering, terrorist financing, fraud, sanctions evasion, or other unlawful conduct;
the Beneficiary Bank or its jurisdiction is subject to sanctions or regulatory restrictions; or
the transaction otherwise breaches these Terms and Conditions, AML/CFT requirements, or card scheme rules.

vii. Notification and Assistance

Unless prohibited by law, we will notify the Wallet Holder of any refusal, delay, or suspension of the Payment to Card Number and provide reasonable assistance for clarification or dispute resolution. Such communication shall occur through Trusted and Secure Communication Channels, as defined herein, and in compliance with Article 88(2) of PSD2 and the Central Bank of Malta Directive No. 1.

Scope of Responsibility for Top-up Using Codes

i. Nature of the Service

This Article governs the process of crediting a Wallet by means of Top-up Codes, as defined in the Definitions section. Top-up Codes are unique, single-use credentials issued through authorised retail or partner networks of us, each representing a predefined transaction type and monetary value.

ii. Initiation and Authentication

The Wallet Holder initiates the top-up by entering the Top-up Code within the “Top-up by Codes” section of the Application (APP).

Upon successful entry, we perform Strong Customer Authentication (SCA) pursuant to Article 97 of Directive (EU) 2015/2366 (PSD2) to confirm the Wallet Holder’s authorisation to execute the transaction.

Entry of a valid Top-up Code constitutes:

a legally binding payment instruction by the Wallet Holder (as Ordinator) to us; and
the explicit authorisation for us to credit the same Wallet Holder (as Beneficiary) with the amount predefined for that Top-up Code.

iii. Execution and Crediting

Once validated, we execute the crediting transaction in Real-Time, making the corresponding amount immediately available in the Wallet.

The transaction is recorded in the Wallet Holder’s transaction history and reflected in the next Statement (see Article 2.12 – Statements).

Each Top-up Code is single-use and cannot be altered, cancelled, or reused once redeemed.

iv. Currency and Conversion

All Top-up Codes are denominated in Euro (EUR), unless expressly specified otherwise at issuance.

If the Wallet is denominated in a currency other than EUR, the corresponding amount will be converted using our prevailing exchange rate at the time of processing, in accordance with Article 2.11 – Exchange Rates and Currency Conversion.

AML/CFT and Record Preservation

In compliance with the Prevention of Money Laundering and Funding of Terrorism Regulations (S.L. 373.01), Directive (EU) 2024/1640 (AMLD VI), Directive (EU) 2018/843 (AMLD V), and Chapter 373 (Prevention of Money Laundering Act in Malta), CBM Directive No. 1, we shall:

conduct ongoing monitoring and screening of Top-up transactions;
identify and verify the Ordinator and Beneficiary of each Top-up transaction, even when both roles are performed by the same Wallet Holder; and
preserve all relevant transaction data, including the Top-up Code identifier, time of execution, value, and Wallet Holder identification, for the minimum statutory retention period prescribed by Maltese law.

We may suspend or reject a top-up if we suspect misuse, fraud, money laundering, or terrorist financing, or if the transaction violates regulatory or internal risk controls.

Limitations of Liability

Our responsibility is strictly limited to validating and executing the top-up transaction upon receipt of a valid Top-up Code.

We shall not be liable for:

the loss, theft, or unauthorised disclosure of Top-up Codes once distributed through retail or partner networks;
delays, failures, or errors attributable to third-party distributors; or
transactions resulting from Top-up Codes obtained or used fraudulently.

In such cases, we will provide reasonable assistance to competent authorities in accordance with Articles 73–75 of PSD2 and CBM Directive No. 1.

Refunds and Expiry

Top-up Codes are non-refundable once redeemed unless non-execution results from a verified technical fault attributable to us.

Unredeemed Top-up Codes expire either upon the lapse of their stated validity period or twelve (12) months from issuance, whichever is earlier.

Compliance with Tariffs and Limits

All Top-up by Codes transactions are subject to the Tariff of Charges and the applicable operational and regulatory limits set out in Article 3.2 – Transaction Limits, including anti-fraud and AML thresholds.

5.8 Scope of Responsibility for CashBack Services

Nature of the Service

The CashBack Service is an ancillary loyalty and reward programme integrated into packaged Wallet products of us and operated by Baltic Technology Solutions OÜ, a third-party service provider and CashBack programme operator (“CashBack Operator”).

The CashBack Service enables eligible Wallet Holders to receive financial rewards based on qualifying transactions executed through their Wallet or linked payment instruments, as defined by the CashBack Operator.

Automatic Enrolment and Eligibility

Private individual Wallet Holders who are eligible for the receipt of the CashBack Service automatically become registered users of Baltic Technology Solutions OÜ upon successful activation of their Wallet account with us.

This automatic enrolment forms part of the packaged Wallet product and constitutes acceptance of the CashBack Operator’s applicable terms and conditions, which are made available via a direct link within the APP.

Modification or Cancellation of Participation

Wallet Holders may, at any time, modify their participation or cancel their enrolment in the CashBack programme by accessing the “CashBack” section within the APP.

Through this section, Wallet Holders may:

opt out of the programme entirely; or
change their participation to another CashBack programme or offer made available by Baltic Technology Solutions OÜ.

Cancellation or modification of participation takes effect upon confirmation within the APP and does not affect CashBack transactions already processed before the change.

Execution and Information Exchange

We facilitate the automated exchange of settlement and transactional information between the Wallet Holder and Baltic Technology Solutions OÜ solely for the purpose of:

transmitting data necessary for the calculation of CashBack amounts;
reconciling and facilitating the transfer of credited CashBack amounts; and
displaying CashBack summaries or notifications within the Wallet interface.

We act only as a technical and operational intermediary between the Wallet Holder and the CashBack Operator and does not determine CashBack rates, eligibility, or payment schedules.

Responsibility and Liability

We shall not be responsible for:

the calculation, eligibility determination, timing, or payment of any CashBack amounts;
the accuracy or completeness of information or promotional conditions published by Baltic Technology Solutions OÜ; or
any claims, losses, or disputes arising between the Wallet Holder and the CashBack Operator in connection with the CashBack Service.

All obligations concerning the accrual, settlement, and disbursement of CashBack amounts lie exclusively with Baltic Technology Solutions OÜ, in accordance with its own contractual terms.

Support and Assistance

We provide reasonable support to Wallet Holders by forwarding CashBack-related queries and responses between the Wallet Holder and Baltic Technology Solutions OÜ via the APP’s chat function or other Trusted and Secure Communication Channels (see Definitions).

This facilitation does not constitute participation by us in the contractual relationship between the Wallet Holder and the CashBack Operator.

Data Sharing and Processing

By virtue of enrolment in the CashBack Service, the Wallet Holder expressly authorises us to share relevant transactional and identification data with Baltic Technology Solutions OÜ for the sole purpose of administering and reconciling the CashBack programme.

Such processing and data exchanges are conducted in compliance with:

Regulation (EU) 2016/679 (GDPR);
Directive (EU) 2015/2366 (PSD2); and
the Maltese Data Protection Act (Cap. 586).

We and Baltic Technology Solutions OÜ operate as independent data controllers for their respective processing activities, ensuring adherence to transparency and data minimisation principles.

5.9 Scope of Responsibility for Payments to Mobile Phone Numbers

Nature of the Service

The Wallet Holder may initiate a payment based on a mobile phone number through the Application (“APP”). The mobile phone number may be selected from the Wallet Holder’s mobile device address book or entered manually. Such payments are intended to simplify peer-to-peer transfers and may be executed as either IntraBank Payments or SEPA Credit Transfers, depending on the status of the Beneficiary.

IntraBank Payments to Existing Wallet Holders

If the mobile phone number provided corresponds to an existing Wallet Holder with an active Wallet within our ecosystem, the transaction shall be executed as an IntraBank Payment (as defined in Article 4.3.2).

Execution occurs in Real-Time, and the Beneficiary’s Wallet is credited immediately, subject to the operational and regulatory limits defined in Article 3.2 – Transaction Limits and the applicable AML/CFT controls described in Article 3.4 – Blocking of Wallet or Refusal to Execute Transactions.

Payments to Non-Customer Beneficiaries

If the phone number provided does not correspond to an existing Wallet Holder, an SMS message containing a secure link will be sent to that number. The recipient will be asked to provide the following information:

their International Bank Account Number (IBAN); and
their full legal name as registered with their financial institution.

Upon receipt of this information, we will notify the Wallet Holder through the APP, requesting confirmation of the payment details. The Wallet Holder must expressly approve the transaction before execution.

Execution as SEPA Credit Transfer

Once the Wallet Holder confirms the payment, the transaction will be executed as a SEPA Credit Transfer, in full compliance with the SEPA Credit Transfer Scheme Rulebook and the provisions of Article 4.20 of these Terms and Conditions.

The Beneficiary’s financial institution is responsible for crediting the Beneficiary’s account in accordance with Article 86 of PSD2.

We bear no liability for delays, rejections, or errors arising from incorrect or incomplete information provided by the Beneficiary.

Verification of Payee (VoP)

Before executing a SEPA Credit Transfer, we will apply the Verification of Payee (VoP) procedure, where available, in accordance with Articles 86–88 of PSD2 and EBA guidance.

If the Beneficiary’s financial institution does not support VoP, or if the verification result is “close match,” “no match,” or “service not available,” the Wallet Holder will be notified and must explicitly confirm the transaction, assuming all liability for the transfer as defined in Article 4.3.1(d).

Payments from Linked Wallets

Where the payment to a mobile phone number is initiated from a Linked Wallet, the transaction will be executed only if:

the Beneficiary also holds a Linked Wallet with the same issuer; and
the transaction currency or digital asset corresponds to that of the Originator’s Linked Wallet.

If these conditions are not met, the transaction will be automatically rejected.

Liability and Responsibility

Our responsibility for such payments extends only to the proper transmission and execution of the Payment Instruction within the scope of these Terms and Conditions.

We shall not be liable for:

incorrect mobile numbers, IBANs, or names provided by the Wallet Holder or Beneficiary;
failure of the Beneficiary’s financial institution to credit the account or to complete the payment;
network or communication delays between the Beneficiary’s and Originator’s payment service providers; or
non-availability or malfunction of the VoP service at the Beneficiary’s institution.

Our execution obligation shall be deemed fulfilled once the Payment Instruction has been transmitted to the appropriate clearing or settlement mechanism in accordance with PSD2 Article 88(1).

5.10 Scope of Responsibility for Currency Exchange Operations

Automatic Currency Conversion

Where the Wallet Holder initiates a transfer between Wallets (including Wallets, Linked Wallets, and Open Banking Wallets) that are denominated in different currencies or assets, a Currency Exchange Operation shall be automatically executed as part of the transaction flow.

Such operations are performed immediately and irrevocably upon confirmation of the transaction by the Wallet Holder in accordance with Article 2.11 – Exchange Rates and Currency Conversion.

Applicable Exchange Rates

The applicable exchange rates for Wallet-to-Wallet transactions within our ecosystem are those published and continuously updated on our official webpage, accessible through the Application (“APP”) or other Trusted and Secure Communication Channels, as referenced in Article 2.11.

We ensures that these rates reflect the effective conversion rates applicable at the time of transaction authorisation and that all currency mark-ups, where applicable, are transparently disclosed prior to confirmation, in accordance with Regulation (EU) 2019/518, Article 3.

Rates from Third-Party Wallet Issuers

For transactions involving Linked Wallets or Open Banking Wallets, the exchange rate applied is determined by the respective wallet issuer or payment service provider.

We will display to the Wallet Holder, prior to confirmation, the indicative or final rate communicated by such third party based on the information received at the time of transaction initiation.

We bear no liability for rate variations, delays, or discrepancies resulting from third-party data transmission or the subsequent execution by the external issuer.

Execution and Settlement

Currency Exchange Operations are executed simultaneously with the underlying transfer between the Wallets. The converted amount becomes available in the destination Wallet upon successful completion of the exchange process, subject to any AML/CFT or operational restrictions described in Article 3.4 – Blocking of Wallet or Refusal to Execute Transactions.

Responsibility and Limitations

Our responsibility for Currency Exchange Operations is limited to:

the correct display and application of the exchange rate published or communicated at the time of authorisation;
the secure and compliant execution of the conversion process in accordance with applicable EU and Maltese law; and
the transmission of conversion-related information in a transparent and durable medium, as required by PSD2 Articles 41–44.

We shall not be liable for:

exchange rate movements occurring between the time of authorisation and the time of settlement by a third-party wallet issuer or scheme;
errors or failures by Linked Wallet or Open Banking Wallet providers to communicate or apply exchange rates correctly; or
losses arising from the Wallet Holder’s decision to proceed with a conversion based on indicative rates provided prior to confirmation.

5.11 Information Obligations and Accuracy of Payment Details

General Duty of Accuracy

The Wallet Holder bears full and exclusive responsibility for ensuring that all Payment Instructions, whether executed via Wallets, Linked Wallets, Open Banking Wallets, Card transactions, Top-Ups, or any other Channel, are complete, accurate, and consistent with the requirements of the relevant payment scheme.

We shall execute Payment Instructions solely based on the unique identifiers (e.g., IBAN, PAN, mobile number, or code identifier) provided by the Wallet Holder, and shall not be liable for losses arising from incomplete or incorrect information, as provided under Article 88(1) of Directive (EU) 2015/2366 (PSD2) and Regulation (EU) No 260/2012, Article 5(1)(d).

Required Information per Transaction Type

SEPA and non-SEPA Credit Transfers

The Wallet Holder must provide the Beneficiary’s IBAN and Beneficiary name, and where applicable, BIC, as required under the SEPA Credit Transfer Rulebook.
For SEPA transactions, We execute the payment based solely on the IBAN; the Beneficiary name is not verified unless the Verification of Payee (VoP) service is available and active.
Where VoP is operational, the Wallet Holder will be notified of the verification result (“Match”, “Close Match”, “No Match”, “Verification Not Available”, or “Service Not Available”) in accordance with EPC015-23 (VoP Rulebook). The Wallet Holder assumes liability for proceeding with any payment following a “Close Match” or “No Match” result.
We bear no responsibility if the Originator PSP fails to perform VoP verification or if the Beneficiary PSP’s VoP service is unavailable, as permitted under PSD2 Article 88(2) and the SEPA Payment Account Access and Verification Guidelines (EBA/GL/2022/10).

Card-Based Transactions (POS, ATM, Internet, Digital Wallets)

The Wallet Holder must provide or authenticate their Card credentials (Card Number, Expiry Date, CVV/CVC, and where required, 3DS authentication).
Transactions authenticated via SCA (Strong Customer Authentication) and correctly transmitted through the Mastercard or VISA networks are deemed authorised and valid.
We, acting as Issuer, bear no liability for unauthorised or disputed transactions if all SCA elements were applied successfully or if the Cardholder failed to maintain the confidentiality of credentials, as provided under PSD2 Articles 69 and 74.
For card transactions authorised outside the EEA (e.g., signature on a paper slip), we accept such transactions as valid under the Mastercard Rules Section 7.3.3.

Top-Up by Card

The Wallet Holder must correctly input the Card Number, Expiry Date, and 3DS credentials (where supported by the card-issuing PSP).
The Top-Up is deemed completed upon receipt of a positive 3DS authorisation message.
We bear no liability for top-up failures or chargebacks resulting from incorrect data entry, issuer rejection, or acquirer network errors, in accordance with Mastercard Rules 6.1.4 and 7.8.5.

Top-Up by Codes

Each Code acts as a second-factor identifier, linked to a pre-defined transaction type and amount.
When entered in the APP, the Code triggers an automatic top-up of the Wallet.
The Wallet Holder, as both Ordinator and Beneficiary, confirms and authorises the transaction; We ensure the correct crediting of the Wallet but is not liable for Code misuse or unauthorised distribution.

Payments to Card Number (VISA or Mastercard)

The Wallet Holder must input the correct Beneficiary Card Number, and if the Card is not their own, also provide the Beneficiary’s name and address.
The transaction executes in real time via the card processing network, in EUR from our side. Any currency conversion applied by the Beneficiary Bank is outside our control and is subject to the Beneficiary PSP’s rates, as required under Regulation (EU) 2019/518, Article 3.

Payments to Mobile Phone Number

The Wallet Holder may initiate payment by selecting a phone contact or manually inputting the number.
If the number belongs to an existing Wallet Holder, the transaction is processed as an IntraBank Payment.
If the number belongs to a non-customer, the Beneficiary must provide their IBAN and name via a secure link before execution. The Wallet Holder bears full responsibility for verifying the correctness of the phone number and approving the transaction.

Currency Exchange Operations

When transferring between Wallets denominated in different currencies, the exchange rate applicable at the time of authorisation is displayed prior to execution (see Article 2.11 – Exchange Rates and Currency Conversion).
Our liability is limited to the accurate application and display of such rates.

Third-Party and Scheme Information Dependencies

Where transactions are executed through external networks (SEPA, Mastercard, VISA, Open Banking, or third-party Wallet providers), We relies on the information and identifiers transmitted through these networks. We shall not be liable for:

Any transmission errors or delays caused by third-party intermediaries;
Failures in VoP, CSM, or acquirer message delivery; or
Mismatches between data sets (e.g., IBAN vs. Beneficiary name, PAN vs. Cardholder name) originating from third-party sources.

Data Consistency and AML Compliance

We may, at any time, request additional information or documentation to verify the accuracy of a Payment Instruction, in accordance with the Maltese Prevention of Money Laundering and Funding of Terrorism Regulations (PMLFTR, S.L. 373.01) and Directive (EU) 2015/849, Articles 33–34.

Failure to provide accurate or sufficient information may result in a delay, blocking, or refusal of the transaction (see Article 3.4 – Blocking of Wallet or Refusal to Execute Transactions).

Liability Exclusion

Except where we have acted with gross negligence or wilful misconduct, the Wallet Holder remains solely responsible for any loss or delay arising from:

inaccurate or incomplete payment details;
incorrect selection of transaction type or Beneficiary;
proceeding with payments after a VoP result of “Close Match” or “No Match”;
reliance on indicative exchange rates or third-party currency conversions; or
providing outdated or incorrect Beneficiary contact information.

5.12 Unallocated or Unknown Funds

Definition and Scope

“Unallocated” or “Unknown Funds” refer to any incoming or internally generated transaction amount that cannot be correctly matched, credited, or settled to a Wallet, Linked Wallet, or Open Banking Wallet due to missing, incomplete, inconsistent, or unverifiable information.

This may occur, without limitation, when:

The provided IBAN, Card Number, Mobile Number, or Code does not correspond to any active Wallet or Account within us;
The transaction is received via an external network (e.g., SEPA, Mastercard, VISA, or Open Banking) with insufficient identifiers;
A reversal, refund, or settlement message lacks valid reference data; or
The Beneficiary’s Wallet or Account is suspended, restricted, or closed at the time of receipt.

Initial Handling and Attempted Allocation

Upon identifying Unallocated or Unknown Funds, we:

Make reasonable efforts to identify the rightful Beneficiary or Wallet Holder using available payment metadata, VoP responses, and scheme references;
Where the Originator or Beneficiary PSP can be identified, attempt clarification or return through the corresponding network mechanism (e.g., SEPA Return/Recall, Mastercard Refund, or Acquirer Reversal); and
If immediate allocation is not possible, record such funds in a temporary suspense account, segregated in accordance with Regulation 10 of the Financial Institutions Rules (FIR/01) and our Safeguarding Policy.

Notification and Retention

Where funds remain unidentified after reconciliation efforts:

We notify, where feasible, the presumed Originator, Beneficiary, or relevant PSP using Trusted and Secure Communication Channels, requesting corrective details;
Unallocated funds shall be retained for a period not exceeding thirteen (13) months from the date of receipt, in line with Article 71(2) of PSD2 and CBM Directive No. 1; and
Administrative or Holding Fees may be applied during the retention period in accordance with the Tariff of Charges, reflecting operational and compliance-related handling costs, including reconciliation, reporting, and verification efforts.

Treatment of Funds Following Retention Period

If, after the retention period, the rightful Beneficiary remains unidentified:

We handle the funds in accordance with Articles 1875–1880 of the Maltese Civil Code, transferring such balances to a designated unclaimed funds account and, where applicable, notifying the Malta Financial Services Authority (MFSA);
Transactional, reconciliation, and communication records shall be retained for five (5) years as required by Regulation 13(2) of the PMLFTR (S.L. 373.01); and
Any later claim to such funds must be supported by verifiable documentation and subject to AML/CFT due diligence prior to release.

Specific Provisions by Transaction Type

SEPA and Non-SEPA Transfers – Where a payment references an incorrect or inactive IBAN, we will attempt to return the funds through the SEPA Return process (EPC Rulebook Section 4.5.2). If the Originator PSP refuses the return or cannot be identified, the funds will be treated as Unallocated and may incur holding fees.

Card-Based Transactions (including Payments to Card Number) – Refunds or credits received via Mastercard or VISA networks without valid Card or Merchant references will be held in suspense. We will only allocate or reverse such amounts based on official network messages and may apply administrative fees for reconciliation.

Top-Up by Card or Code – Where a top-up cannot be linked to a Wallet (due to expired or misused codes, invalid card data, or incomplete authorisation), the funds will be held as Unallocated. Applicable holding fees may accrue during this period.

Payments to Mobile Phone Number – If a Beneficiary fails to submit a valid IBAN and name within seven (7) days of the SMS request, the funds will be returned to the Originator.

Currency Exchange Operations – If a conversion fails because the target Wallet is inactive, restricted, or closed, the base currency funds will be placed in suspense. Administrative fees may be charged for the reversal or manual allocation.

Cashback or Partner Settlements – Funds received from third-party program operators (e.g., Baltic Technology Solutions OÜ) without valid Wallet mapping will be held as Unallocated until confirmation is received from the partner. During this period, applicable handling fees may be charged.

Liability and Limitation

We shall not be liable for any loss, interest, depreciation, or opportunity cost resulting from the holding, delay, or eventual return of Unallocated or Unknown Funds, provided such funds have been handled with due diligence and in accordance with safeguarding and AML obligations.

All administrative or holding fees related to Unallocated or Unknown Funds are borne by the Wallet Holder, the external Originator, or the counterparty financial institution, as applicable.

5.13 Split Payments

Definition and Scope

“Split Payment” means a standing order or automated instruction initiated by the Wallet Holder that directs us to allocate predefined proportions of incoming SEPA Credit Transfers to one or more other Wallet Holders within the our Wallet Ecosystem. The service applies exclusively to payments received through the SEPA Credit Transfer Scheme in euro (EUR) and is not available for non-SEPA, card-based, or Open Banking transactions.

Eligibility and Enrolment

The Split Payment service is available only to Wallet Holders with an active EUR-denominated Wallet capable of receiving SEPA payments.

Activation may occur through the APP by selecting a pre-configured promotional link or service plan. Upon activation, the Wallet Holder consents to us executing allocations automatically in accordance with the parameters defined at enrolment. Wallet Holders may cancel or amend Split Payment arrangements at any time via the APP; changes take effect for subsequent incoming payments only.

Operational Mechanics

When a SEPA Credit Transfer is received for a Wallet enrolled in Split Payment, we will first validate that:

the payment meets SEPA Scheme requirements (EPC Rulebook Sections 2.5 and 4.2); and
no AML/CFT, sanctions, or operational restrictions (see Article 3.4 – Blocking/Refusal) apply.

Once validated, the funds will be credited to the receiving Wallet and immediately re-allocated in the proportions defined by the Wallet Holder to the designated Beneficiary Wallets held with us.

The allocations are processed in Real-Time, subject to internal reconciliation and risk-control procedures.

Each Beneficiary Wallet Holder receives an individual transaction confirmation through Trusted and Secure Communication Channels.

Fees and Deductions

A service fee applies to each Split Payment in accordance with the Tariff of Charges published by us.

The fee is deducted automatically from the incoming payment amount prior to distribution; the remaining net amount is apportioned according to the Wallet Holder’s predefined percentages.

All applicable taxes, levies, or third-party network fees are borne by the initiating Wallet Holder.

Limitations and Exclusions

Split Payments cannot be executed on:

incoming payments denominated in currencies other than EUR;
payments received via card networks, Linked Wallets, or Open Banking Wallets; or
transactions subject to legal hold, court order, or AML/CFT investigation.

If the underlying incoming SEPA payment is reversed, recalled, or found invalid under EPC Rulebook Section 4.5, we reserve the right to debit the distributed portions from the recipient Wallets and return the recalled amount to the Originator PSP.

Liability and Responsibility

Our responsibility is limited to the accurate execution of the Split Payment instruction as configured by the Wallet Holder.

We bear no liability for:

errors in percentage allocation or recipient details supplied by the Wallet Holder;
delays caused by external SEPA Clearing and Settlement Mechanisms; or
losses resulting from subsequent chargebacks, recalls, or sanctions-related actions.

The Wallet Holder remains solely responsible for ensuring that the Split Payment configuration reflects their intended allocations and that all recipient Wallet Holders have valid, active accounts with Us.

6 Transparency and Recordkeeping

General Principles

General Principles

We ensure that all payment services, transactions, and fees are presented to the Wallet Holder in a transparent, accessible, and understandable manner, in accordance with the principles of clarity, comparability, and traceability established under PSD2, PSD3, and CBM Directive No. 1.

All essential information relating to payments, authorisations, reversals, and balances shall be made available to the Wallet Holder via Trusted and Secure Communication Channels, including the APP, web interface, or downloadable statements.

6.1 Pre-Transaction Transparency

Before executing any Payment Instruction (see Definition: Payment Instruction), we shall provide the Wallet Holder with the following key information, where applicable:

the amount of the transaction, including any applicable fees, exchange rates, or conversion margins (see Article 2.11 – Exchange Rates and Currency Conversion);
the estimated execution time and Cut-off Time for the applicable payment type (see Article 4.2 – Cut-off Times and Receipt);
where relevant, the outcome of the Verification of Payee (VoP) process (see Article 4.3.5); and
any limitations or risk-based restrictions that may apply under Article 3.2 – Transaction Limits.

The Wallet Holder shall confirm consent to proceed with the transaction after receiving such information (see Article 4.8 – Consent and Authorisation).

6.2 Post-Transaction Transparency

Immediately after the execution of a Payment Instruction, we provide or make available a transaction confirmation, which shall include at minimum:

a unique Transaction Reference Number (TRN);
the amount, currency, and exchange rate applied;
the date and time of acceptance and execution;
the Beneficiary’s identifier (e.g., IBAN, Card Number, or Mobile Number);
any fees or charges applied by us or intermediary PSPs;

Such information shall be made available in real time through the Wallet interface and reflected in the next Statement of Transactions (see Article 2.12 – Statements).

6.3 Periodic Statements and Historical Access

We provide Wallet Holders with monthly electronic statements free of charge, detailing all Payment Instructions executed during the reporting period.

The Wallet Holder may access historical transaction data covering at least thirteen (13) months prior to the current date, as mandated under Article 57(1) of PSD2 and CBM Directive No. 1.

Upon request, we may provide extended transaction histories or certified records, subject to a reasonable administrative fee as outlined in the Tariff of Charges.

6.4 Recordkeeping Obligations of us

We retain comprehensive, accurate, and tamper-proof records of:

all Payment Instructions, consents, and authentication logs;
all communications exchanged through Trusted and Secure Channels; and
all reconciliation, AML/CFT screening, and VoP verification results.

Such records shall be preserved for at least five (5) years following the execution of a transaction, in line with Regulation 13(2) of the PMLFTR (S.L. 373.01) and EBA Guidelines on ICT and Security Risk Management.

If required by competent authorities, records may be retained for a longer period in accordance with judicial or regulatory mandates.

6.5 Corrections and Discrepancies

The Wallet Holder must promptly review transaction records and statements for accuracy.

Any discrepancies, suspected errors, or unauthorised transactions must be reported to us without undue delay and no later than thirteen (13) months after the debit date, pursuant to Article 71(1) of PSD2.

We will investigate such claims in accordance with Article 92 of PSD2 and the internal complaints-handling procedure.

6.6 Liability and Auditability

We ensure that all records are auditable, traceable, and verifiable by internal and external auditors, the MFSA, the CBM, and law enforcement authorities.

The Wallet Holder acknowledge that all transaction data, communications, and logs form part of our Security Management Policies and may be subject to disclosure where required under applicable AML/CFT or financial legislation.

We shall not be liable for delays or omissions in data access resulting from regulatory retention, technical maintenance, or lawful suspension of account activity.

7 Consent and Authorisation

7.1 General Requirement for Consent

No Payment Instruction shall be deemed valid or binding upon us unless and until the Wallet Holder has given explicit consent to its execution in accordance with this Article.

Consent may be given electronically through the APP or another Trusted and Secure Communication Channel, and shall constitute legal authorisation within the meaning of Article 64 of PSD2.

The Wallet Holder’s consent is required for every type of Payment Instruction, including but not limited to:

SEPA Credit Transfers and non-SEPA transfers;
Card-based transactions;
Top-ups by card or code;
Payments to mobile phone numbers;
Currency exchange operations; and
Split Payments.

Forms of Authorisation

Consent shall be considered duly provided when one or more of the following secure authentication actions occur, as applicable to the payment channel or transaction type:

Strong Customer Authentication (SCA) under Article 97 of PSD2, including at least two elements from the categories of knowledge (something only the user knows), possession (something only the user possesses), and inherence (something the user is).
3D Secure (3DS) confirmation for card-based or top-up transactions.
PIN, password, biometric verification, or other SCA methods through the APP.
One-Time Password (OTP) transmitted via SMS or push notification and entered by the Wallet Holder.
Digital signature or in-app confirmation explicitly authorising the payment instruction.
In case of card-present transactions outside the EEA (where permitted by scheme rules), manual signature of the receipt shall constitute valid consent under Mastercard Rules 5.11.4 and 5.12.2.

Each of these mechanisms represents the Wallet Holder’s explicit and irrevocable authorisation for us to execute the transaction.

Timing and Withdrawal of Consent

Consent is valid only for the specific Payment Instruction to which it relates and cannot be used for any other transaction.

Once a Payment Instruction has been received and accepted for execution by us, consent becomes irrevocable in accordance with Article 80(1) of PSD2, except where otherwise provided by law.

The Wallet Holder may withdraw consent before the Cut-off Time or before the Execution Date in the case of scheduled payments (see Article 4.2 – Cut-off Times and Receipt).

For recurring or standing orders, consent remains valid until revoked by the Wallet Holder through the APP or written instruction.

Authorisation via Third-Party Providers (TPPs)

Where a Payment Initiation Service Provider (PISP) is used, consent shall be provided through the secure interface of that PISP in compliance with Article 66 of PSD2 and EBA RTS on SCA & CSC (Regulation (EU) 2018/389).

The Wallet Holder’s authentication through the PISP interface shall constitute consent equivalent to direct authentication via our channels.

We accept such instructions only where the TPP holds a valid authorisation or passporting right under MFSA or another EEA competent authority.

Record of Authorisation

We maintain a secure and verifiable audit trail of all consents, authentication data, and authorisation events for each Payment Instruction, in accordance with Article 88 of PSD2 and EBA/GL/2019/04.

Each consent record shall include:

Timestamp of authentication and authorisation;
Channel and method used (e.g., 3DS, biometric, PIN);
Transaction reference and contextual data;
Result of the SCA validation.

These records shall be retained for at least five (5) years and made available to competent authorities or the Wallet Holder upon lawful request.

Effect of Valid Authorisation and Limitation of Liability

Once consent has been duly obtained and verified, the Payment Instruction is considered authorised and binding under Article 72(1) of PSD2.

We shall not be liable for any loss, dispute, or charge arising from authorised transactions executed in accordance with proper authentication and scheme rules, including cases of skimming, phishing, or card cloning, where all SCA requirements were fulfilled.

In such instances, our obligation is limited to initiating a chargeback or dispute process in accordance with Mastercard Rules Chapter 11 and to assisting the Wallet Holder during the investigation process.

Any fraudulent or unauthorised activity resulting from the Wallet Holder’s negligence, disclosure of credentials, or failure to maintain security of access devices shall remain the Wallet Holder’s sole responsibility.

Proof of Authorisation

In the event of a dispute, we bear the burden of proof to demonstrate that:

the transaction was authenticated, recorded, and correctly executed; and
there was no technical or operational failure on its part.

The authentication records maintained in accordance with this Article shall constitute conclusive evidence of the Wallet Holder’s consent unless proven otherwise by independent forensic analysis or regulatory determination.

8 Online bill payments/BCC Pay

8.1 General Overview

“BCC Pay” is a proprietary financial service provided by us that allows the Wallet Holder to initiate payments for goods, services, and utilities directly through the Wallet interface, without the need to manually input payment details.

BCC Pay operates as a Payment Initiation Service (PIS) in accordance with Articles 66–67 of PSD2, enabling merchants and service providers to transmit structured payment data through secure Application Programming Interfaces (APIs) integrated with ours payment infrastructure.

The service supports both Utility Bill Payment Services and Merchant API Access, ensuring real-time, secure, and compliant transaction execution between the Wallet Holder, us, and participating merchants.

8.2 BCC Pay Service Components

Utility Bill Payment Service

(a) The Utility Bill Payment Service enables Wallet Holders to pay for utility bills, telecom services, e-commerce purchases, subscriptions, and other predefined services through the APP.

(b) The merchant or utility provider submits the transaction request our API, specifying payment amount, creditor details, and purpose of payment.

(d) The Wallet Holder reviews the transaction and provides Consent and Authorisation (see Article 4.8), typically through Strong Customer Authentication (SCA).

(e) Upon confirmation, the payment is processed as a SEPA Credit Transfer, Intrabank Payment, or Card-based transaction, depending on the merchant integration.

(f) We immediately notifie the merchant electronically of the payment’s execution or failure.

Merchant API Access

(a) We provide an API suite allowing authorised merchants to initiate, query, and confirm Payment Instructions on behalf of their customers, consistent with PSD2 Open Banking communication standards (Reg. (EU) 2018/389).

(b) Merchant integration requires prior onboarding and approval by us, including technical certification and due diligence under AML/CFT requirements.

(c) Merchants must adhere to our API technical specifications, available on blackcat.app, and ensure implementation of end-to-end encryption and SCA compatibility.

(d) Each API call must contain a valid Electronic Signature derived from a unique encryption key issued by us to the merchant (see Section 5.5 – Security and Technical Requirements).

(e) Any unauthorised or malformed API request will be automatically rejected, and we reserve the right to suspend API access in case of misuse or security violations.

8.3 Conditions and Responsibilities

(a) We may modify, restrict, or discontinue the BCC Pay service at any time in order to comply with regulatory, operational, or security requirements.

(b) Wallet Holders and merchants are solely responsible for the accuracy and validity of payment details submitted through BCC Pay.

(d) We shall not be liable for delays, errors, or losses caused by inaccurate data provided by merchants or Wallet Holders, system unavailability, or third-party network interruptions outside our control.

(e) By using BCC Pay, Wallet Holders acknowledge and accept their responsibility to maintain the confidentiality of their credentials and approve transactions only after verifying accuracy of details displayed in the APP.

8.4 Merchant Relationship Lifecycle

Establishment of Relationship

To enable BCC Pay integration, a prospective merchant must request onboarding through the official customer-support chat or a designated Trusted and Secure Communication Channel.

The request must include business registration documents, a detailed service description, and an outline of the intended use of BCC Pay within the merchant’s processes.

We perform a due diligence review before approving or rejecting the request, in line with AMLD and CBM requirements.

Modification of Relationship

Any subsequent modification to the merchant relationship—such as changes in business model, integration endpoint, or ownership—must be requested through the same channel.

Modifications are subject to renewed review and approval before becoming effective.

Termination of Relationship

Either the merchant or we may terminate the relationship in accordance with Article 3.5 – Termination of the Relationship.

Termination of a merchant profile does not automatically terminate the Wallet Holder’s individual account relationship.

Upon termination, all pending payments will be settled or reversed as appropriate, and we will confirm closure through the APP or other approved communication channel.

We may terminate the merchant relationship immediately where non-compliance, fraud, or operational risk is detected.

8.5 Security and Technical Requirements

Each merchant shall be provided with a unique encryption key pair and associated digital certificate issued by us to authenticate API requests and ensure message integrity.

Both parties must safeguard their keys and credentials, preventing any unauthorised access or disclosure.

Merchants must comply with the BCC Pay Technical Specifications, available on blackcat.app, including encryption standards, communication protocols, and message structure.

If the encryption key is suspected or confirmed to be compromised, the merchant must immediately notify us and suspend all transaction activity until a new key is issued.

We and the merchant must notify each other of any planned system changes that could affect interoperability or data security.

Detected failures or incidents must be communicated immediately, with an estimated recovery timeline provided, in accordance with EBA/GL/2019/04 incident-management obligations.

A validly signed and properly formatted transaction request, containing a verified merchant signature and sufficient funds in the customer account, shall be accepted for execution and confirmed to the merchant.

Invalid, unsigned, or insufficient-funds requests will be rejected, and an error message will be returned to the merchant and displayed to the Wallet Holder.

8.6 Merchant Recordkeeping and Audit

The merchant must securely retain all original documentation evidencing each completed transaction—such as invoices, receipts, or service delivery confirmations—for a minimum period of five (5) years or longer as required by law.

Upon our request, the merchant shall promptly provide access to or copies of such documentation for reconciliation, chargeback handling, or audit purposes.

All documents shall be stored in a secure environment inaccessible to unauthorised third parties and in compliance with GDPR (EU) 2016/679 and local data protection law.

8.7 Invalid or Unverified Transactions

If the merchant fails to provide sufficient evidence of service delivery or Wallet top-up in connection with a BCC Pay transaction, we may deem the transaction invalid.

In such cases, we reserve the right to:

I. debit the transaction amount from the merchant’s current account; or

II. withhold or offset the disputed amount from future settlements due to the merchant.

This mechanism ensures proper consumer protection and compliance with PSD2 refund and redress provisions (Articles 72–75).

8.8 Compliance, Monitoring, and Liability

All BCC Pay transactions are subject to continuous AML/CFT and fraud monitoring in accordance with Articles 33–34 of Directive (EU) 2015/849, CBM Directive No. 1, and internal risk-based controls.

We reserve the right to suspend or block any transaction, merchant, or API integration if suspicious activity, sanction exposure, or data-integrity concerns arise.

Our responsibility ends once the Payment Instruction is correctly transmitted to the relevant clearing or settlement system (see Article 4.3.1 – Execution Liability).

Merchants remain responsible for compliance with consumer-protection, invoicing, and data-retention obligations applicable to their jurisdiction.

9 THE ACCOUNT

9.1 ACCOUNT OPENING

The operation of the Account shall at all times be subject to and governed by the following documents: (i) the Terms and Conditions herein, (ii) the Fee Information Document as specified for each customer category, and (iii) the privacy policy documents, collectively regarded as pre-contractual information.

We are offering the following products:

i. BlackCatCard for Private Individual

ii. BlackCatCard for EU Legal Entities with the VAT number

iii. BlackCatCard for EU Legal Entities without the VAT number

iv. BlackCatCard for non-EU Legal Entities

v. BlackCatCard for Fintech Companies

BlackCatCard for Private Individual

The "BlackCatCard for Private Individual" is a packaged financial product tailored for non-minor private individuals, available to residents within the European Economic Area (EEA) as well as to those residing outside the EEA.

For potential applicants who are residents of the EEA, the “Individual" product package includes:

i. The EUR Wallet: A personal payment account for managing funds.

ii. Access Tools: A BCC card which serves as a physical tool for account transactions.

iii. Mobile Application (APP): A digital application that facilitates access to the account for various financial services.

For potential applicants residing outside the EEA, the product package comprises:

i. The EUR Wallet: A personal payment account for managing funds.

ii. Mobile Application (APP): A digital application that provides access to the account for various financial services, excluding the physical BCC card.

All applicants, regardless of residency, are subject to compliance with the Financial Institution's application process, due diligence requirements, and must agree to the Terms and Conditions set forth by the Financial Institution. The provision of the BCC card is contingent upon the applicant's residency within the EEA and subject to the Financial Institution’s approval.

BlackCatCard for EU Legal Entities with the VAT number

A legal entity is presumed to possess a valid Value Added Tax (VAT) number if said VAT number is verifiable through the online resource provided by the European Commission at https://ec.europa.eu/taxation_customs/vies/#/vat-validation. The accuracy and validity of a VAT number are contingent upon successful confirmation via this specified verification service.

For potential applicants who are residents of the EEA, the "BlackCatCard for EU Legal Entities with the VAT number" product package includes:

The EUR Wallet: A payment account for business needs.
Access Tools: A BCC card which serves as a physical tool for account transactions.
Mobile Application (APP): A digital application that facilitates access to the account for various financial services.
WEB portal access: A digital application that facilitates access to the account for various financial services.

BlackCatCard for EU Legal Entities without the VAT number

The "BlackCatCard for EU Legal Entities with the VAT number " is a packaged financial product tailored for Legal entities (non-private individuals), registered within any of the EEA country and does not having the VAT number or having VAT number which can’t be verified via the online resource provided by the European Commission at https://ec.europa.eu/taxation_customs/vies/#/vat-validation.

For potential applicants who are residents of the EEA, the "BlackCatCard for EU Legal Entities without the VAT number" product package includes:

The EUR Wallet: A payment account for business needs.
Access Tools: A BCC card which serves as a physical tool for account transactions.
Mobile Application (APP): A digital application that facilitates access to the account for various financial services.
WEB portal access: A digital application that facilitates access to the account for various financial services.

BlackCatCard for non-EU Legal Entities

The "BlackCatCard for non-EU Legal Entities" is a packaged financial product tailored for Legal entities (non-private individuals), registered outside of the EEA countries.

For potential applicants who are not residents of the EEA, the "BlackCatCard for non-EU Legal Entities " product package includes:

The EUR Wallet: A payment account for business needs.
Mobile Application (APP): A digital application that facilitates access to the account for various financial services.
WEB portal access: A digital application that facilitates access to the account for various financial services.

BlackCatCard for Fintech Companies

The "BlackCatCard for Fintech Companies" is a packaged financial product tailored for Legal entities (non-private individuals) licensed as Financial Institutions, Crypto currency wallet holders and Cryptocurrency exchange companies

For potential applicants who are residents of the EEA, the "BlackCatCard for non-EU Legal Entities " product package includes:

The EUR Wallet: A payment account for business needs.
Mobile Application (APP): A digital application that facilitates access to the account for various financial services.
WEB portal access: A digital application that facilitates access to the account for various financial services.

The applicant may request an Account through the formal 'Application for Services' process. The specific procedure dedicated to establishing a relationship with the Financial Institution is referred to as the 'Onboarding Application for Services'. There are various methods by which the Onboarding Application for Services can be submitted:

In-person submission at the premises of the Financial Institution or at any location where the customer support staff of the Financial Institution are present, including at events or missions conducted by any customer support or financial management representatives of the Financial Institution.
Electronically, through the Financial Institution's mobile application (APP), where the applicant can complete and submit the Application for Services.
Online, via the Financial Institution's web portal, providing a digital avenue for applicants to submit their Application for Services.

Each submission channel is designed to provide a secure and accessible method for applicants to commence their financial services relationship with the Financial Institution.

For private individuals

Upon initiation of the Onboarding Application for Services, a private individual is required to be prepared to supply, via the electronic application format, the following documentation:

An identification document, which may either be a Passport or National Identity Card, as proof of identity.
Documentation confirming the residential address of the individual.
Proof of wealth, such documentation to be furnished upon additional request from the Financial Institution

These documents are requisite for the successful processing of the Onboarding Application for Services and must be provided in the form and manner as specified by the electronic application process.

For non-private individuals

Upon initiation of the Onboarding Application for Services by a non-private individual, the following documentation is to be prepared for submission through the electronic application questionnaire:

Documentation or proof substantiating the legal existence of the non-private entity or company.
Evidence of the appropriate licensing where the applicant’s activities are subject to regulatory licensing requirements.
Identification documents as stipulated in Section 7.10 for private individuals who are requesting the Onboarding Application for Services. In instances where the request is made by a non-private individual, this should be treated as a distinct onboarding subject, in accordance with Section 7.11 of these Terms and Conditions. Such documentation is required for all board members or their jurisdictional equivalents, as well as all beneficial owners holding "25+1" shares or more of the entity.
Additional documentation detailing the current financial status of the applicant or descriptive information regarding the applicant’s business operations, which may be requested additionally.

These documents are essential for the comprehensive assessment and processing of the Onboarding Application for Services and must be presented in compliance with the electronic application requirements.

The Onboarding Application for Services is subject to verification and assessment by the Financial Institution. Should additional queries arise during this process, the customer support team may solicit further clarifications and/or documents from the applicant. It is the applicant’s responsibility to respond to such requests with the necessary clarifications and/or documents.

The determination of the adequacy and credibility of the information and/or documents provided lies at the discretion of the Financial Institution. Based on this evaluation, the Financial Institution reserves the right to reject the Onboarding Application for Services.

The Financial Institution may reject a customer’s Onboarding Application for Services for a variety of reasons, including but not limited to:

Incomplete Documentation: The applicant fails to provide all necessary and complete documentation required as part of the application process.
Verification Failure: Information provided by the applicant does not pass the Financial Institution’s verification processes or is found to be inaccurate or misleading.
Regulatory Compliance: The applicant does not meet regulatory compliance requirements, including those related to anti-money laundering (AML) and countering the financing of terrorism (CFT).
Risk Assessment: The applicant presents a risk profile that does not align with the risk appetite or policies of the Financial Institution.
Sanctions Screening: The applicant or related persons is identified on any sanction list or is otherwise ineligible to receive financial services under applicable sanctions laws.
Legal Restrictions: There exist legal impediments or restrictions that prevent the establishment of a customer relationship.
Financial Institution Policy: The applicant does not meet the specific criteria or policies set forth by the Financial Institution, which may include factors related to the business model, geographic location, or other discretionary criteria established by the Financial Institution.
Adverse Findings: Due diligence processes reveal adverse findings such as a history of fraudulent activities or other financial malpractices associated with the applicant.

The decision to reject an Onboarding Application for Services is taken with due consideration, and the Financial Institution is not obliged to disclose the specific reasons for rejection to the applicant. However, such decisions are made in accordance with the Financial Institution’s terms and conditions, operational guidelines, and regulatory obligations.

Upon approval of the Onboarding Application for Services by the Financial Institution, the following outcomes are formalized:

A contractual relationship between the applicant and the Financial Institution is duly established, signifying the commencement of a business association.
All components of the product package to which the applicant is entitled become activated and available for use as delineated in the terms of the service agreement.
The applicant is officially designated as an Wallet Holder with the Financial Institution, thereby gaining rights and responsibilities as stipulated in this terms and conditions.

The Wallet Holder is entitled to hold multiple accounts and cards, as deemed necessary for their financial management. Each request for an additional account or card must be submitted through a separate Application for Services. The Financial Institution retains the discretionary authority to conduct an additional evaluation related to the issuance of any supplementary financial products to the Wallet Holder.

Following such assessment, the Financial Institution may:

Request further clarifications or documents from the Wallet Holder.
Condition the processing of the application upon the receipt and satisfactory review of the additional information or documents, as determined by the Financial Institution’s standards.
Exercise the right to decline the Application for Services at its sole discretion, without the obligation to disclose the reasons for such rejection to the Wallet Holder.

These measures are instituted to maintain the integrity of the Financial Institution's operations and to comply with applicable regulatory and compliance standards. The Wallet Holder's understanding and cooperation in this process are appreciated.

10 Application for services

The Financial Institution provides a suite of Applications for Services to accommodate various customer needs. These include:

Onboarding Application for Services: An application process for new customers to open an account and establish a business relationship with the Financial Institution.
Application for Additional Account Opening: For existing customers to open supplementary accounts under their name.
Application for BCC Card or Additional Card Issuance: For the issuance of a new or additional BCC card.
Application for Card or Additional Card Block/Close: To request the blocking or closing of a BCC card or additional cards.
Application for Card Limits Change: For adjusting the spending or withdrawal limits on a BCC card.
Application for Card Closure: To permanently close a BCC card.
Application for Card Re-Issue: For the re-issuance of a BCC card due to expiration, loss, or damage.
Application for Updating Wallet Holder Details: For changes to the Wallet Holder's address, phone number, or other identifying details.
Application for Relationship Cancellation: To initiate the process of terminating the business relationship with the Financial Institution.
Application to Close Account: For the closure of an existing account.
Application for Payment Instruction Cancellation: To cancel a previously submitted payment instruction.
Application for Payment Return: To request the return of funds from a completed payment.
Application for Card Chargeback: To initiate a chargeback process for disputable card transactions.
Application for additional Service: To request additional services presented within the Tariff of Charges.

Standard Processing Procedure: Each application follows a standard processing procedure:

Applications can be submitted via the Financial Institution's mobile application (APP) or web portal.
The APP and web portal provide chat functionalities and embedded features for the submission and management of applications.
Received applications are processed in accordance with the Financial Institution's operational guidelines and compliance requirements.
The processing timeframe for each application type will be communicated to the customer through the APP, web portal, or other official communication channels.
The customer will receive a notification through the same channels upon the completion of the application process.

The Financial Institution reserves the right to request additional documentation or clarification from the customer as part of the application processing. Customers are encouraged to ensure that all information provided in their applications is complete and accurate to avoid processing delays.

Additional services:

This section delineates the terms under which the Financial Institution provides Additional Services to the Wallet Holder as part of the banking relationship:

Current Account Confirmation Letter:

Upon request, the Financial Institution will provide the Wallet Holder with a confirmation letter for the current account. This document will be delivered electronically and will bear the authorized signature of the Financial Institution.
The confirmation letter will be transmitted to the email address provided by the Wallet Holder.

Reference Letter:

The Wallet Holder may request a personalized reference letter. This letter will be tailored to the individual's specifications and will be signed by an authorized officer of the Financial Institution.
The reference letter will be provided in an electronic format and dispatched to the Wallet Holder's designated email address.

Account Statement:

The Financial Institution will furnish signed electronic account statements upon the Wallet Holder's request. The automatic electronically created statements are available free or charge.
A fee, as specified in the Financial Institution's Tariff of Charges, will apply for each page of the statement provided.

Audit Request Answer:

The Financial Institution will respond to audit inquiries related to the Wallet Holder's financial records.
This service does not include postal costs, which, if applicable, will be charged to the Wallet Holder.

Postal Services:

For dispatch of documents or items via express courier post, the Financial Institution will facilitate the service and charge the Wallet Holder in accordance with the prevailing rates of the courier service.

Copy of the Payment Instruction:

A copy of any payment instruction can be requested by the Wallet Holder and will be provided electronically via email.

DHL Card Delivery:

The Financial Institution offers expedited card delivery through DHL courier service. The costs associated with this service will be borne by the Wallet Holder and are subject to DHL's current pricing structure.

By requesting and utilizing any of the Additional Services mentioned herein, the Wallet Holder agrees to the terms specified and the fees listed in the Financial Institution's Tariff of Charges, which are subject to change. Notification of any fee changes will be communicated to the Wallet Holder in accordance with the Financial Institution's amendment procedures for Terms and Conditions.

11 COOLING OFF PROCEDURE

If you use remote access tools for conclusion of the Agreement (distance Agreement), you are entitled to a 14-day “cooling off’ period from the Commencement Date during which you may cancel the Agreement without incurring any penalty and without having to give any reason.

Should you wish to cancel the Agreement during the “cooling off” period, please send us written revocation (in free form) and return the Plastic BCC to us (at Papaya’s head office: 31 Sliema Road, Gzira GZR 1637, Malta), unsigned and unused.

Note that you will not be entitled to a refund of any fees paid in accordance Tariff of Charges, if you have used your Card during the 14-day “cooling off” period.

Charges and fees for the Services levied on a regular basis shall be payable by you proportionally up to the cancelation of the Agreement. If such charges are paid in advance, they shall be reimbursed proportionally.

Following the end of the “cooling off” period you may terminate the Agreement in accordance with Paragraph 10.

12 TERMINATION OF THIS AGREEMENT

Duration of Agreement: The Agreement shall remain in effect indefinitely, subject to the provisions of paragraph 2.

Termination Rights: Each Party is entitled to unilaterally terminate the Agreement without providing reasons and without incurring any charges, by serving a Notice of termination to the other Party, except as otherwise provided in the normative acts of the Republic of Malta.

Account Closure Initiative: If initiated by the Wallet Holder, the agreement will be terminated within one month of receiving the Wallet Holder's Application for Services regarding the cancellation of the relationship, as established by our procedures.

Obligation to Terminate Relationship: We are under no obligation to terminate the relationship if it is necessary for the execution of concluded Transactions with you or if you are in red (having unallowed overdraft).

Notice Period for Termination by the Financial Institution: We may terminate the Agreement by providing at least two months' Notice to you.

Provision of Interim Statement: Upon termination of the Agreement, we will provide you with an interim statement covering at least the previous thirteen months, free of charge electronically. All other means of the statement provision if the subject of the availability and subject to the Tariff of Charges.

Proportional Charges and Fees: Charges and fees for services incurred regularly are payable by you proportionally until the termination of the Agreement.

Account Closure and Liability: Upon closing the Account, any remaining balance will secure liabilities owed by you to us.

Continuation of Obligations: Termination of the Agreement does not absolve either party from fulfilling unmet obligations established prior to the termination.

Non-Return of Documents: Documents provided by you for the conclusion of an Agreement or performance of a Transaction will not be returned.

Obligations upon Termination: Should the relationship terminate, you are required to submit all necessary documents and take all steps to fulfill obligations arising from the legal relationship with us.

Actions upon Agreement Termination:

We will close all your Account and cancel your Cards on the day the Agreement terminates.
You must promptly instruct us regarding the disposition of any remaining funds.
We will close Accounts and transfer the balances as per your payment order, subject to applicable laws.

13 UNALLOWED OVERDRAFT ON ACCOUNT

Under normal circumstances, if any payment is attempted that exceeds the Available Funds on the Account the Transaction will be declined. In certain circumstances, a transaction may take your Account into a negative balance – this will normally be where the MasterCard network merchant has failed to seek authorization for the Transaction. In these cases, providing that we are satisfied that you have not deliberately used the Card in the manner that would result in a negative Account balance, we shall grant the Unallowed Overdraft on Account to you.

The Unallowed Overdraft shall be granted by us in the form of non-revolving overdraft. We shall be entitled to grant on your Account the Unallowed Overdraft to the amount that is to be added to the balance of funds available in the Account in order to discharge your particular payment obligations.
The Unallowed Overdraft shall be deemed received at the moment of discharging your payment obligations.

The Unallowed Overdraft shall be repaid by you immediately on the day of origination of the same.

14 DORMANT ACCOUNT

A "Dormant Account" is classified as an account that has not recorded any customer-initiated financial transactions, excluding those transactions initiated by the Financial Institution such as fee charges or the covering of unauthorized overdrafts, for a consecutive period of six months.

Accounts that are deemed dormant will be subject to a Dormant Account fee as specified in the Tariff of Charges of the Financial Institution. This fee is levied in recognition of the administrative costs associated with maintaining inactive accounts.

Should the Account be classified as Dormant in accordance with the Financial Institution's criteria, the Financial Institution will debit the account for the applicable dormant account fee. This fee will continue to be debited on a monthly basis until the Wallet Holder conducts a transaction.

In the event that the Account balance is insufficient to cover the dormant account fee, the remaining balance will be applied towards the fee payment. The Wallet Holder will then be issued a written notice two months in advance of the impending closure of the Account due to insufficient funds to maintain its active status. It is the responsibility of the Wallet Holder to ensure that the Account remains active by conducting regular transactions to avoid such fees and potential closure.

Wallet Holders are advised to ensure activity within their accounts to avoid the Dormant Account designation and the subsequent fee. Should an account become dormant, the Wallet Holder will be notified using their last known contact information as per the Financial Institution’s records. Wallet Holders may reactivate their dormant accounts by conducting a transaction or by contacting customer service, as outlined by the Financial Institution’s reactivation procedures.

15 CHANNELS

15.1 GENERAL TERMS AND CONDITIONS FOR USE AND ACCESS TO THE CHANNELS

The document herein, comprising both the Important Information and the Terms and Conditions, collectively referred to as the "Agreement," sets forth the regulatory framework for the utilization of the Channels. Your engagement with the Channels constitutes your acceptance of, and agreement to be legally bound by, the stipulations of this Agreement. It is expected that you will utilize the Channels and their respective functions appropriately and in compliance with the operational guidelines provided. Furthermore, certain functions of the Channels may be governed by additional specific terms and conditions. Your usage of these specific functionalities indicates your agreement to adhere to these supplementary terms and conditions.

The designated Delivery Channels of the Financial Institution consist of the mobile application available on both iOS and Android platforms, as well as the Internet Banking web application. These Delivery Channels are exclusively for the use of customers who are duly authorized by the Financial Institution.

All activities conducted via these Delivery Channels are subject to monitoring and recording to ensure security and compliance with the Financial Institution’s operational policies. Unauthorized access or use of any of these Delivery Channels is strictly prohibited and may result in legal proceedings instituted by the Financial Institution against the unauthorized user. Customers are reminded to safeguard their access credentials and to use the Delivery Channels within the scope of their authorized purposes only.

Internet Banking Web Application: All functionalities of the Internet Banking web application provided by the Financial Institution are accessible solely subsequent to the authentication of the User. The User must successfully complete the required authentication process to engage with any of the services offered through the web application.

Mobile Application Chat Function: The chat function within the mobile application of the Financial Institution is uniquely available without the need for User authentication. This feature allows Users to communicate with customer service representatives or access support without logging into their account.

Other Mobile Application Functions: All additional functions within the mobile banking application, barring the aforementioned chat function, necessitate the User to undergo authentication. Only after the User’s identity has been verified through the authentication process will they be granted access to the various banking services and features available through the mobile application.

These provisions are established to ensure the security and privacy of User interactions with the Financial Institution’s Delivery Channels while allowing for ease of access to customer support when needed.

Access to Channels:

Initial Authentication:

Each occasion a User accesses the Web Internet Banking and the first instance of accessing the mobile application without logging out requires initial authentication.
This initial authentication is a mandatory security measure designed to verify the User's identity at the start of each session on the Web Internet Banking and at the initial entry point when using the mobile application.

Mobile Application Unblock:

In instances where initial authentication has been previously completed within the mobile application, and there is a subsequent period of inactivity, the application is configured to automatically secure itself by blocking access.
To regain access, Users must employ the designated method for unblocking the mobile application. This method is a security protocol established to protect User information and account integrity during periods of inactivity.

These security protocols are implemented to safeguard the confidentiality and security of User accounts. The Financial Institution requires Users to adhere to these protocols to maintain secure and authorized access to the Channels.

Authentication Protocols:

Initial Authentication Procedure:
Initial authentication is carried out through the combination of the User's credentials and a One-Time Password (OTP) sent via SMS.
This two-factor authentication process is integral to verifying the User's identity and securing access to the Financial Institution's services.

User Credentials:

The credentials comprise the User ID, which is the registered mobile phone number of the User, and a Personal Identification Number (PIN), which is established by the User during the registration process.
These credentials are unique to each User and must be kept confidential to ensure account security.

SMS One-Time Password:

The OTP for initial authentication is dispatched via SMS to the mobile phone number designated as the User ID.
This OTP is valid for a single session or transaction and adds an additional layer of security.

Mobile Application Unblock:

To unblock the mobile application after an automatic security lockout, the User must enter their previously created PIN or biometric confirmation of the device (like Face ID or Touch ID) if User selected this type of the authentication within APP.
This unblocks procedure ensures that only the authorized User can regain access to the mobile application without the need for further SMS verification.

All Users are required to comply with these authentication protocols as a condition of accessing and using the Financial Institution's services. These measures are adopted to protect Users against unauthorized access and potential security threats.

Except as otherwise mutually agreed upon, the utilization of the Channels is predicated upon the possession of an Account with the Financial Institution. Furthermore, access to and use of the Channels is contingent upon the User's agreement to the terms of service, which are formalized through an application submitted by the User and subsequently accepted by the Financial Institution.

Pursuant to this agreement, any applicable fees, as delineated in the Tariff of Charges, will be debited from the User's Account. These fees may include, but are not limited to, those associated with the specific product package in use, service fees, commissions, and any charges arising from non-financial transactions.

Security Requirements for Users of Mobile Applications and Web Internet Platform:

Secure Credentials: Users must create and maintain including a unique User ID and a strong Personal Identification Number (PIN). The credentials should not be shared with anyone and must be kept confidential at all times.
Authentication: Users are required to authenticate themselves each time they access the mobile application or web internet platform using the prescribed methods, such as entering credentials or responding to One-Time Passwords (OTPs) sent via SMS to their registered mobile number.
Regular Updates: Users must ensure that the mobile application and web browser are kept up to date with the latest security patches and updates provided by the software developers or the Financial Institution.
Secure Environment: Access to the mobile application and web internet platform should be conducted in a secure environment. This means avoiding public Wi-Fi networks and ensuring private networks are secured with robust encryption protocols.
Monitoring and Reporting: Users should monitor their accounts for any unauthorized transactions and report any suspicious activity to the Financial Institution immediately.
Device Security: Users are responsible for the security of the devices they use to access the mobile application and web internet platform. This includes using up-to-date antivirus software, enabling firewalls, and not jailbreaking or rooting devices.

Logging Out: Users should always log out of the mobile application or web internet platform after completing their sessions.

Compliance with Policies: Users must comply with all other security policies and procedures as outlined by the Financial Institution.

Prohibition of Unauthorized Use: Users are prohibited from attempting to circumvent security features or accessing the accounts of other Users.

Phishing Avoidance: Users must exercise caution to avoid phishing attempts. This includes not clicking on unknown links, not providing credentials in response to unsolicited requests, and verifying the authenticity of communication purportedly from the Financial Institution. We will never request you to provide us with the PIN or SMS one time password.

The Financial Institution reserves the right to update or modify these security requirements as necessary to ensure the safety and security of its mobile applications and web internet platform, and to comply with applicable laws and regulations. Users are obligated to adhere to these requirements as part of their agreement with the Financial Institution.

16 THE CARD

16.1 TERMS OF CARD’S ISSUE

Card Issuance: The Card is issued upon the successful completion of an application for services process by an Wallet Holder and is subject to approval by the Financial Institution. The first Card is issued within the Onboard Application on services is the customer is entitled for Card issuance.

Card Issuance Process:

Entitlement: If the Wallet Holder is entitled to receive a Card as part of their Account package, the issuance process shall be initiated in accordance with the following parameters provided by the User:
Name Selection: The Wallet Holder may choose the name to be displayed on the Card. This selection must align with the Wallet Holder’s identity and be compliant with the MasterCard "True Name" program, allowing individuals to use names that accurately represent their identity.
Card Type Selection: The Wallet Holder has the option to select between receiving a Physical (Plastic) Card or a Virtual Card.
Binding to the account: The type of binding to the Account – main card (the first card of the account) or additional Card.
Delivery Address: In the event that the Wallet Holder opts for a Physical Card, they must provide a delivery address within the Application for Services where the Card should be sent.
The Card issuance process is contingent upon the submission of accurate and complete information by the Wallet Holder. The Financial Institution reserves the right to request additional information or documentation to verify the Wallet Holder’s identity and delivery details. Upon fulfilling these conditions, the Financial Institution will proceed with the Card issuance in accordance with the Wallet Holder’s selections and the applicable terms and conditions.
Card Issuance Protocol:
Real-Time Processing: Applications for services related to the issuance of the Card are processed in real time, ensuring prompt attention to the Wallet Holder's request.
Subject to Approval: All applications for Card issuance are subject to the approval of the Financial Institution. The decision-making process takes into account various factors to ensure compliance with institutional policies.
Financial Institution's Discretion to Reject: The Financial Institution reserves the right to reject any Card issuance application if the name selected by the User deviates from their legal name, contains offensive language, or could potentially harm the reputation of the Financial Institution or MasterCard.
Immediate Issuance of Virtual Card: Upon successful processing of the Card issuance application, a virtual Card is immediately issued to the Wallet Holder.
Virtual Card Transaction Readiness: The virtual Card, upon issuance, is fully functional for Internet transactions.
Access to Virtual Card Details: Necessary details for conducting Internet transactions with the virtual Card are accessible through the mobile application or the Web Internet Bank.
Delivery of Plastic Card: Should the User opt for a Physical (Plastic) Card, it will be dispatched via the chosen method—standard postal service or courier delivery—to the address specified in the application for services.
Transaction Blocking Prior to Activation: Transactions requiring online authorization through ATMs or physical terminals will be blocked on the Plastic Card until its activation by the User.
Activation of Plastic Card: The Wallet Holder may activate the Plastic Card using a designated function within the mobile application. It is strongly recommended that the Plastic Card be activated only after it has been received by the Wallet Holder.
Non-Receipt of Plastic Card: In the event the Plastic Card is not received as expected, the User is obliged to promptly contact Customer Support to address and resolve the delivery issue.
Issuance of PIN for Transactions: A Personal Identification Number (PIN) for the confirmation of transactions is issued exclusively for use with the Physical (Plastic) Card.
Accessibility of PIN: The PIN associated with the Plastic Card can be accessed by the User via the mobile application provided by the Financial Institution.
Restriction on PIN Availability: The PIN for the Plastic Card will not be available to the User until the Plastic Card has been activated. The activation of the Plastic Card is a prerequisite for the disclosure of the PIN to ensure the security of card transactions.
The Card issued by the Financial Institution is subject to usage terms that vary according to the type of Wallet Holder:
Private Individual Wallet Holders: Cards issued to private individual Wallet Holders are intended for personal, non-commercial use. The Card may be used for transactions and withdrawals as per the limits and conditions specified in the Account agreement.
Business or Corporate Wallet Holders: Cards issued to business or corporate Wallet Holders are for business-related expenditures. These Cards are to be used strictly for legitimate business transactions, in accordance with the business’s operational scope and the Financial Institution’s policies.
For all types of Wallet Holders, the use of the Card must be in compliance with the terms and conditions set by the Financial Institution. Unauthorized or improper use of the Card may result in suspension, cancellation, or legal action. Wallet Holders are responsible for securing the Card and maintaining the confidentiality of the PIN and any other authentication methods.
The Financial Institution advises all Card Holders to adhere strictly to the following security recommendations to protect against unauthorized use and potential fraud:
Confidentiality of PIN: Card Holders must keep their Personal Identification Number (PIN) and any other security details confidential and never disclose them to anyone.
Card Security: Card Holders are responsible for safeguarding their Card at all times. The Card should not be left unattended, especially in public places, and should be stored securely when not in use.
Secure Transactions: Card Holders should only use their Card for transactions at trusted merchants and secure online platforms. Caution should be exercised when entering Card details on websites to ensure they are legitimate and secure.
Monitoring Account Activity: Regular monitoring of account statements and transaction history is recommended. Any unrecognized transactions should be reported to the Financial Institution immediately.
Reporting Lost or Stolen Cards: In the event of a lost or stolen Card, Card Holders must inform the Financial Institution without delay to enable prompt preventive measures such as blocking the Card.
Device Security for Online Banking: When using online banking platforms or mobile applications to manage their Card, Card Holders should ensure their devices have up-to-date security software and are protected by strong passwords.
Avoiding Phishing Attempts: Card Holders must be vigilant against phishing attempts. They should not respond to unsolicited emails or messages requesting Card information and should verify the authenticity of any communication claiming to be from the Financial Institution.
ATM Safety: When using ATMs, Card Holders should be aware of their surroundings and shield the keypad when entering their PIN.
Secure Personal Information: Personal information should be kept secure and not shared loosely, as it can be used in identity theft and linked to Card fraud.
Compliance with Financial Institution Communications: Card Holders should follow all security communications and guidelines provided by the Financial Institution for the safe use of their Card.
3D Secure: your Card is enrolled in the 3D Secure service, which provides an additional layer of online authentication for credit and debit card transactions, helping to prevent unauthorized use of your Card online. The 3DS confirmation executed by the PIN or biometric confirmation (Touch ID or Face ID). For your safety, please select the 3D Secure enabled resource to make your Internet transactions.
By following these security recommendations of paragraph 14.4, Card Holders can significantly reduce the risk of fraud and unauthorized access to their accounts. The Financial Institution is committed to providing a secure banking environment and expects Card Holders to exercise due diligence in protecting their financial assets.

17 TERMS OF CARD’S USE

Card Receipt and Activation: Upon receiving your Card, you are required to sign the Card immediately. The Card activation shall be executed in accordance with the paragraph 14.1.2

Card Usage and Care: The Card is for your personal use only. You must exercise due diligence in its care, refraining from tampering with its magnetic stripe or chip. Disclosure of the Card number should occur solely during legitimate transactions, and you must adhere to any additional instructions we issue concerning the safeguarding of the Card and its security details.

Ownership and Return: The Card remains the property of the Financial institution and must be surrendered upon request.

Validity and Limits: The Card should be utilized within its specified validity period and without exceeding the authorized credit limit. It must not be used if it has been cancelled or suspended by us.

Permitted Uses: The Card is designated for the payment of goods or services, cash advances, and other approved uses. It must not be employed for unlawful purposes.

Transaction Methods: Usage of the Card may include:

Signing a sales voucher or order form that displays the Card number.
Entering the PIN at Electronic Point of Sale (EPOS) terminals or ATM to authenticate transactions.
'Tapping' the Card at a point of sale to conduct contactless payments.
Loading the Card onto a device and/or eWallet for transactions.
Using the Card at cash or other machines, occasionally requiring a PIN.
Providing the Card number and other details for telephone transactions.
Engaging in online transactions, for which we advocate the use of secure payment sites.

Consent and Transaction Irrevocability: Your authorization for a transaction is confirmed by your signature, the provision of your Card number, the entry of your PIN, or the input of your Card/Security Details. Once consent is given, a transaction cannot be revoked.

Recurring Transactions: For recurring transactions or those initiated by the payee, the transaction cannot be revoked after you have given consent.

Renewal Responsibility: It is your responsibility to ensure the possession of a renewed Card prior to your current Card's expiry.

Renewal Notice: If you do not wish to renew your Card, you must inform the Financial institution at least 30 days before the Card's expiry date.

Security Details:

Various channels may require different security details for transactions, including:
A PIN for ATM or Point of Sale transactions.
A 3D Secure passcode for Internet transactions.
A verification code for eWallet or app registrations.
These details must be kept confidential and not disclosed to anyone, nor recorded in a discoverable manner.
Any paper communication of the PIN or security details should be destroyed after receipt. Electronic communication of codes should only be used as intended and not recorded elsewhere.

Card/Security Details Misplacement: In case of loss or suspected compromise of the PIN or any other Card/Security Details, immediate notification to the Financial institution is mandatory.

By accepting and using the Card, you acknowledge and agree to the terms outlined herein. The Financial institution reserves the right to amend these terms as required.

The Cardholder is obliged to exercise reasonable care to prevent the loss, theft, or unauthorized use of the Card, PIN, or any associated Card/Security Details. The Cardholder must scrutinize statements promptly upon receipt or when they become available online. In the event of the Card being lost, stolen, misappropriated, or if there are grounds for suspecting potential misuse, or if the Cardholder believes that the PIN or Card/Security Details are known to someone else, the Cardholder is required to inform the Financial Institution immediately, and no later than 13 months from the debit date of any unauthorized transaction.

Subject to the preceding clause and the provisions herein, the Financial Institution will conduct investigations into unauthorized transactions. Should the Financial Institution ascertain that the transaction was not authorized by either the primary or supplementary Cardholder, and that the Cardholder is not liable, the Financial Institution will reimburse the primary account for the amount of the unauthorized transactions exceeding €50. Beyond this reimbursement, the Financial Institution holds no further liability. The Cardholder, however, bears full responsibility for all transactions made with the Card, PIN, or Card/Security Details prior to notification, under the following conditions:

Failure to adhere to these Terms and Conditions, especially regarding safeguarding the Card, PIN, and Card/Security Details.
Delay in informing us upon becoming aware of loss, theft, misappropriation, unauthorized transactions, any account errors or irregularities, or suspicion that the PIN or Card/Security Details are compromised.
Recording the PIN or Card/Security Details in a recognizable manner, particularly on the Card or any item kept or carried with the Card.
Engaging in gross negligence or fraudulent behaviour.

Subsequent to reporting to us, you will not be accountable for further transactions, staring from next Business day after the lost/stollen card report, made with your lost, stolen, or misappropriated Card, unless fraudulent actions were taken.

Notifications pursuant to this Agreement should be directed to Papaya Ltd, Sliema Road 31, Gzira, GZR1647 - Malta, Telephone: +356 20155500, or via the 24-hour available chat.

We may request information and your cooperation in recovering the Card and investigating unauthorized transactions. This includes working with us and law enforcement authorities. If instructed to report such incidents to the police, both where the incident occurred and locally upon your return, you must do so promptly.

If the Card is retrieved after being reported lost or stolen, it must not be used; instead, it should be sent back to us, cut in half, for security reasons.

Should a replacement Card be necessary, the Wallet Holder must formally request issuance of a new Card or Additional Card. A fee may be charged for Card replacement and collection as outlined in the Tariff of Charges.

18 Retailers - Liability, Payment Cancellation, and Refunds

Retailer or Bank Refusal: The Financial Institution assumes no liability if a merchant or bank declines to accept the Card.

Irrevocability of Payments: Once consent for a payment is provided to a merchant or supplier, or upon entering the PIN and/or providing Card/Security Details which facilitate the processing of a payment, the Financial Institution is unable to cancel the transaction. This includes recurring payments for subscriptions. To address refunds, it is the Cardholder's responsibility to engage directly with the merchant or supplier.

Receipt of Refunds: In the event a merchant or supplier consents to a refund for a Card transaction, the Financial Institution will credit the refund to the Cardholder's Account upon receipt of a valid voucher or satisfactory confirmation from the merchant.

Refunds: A Cardholder may request a refund for a payment related to a Direct Debit Mandate or subscription under the following conditions:

The payment was made within the European Union, Liechtenstein, Norway, or Iceland.
The authorization did not specify the precise payment amount.
The requested payment amount exceeded what the Cardholder could have reasonably anticipated based on the context, including past spending patterns.
The refund request is submitted within eight weeks from the payment date.

Investigation of Refund Entitlement: The Financial Institution may request necessary information to ascertain entitlement to the refund. Cooperation with the merchant or supplier may also be beneficial. Within ten working days of receiving a refund request (or additional required information), the Financial Institution will either process the refund or provide reasons for refusal.

Payment Queries Beyond Eight Weeks: For payment queries made more than eight weeks after account debit or for payments to merchants or suppliers outside the EEA, the Financial Institution is not obligated to issue a refund. However, we will advise if any assistance is possible or suggest alternative actions.

Authorisation Requests: For security purposes and to reduce card misuse, the Financial Institution may refer authorization requests back to the merchant for additional information, which may lead to the Cardholder being asked for further identification.

Disputes with Merchants or Banks: If the Cardholder is in dispute or has a claim against a merchant, supplier, or bank regarding a transaction made with the Card, all sums unrelated to the dispute must still be paid to the Financial Institution. While the Financial Institution may provide time for the resolution of any claim or dispute, payment may still be required in accordance with the terms of this agreement.

19 Cash Transactions and Quasi Cash Transactions

Cash Transactions:

Cash Transactions, not limited to the following, encompass:
Transferring funds from the Account to other accounts.
Cash Transactions executed at the counters of any other bank or entity, charged to your Account.
Cash Transactions conducted through an Automated Teller Machine (ATM) or an Electronic Point of Sale (EPOS) system, debited to your Account.
Purchases of travelers' cheques and foreign currency, charged to your Account.
Interest on Cash Transactions will accrue as outlined in clause 9 of these terms and conditions.
Each Cash Transaction carried out through the Bank, whether executed at our branches, via the Bank’s 24x7 Internet Banking service, or at an ATM or EPOS of the Bank, incurs a fee as specified in the Tariff of Charges. Additionally, Cash Transactions conducted at any other bank or entity, or through any external ATM network or system or non-Bank EPOS, will also attract a fee in accordance with the Tariff of Charges.

Quasi-Cash Transactions:

A Quasi-Cash Transaction refers to transactions representing the purchase of items directly convertible into cash. These types of transactions are distinct in nature and may have different processing and fee structures as per the Bank's policies.

20 ADDITIONAL CARD

You may request us to issue the Additional card to Additional Cardholder Bank in a form and according to the procedure prescribed by us.

You authorise us to issue the Additional Card to Wallet Holder where the Cardholder may the User and you authorise each additional cardholder to authorise transactions on your behalf.

All Card transactions effected by the Cardholder will be charged to the Account.

Where you request us for the Additional Card issuing to Cardholder, you thereby:

represent that all information about the Cardholder provided by you is complete, accurate and true in all respects, and the Cardholder's consent to providing such information to us for processing has been obtained. You commit to immediately inform us on all changes in the said information;
commit to ensure that the Additional Card will be used only by the Cardholder stated in the application for the Card issuing;
undertake full liability for any fees, transactions, use or misuse of any Additional Card requested by you;
commit to communicate the Agreement to the cardholders before he or she starts using the Additional Card and ensure that the Cardholder complies with applicable provisions of the Agreement.

The issuance and use of Additional Cards are governed by the same standards and expectations as the primary Card, and the Primary Wallet Holder is responsible for the Cardholder's adherence to the Agreement's terms.

21 Agreement

21.1 Relationship or Agreement

Governing Law: These General Terms and Conditions, including all information provided through the Channels, are governed by and construed in accordance with the laws of Malta. By accessing or using the Channels, you hereby agree to the application of Maltese law in governing the conduct, operation, and use of the Channels. In relation to any claims or disputes that may arise concerning the Channels, their use, these General Terms and Conditions, the courts of Malta will have non-exclusive jurisdiction to address such matters.

The Channels have been developed for access and use within European Union (EU). They are not intended for distribution or use by any person or entity in any jurisdiction or country where such distribution or use would contravene local laws or regulations. If the Channels are accessed from outside of EU, such access and use are entirely at the individual's own risk and are subject to compliance with applicable local, national, or international laws.

Users of the Channels from outside of EU are responsible for adhering to their local laws and regulations. For advice on specific legal situations, users should seek the guidance of a qualified legal advisor. The Financial Institution does not imply that the Channels or the materials on them are appropriate for use outside of Malta, and it is prohibited to access the Channels from territories where their contents are illegal or unlawful.

Liability and Indemnification:

You agree not to hold us liable for any loss or damage incurred by any person due to your violation of these Terms and Conditions, or through your improper use of the Channels or any of its functions. The System and any software interfaces provided are designed to facilitate payments, and we do not assume responsibility for the underlying contractual relationships between customers and third parties, including beneficiaries.
We shall not be held accountable for any losses or costs, including consequential losses such as loss of business, which you may suffer as a result of our failure to fulfil our obligations due to:
Circumstances beyond our reasonable control that were unforeseeable and unavoidable despite our efforts, such as delays or failures caused by industrial action, problems with another system or network, mechanical breakdown, or data-processing failures.
Our need to comply with legal or regulatory obligations.
Furthermore, we are not liable for any losses, costs, damages, actions, or expenses that occur as a result of electronic transmission of information, via the Internet or otherwise, becoming known to unauthorized individuals, unless such incidents are the direct result of our gross negligence.
The terms and conditions that prescribe or infer liability or obligation beyond the termination of our agreement will remain enforceable post-termination, and any corresponding rights will be actionable.
By agreeing to these terms, you undertake to indemnify the Financial institution fully against all actions, proceedings, charges, damages, and expenses that the Bank may sustain or become liable for, directly or indirectly, as a result of granting you the use of the System. This indemnification covers any liability arising out of the Financial institutions’ performance of its duties, except in cases of the Financial institutions’ gross negligence.

Security Notice

While the Financial Institution implements robust measures to secure its systems, the absolute security of the Channels cannot be guaranteed against unauthorized third-party access or data corruption. As such, the confidentiality and integrity of data transmitted via the Channels may not be impervious to external interference.

It is incumbent upon you, the user, to promptly notify us of any individuals who are no longer authorized to access the Channels on your behalf. This ensures the continuous integrity and security of your account and access privileges.

You are obligated to take reasonable precautions to safeguard the confidentiality and security of your Card PIN, APP PIN, the Mobile App, and any biometric data linked to your account. This includes vigilance against the dissemination, loss, theft, or fraudulent use of your access credentials and devices.

Should you suspect that the security of your experience with the Channels has been breached, or if there is any indication that any aspect of your account may have been compromised, it is your responsibility to inform us without delay. Immediate notification should be made through the chat function available within our applications or by sending an email to [email protected]. Prompt reporting of such incidents is crucial in enabling us to take necessary protective actions to secure your account and prevent further unauthorized access or fraudulent activities.

Notification of Unauthorized or Incorrect Payment Transactions:

You are required to inform the Financial Institution promptly, without any undue delay, regarding the rectification of unauthorized or incorrectly executed payment transactions. Such notification must be made no later than thirteen months following the date of the transaction debit. Upon receipt of your notification, the Financial Institution will conduct an investigation. If it is determined to the Financial Institution's reasonable satisfaction that the transaction was unauthorized and you bear no liability, the Financial Institution will reimburse the account for the full amount of the unauthorized transactions, including any associated interest or charges paid due to the transaction, as well as any interest the Financial Institution would have paid on that amount, in excess of fifty Euros (€50). Following this reimbursement, the Financial Institution will not maintain any further liability to you.

Responsibility Prior to Notification:

You bear unlimited responsibility for all transactions executed via the Channels prior to the issuance of notification to us under this clause if you have:
Failed to utilize your PIN, Mobile App, and/or 3DS confirmation in adherence to these Important Information and Terms and Conditions of Use, especially if you have not taken all reasonable precautions to secure your Card PIN, Security Number/s, Mobile App, APP PIN, and biometric data, as applicable.
Not immediately notified us upon suspicion or detection of irregular, unauthorized transactions, or upon realization that your Channel Credentials have been compromised, lost, or stolen.
Not taken adequate measures to prevent dissemination, loss, theft, or fraudulent use, such as avoiding the recording of the Mobile device with the installed Mobile App, Card PIN, Security Number/s, and/or the APP PIN in any recognizable manner.
Acted with gross negligence or fraudulently in any manner.

Cooperation in Recovery and Investigation:

We require your cooperation and information to assist in the recovery of the APP PIN and to facilitate investigations into reported unauthorized transactions. You are, therefore, obliged to collaborate with us and law enforcement if necessary. If you are directed to report such incidents to the police, you must do so promptly. If you subsequently recover the PINs and/or the Mobile APP after reporting them lost or stolen, they should not be used; instead, they should be sent to us.

Adherence to User Instructions:

You must comply with any user instructions or changes thereto that we may issue from time to time, as these instructions may be subject to modifications in the interest of security and operational efficiency.

22 Safeguarding requirements

The Financial Institution hereby clarifies that the Malta Depositor Compensation Scheme does not extend to your Account and BCC. However, we prioritize the security and integrity of your finances. To this end, we are committed to safeguarding all funds received from you, our valued customers.

In compliance with this commitment, all customer funds are segregated from the Financial Institution's own funds and are deposited into a distinct bank account housed within a credit institution located in a jurisdiction recognized for its robust regulatory framework. This measure ensures that, in the extraordinary event of our insolvency, any funds that have been credited to your Account will be insulated from claims made by our creditors.

This safeguarding provision is instituted to provide an additional layer of protection for your assets, reflecting our dedication to financial security and trust.

23 AMENDMENT OF GENERAL TERMS AND CONDITIONS

The Financial Institution reserves the right to modify these Terms and Conditions, including any associated charges, at its discretion. In the event of such amendments, the Financial Institution will provide the Wallet Holder with a two-month notice period before the changes take effect, unless a shorter period is permitted by applicable law.

Acceptance of Amendments: The Wallet Holder will be considered to have accepted the proposed amendments if the Financial Institution does not receive a notification of non-acceptance before the effective date of such changes. If the Wallet Holder does not agree with the amendments and notifies the Financial Institution before they come into force, the Agreement will be terminated without any charge for such termination.

Changes Beneficial to Wallet Holder: Amendments that are beneficial to the Wallet Holder may be made without prior notice. The Financial Institution will notify the Wallet Holder of such beneficial changes as soon as reasonably practicable, either through a notice in the local press, on the Financial Institution's website at blackcat.app, or via the chat function.

Right to Immediate Changes: The Financial Institution may implement changes without notice if the Wallet Holder is, or is likely to be, in breach of these Terms and Conditions, in default, or where there is a change in legislation, or following a directive or recommendation from a judicial or regulatory authority. The Financial Institution will notify the Wallet Holder of such changes as soon as reasonably possible or, if applicable, by publishing the changes in the local press, on the Financial Institution's website at blackcat.app, or through the chat function.

Personalized Tariff Agreements: In addition to the aforementioned terms, the Financial Institution offers the possibility of personalized tariff arrangements, which are subject to a separate agreement between Papaya Ltd and the Wallet Holder. Such personalized tariff agreements are only valid upon the mutual consent and signature of both parties involved. Upon entering into such an agreement, the specific terms and conditions, including any special charges or rates, will be detailed in the accompanying documentation and will take precedence over the standard Tariff of Charges to the extent that there is any inconsistency.

24 Termination of a Payment Service

You, as the Wallet Holder, retain the right to terminate a Payment Account or Payment Service, including those related to SEPA Credit Transfer (article 4.20) and Third Party Provider (TPP) services (article 4.21), at your discretion. However, termination is subject to the following conditions:

Compliance with any agreed-upon notice period, which shall not exceed one month.
Settlement of any outstanding amounts owed to the Financial Institution or resolution of any breach of these Terms and Conditions.

The Financial Institution may also initiate termination of the Payment Service, provided that you are given a minimum of two months' notice. There will be no charge for termination by either party under standard conditions.

Notwithstanding the above, the Financial Institution reserves the right to impose a termination fee if the Payment Service is concluded within six months of commencement. This fee structure is designed to offset the administrative costs associated with the early termination of the Payment Service.

25 CONFIDENTIALITY

We acknowledge that all information supplied by you to us and related to you, Transaction and our relations with third persons, is confidential and shall not be disclosed to third persons without your consent, except the information that:

is publicly available;
is required for financial institutions involved in execution of the Transaction applied for by you, at their request;
is your information supplied to the beneficiary of the payment applied for by you, according to the requirements of the payment processing schemes;
we are obliged to disclose or furnish to third parties in accordance with the requirements of applicable legal acts;
is disclosed to third parties that supervise and audit our operations;
is provided to our outsource service providers, personal data operators and attorneys;
is provided to our cooperation partners that provide services to us or with whom we otherwise cooperate for the sake of execution of your Transactions, our transactions or functions, or for complying with the requirements set forth in the applicable legal acts.

Confidential information is our secret and is not to be disclosed. Confidential information may only be disclosed in compliance with the requirements of applicable legal acts, these General terms and conditions and blackcat.app/data-protection-policy.

You shall agree that we are entitled to record and keep all intercommunication without prior notification and to unilaterally choose technical means for recording the same. We shall record and keep all intercommunication in accordance with the requirements of applicable legal acts and blackcat.app/data-protection-policy. You shall agree that we are entitled to use intercommunication records as evidence for protecting our interests in settling disputes and in court. We shall not be obliged to store intercommunication records for the benefit of you.

26 FEES AND CHARGES

You shall pay remuneration for services rendered by us - fees and charges according to the procedures and to the amount stated in the Agreement and Fee Information document, further Tariffs of Fees.

We shall be entitled to unilaterally amend the Tariffs of Fees in accordance with the procedure described in Paragraph 21.

The currency exchange rates set by us shall not be included in Tariffs of Fees and shall be stated at the moment of rendering the Service. The currency exchange rates may be changed any time without prior notification, also during the Business day, considering currency exchange rate fluctuations in financial markets. Those amendments shall become effective upon publishing the changes in APP and on Website.

The fees and charges must be paid before execution of the Service, unless we have stated different procedures in the Agreement and/or in Tariffs of Fees. Unless you have paid the fees and charges to us, we are entitled to cease rendering definite Service to you or refuse rendering the Service without any notice. If we terminate or refuse rendering the Service to you, we shall not be responsible for your losses or other additional expenses of you. If we continue rendering the service, we consequently acquiring the corresponding rights of claim towards you of the amount equal to unpaid fees and charges.

Where the Services provided by us are suspended pending documentation or information required from you in relation to our obligations under this terms and conditions, the monthly fee will continue to be applied to you.

We are entitled to debit your Account with amount of any claim due under the Transactions you applied for (including amounts of payments applied for by you, fees and charges, taxes, duties, etc.) that you have undertaken to perform and/or we are entitled to without acceptance by you.

If taxes, duties or similar payments are levied on charges, we shall be entitled to withhold such payments from you, with the charge amount being increased accordingly.

You should be aware that other taxes, duties or similar costs may exist that are related to our Services, but are not paid via us or imposed by us.

Should you have any queries about the fees and charges, actual currency exchange rates or any other information, please contact us using the details in blackcat.app/support.

27 Updated Customer Records

As an Wallet Holder, you carry the responsibility to provide accurate information to the Financial Institution and to promptly update any changes to your personal details. It is imperative that you notify us immediately of any alterations in your:

Residential and correspondence addresses.
Email address.
Mobile phone number.
Legal name.
Nationality or citizenship.
Occupation or sources of income.

Neglecting to update your personal information may lead to missed critical communications or the inadvertent delivery of your information to unauthorized individuals. Additionally, the Financial Institution has a statutory duty to maintain current records of its customers. Consequently, we may request supplementary documentation to corroborate updates to certain aspects of your information. We will inform you of the necessary means to submit these documents, which may vary from electronic submission, postal delivery, or direct provision at the Papaya Ltd head office, contingent upon the nature of the update.

We will also periodically solicit confirmation or updates to your details to ensure our records remain current. Should you fail to provide the required documentation and information upon request, it may necessitate the cessation of services provided by the Financial Institution to you.

28 CUSTOMER SERVICE

You agree, that all communications between us and you shall be in the English language.

Our Customer Services team are normally available from 9 am to 5.30 pm (CET) Monday to Friday, excluding national and public holidays in Malta. During these hours we will endeavour to resolve all enquiries immediately. You can contact our Customer Services team by the following methods:

writing to us via APP;
calling by phone: +356 20 155 500
writing to email:
regarding your PIN and Card (including Lost Cards): [email protected]
for other matters and requests: [email protected]
writing to us or visiting us - Papaya Ltd., 31 Sliema Road, Gzira GZR 1637, Malta.

The Financial Institution will utilize the contact details provided by you, the Wallet Holder, for all necessary communications. Given that some communications may contain confidential and financial information, it is imperative that you maintain the accuracy and currency of your contact details and promptly notify us of any changes. The English language shall be the default language for interpreting this Agreement and for all related communications, unless an alternative agreement is in place.

The Financial Institution may employ any of the following methods to communicate with you, based on the information you have supplied:

Mobile phone number, through calls or SMS
Email address
Postal service
Chat function within our services
Push notifications on devices

Notices regarding amendments to terms and conditions and the Tariff of Charges will be disseminated with a minimum of two months' notice via electronic means to Wallet Holders utilizing the Channels. A notification via email, SMS, push notification, or chat, as appropriate, will be issued once the updates are available on an alternate channel. It is recommended that you regularly monitor your Mailbox to stay informed of pertinent information we may send.

In the event that no objection is received to proposed changes within the framework contract, such changes will be considered accepted by you. The Financial Institution reserves the right to introduce additional communication methods in the future.

We bear no responsibility for communications that do not reach you if they have been dispatched to the contact details you have provided. We will deem such communications as received. Telephonic and other forms of communications with us may be monitored or recorded for the purposes of maintaining and enhancing our Channels, as well as for security, audit, or training purposes. Moreover, in the case of any disputes related to given Instructions or purported Instructions, our records shall serve as prima facie evidence for the resolution of such disputes.

You acknowledge and agree not to bypass the receipt of any messages. Electronic messages are considered received by you once they are made available to you.

29 Bank – Customer Termination

Notwithstanding the provisions outlined in previous clauses and any specific agreements established between you and the Financial Institution, we retain the authority to unilaterally and in good faith terminate, in whole or in part, the business relationship with you at any time. Such a right to discontinue the relationship is reserved for instances where there are substantial legal grounds, particularly concerning attempts, actual acts, or suspicions of involvement in money laundering, financing of terrorism, or any other criminal activities. This action will be taken in accordance with the appropriate legal frameworks and regulatory obligations, ensuring that the Financial Institution acts within its legal rights and responsibilities when terminating a business relationship under such serious circumstances.

30 Severance

Each clause within these Terms and Conditions operates independently. Should any provision, which is not deemed fundamental, become illegal, invalid, or unenforceable at any point, this will not affect or diminish the legality, validity, or enforceability of the remaining provisions. The integrity of these Terms and Conditions as a whole is designed to be upheld, ensuring that the remainder of the agreement remains intact and enforceable, even if individual non-essential clauses do not.

31 Waiver

The extension of any period of grace or leniency granted by us to you, or any waiver by us of a breach by you of any term within these Terms and Conditions, shall not in any way diminish or waive our rights and powers under these Terms and Conditions. No such extension or waiver shall constitute a permanent modification of the terms or an ongoing waiver of that term.

32 Complaints

Complaints may be submitted in English language. Should you have any grievances concerning our products or services, we encourage an initial discussion through our chat service or with an official at Papaya Ltd's Head Office. If the matter remains unresolved to your satisfaction, you have the following options for escalation:

Reach out to our Customer Service Centre via our contact portal at https://blackcat.app/support.
Send a written communication to The Manager, Customer Issues, at Papaya Ltd, located at Sliema Road 31, Gzira, GZR-1637, Malta.
address your complaint in an electronic format and email it to [email protected] .

We are committed to responding to your complaints promptly and comprehensively, either on paper or another durable medium such as through the APP. Our response will address all issues raised within a reasonable period, no later than 15 Business Days from the receipt of the complaint. Should exceptional circumstances arise that prevent us from responding within 15 Business Days, we will issue an interim response specifying the reasons for the delay and the expected date for our final response, not to exceed 35 Business Days.

If the resolution provided by us does not meet your satisfaction, or if an agreement cannot be reached, you have the right to take the issue further in writing to:

The Office of the Arbiter for Financial Services, if you qualify as an eligible customer, at First Floor, Pjazza San Kalcidonju, Floriana FRN 1530, Malta. Additional details are available at http://www.financialarbiter.org.mt, with contact options including a Freephone for local calls at 8007 2366 and a direct line at 2124 9245.
The Central Bank of Malta, if you do not qualify as an eligible customer, as per the applicable criteria.

33 Distance Selling Regulations

The Distance Selling (Retail Financial Services) Regulations of 2005, as promulgated by Legal Notice 36 of 2005 and subsequently amended, are applicable if your engagement with the Bank is conducted at a distance, such as via the internet, our Channels, email, telephone, postal service, or other non-face-to-face channels. These Regulations apply exclusively to consumers engaged in personal, non-business-related financial activities.

You are entitled to cancel your agreement for a financial product or service within fourteen (14) days from the date of application or receipt, provided that the entire application process has occurred away from the Financial institution’s business premises. This cancellation right is not universal and does not extend to all financial products and services. To enact your cancellation rights, a written notice must be submitted to the Financial institution, addressed to your branch, within the specified fourteen-day period.

Upon exercising your right to cancel, you are obligated to repay any outstanding sums and to return any cheque books or cards issued to you within thirty (30) days from the issuance of your cancellation notice. Should you choose not to exercise this right, the Bank will proceed under the assumption that you consent to the continuation of the agreement under its established Terms and Conditions.

34 PERSONAL INFORMATION

Commitment to Data Protection: The Financial Institution is committed to protecting your personal data in accordance with the Data Protection Act (Chapter 586 of the Laws of Malta) and the General Data Protection Regulation (EU) 2016/679 ("GDPR"), as well as any other applicable regulations concerning data protection.

Collection of Personal Data: We collect personal data that you provide directly to us during the application process, throughout our relationship, and from the use of our services. This may include contact details, identification information, financial details, transaction history, and other personal information required for us to provide our services to you. (refer to http://blackcat.app/data-protection-policy)

Use of Personal Data: The personal data collected will be used for the purposes of account administration, providing our services and products, meeting legal and regulatory requirements, and for any other purposes to which you have consented.

Disclosure of Personal Data: Your personal data may be shared with third parties only when necessary for the provision of services, for the fulfilment of regulatory obligations, or when required by law. Third parties may include service providers, regulatory bodies, law enforcement agencies, and other financial institutions.

Data Retention: The Financial Institution will retain your personal data for as long as necessary to fulfil the purposes for which it was collected, to satisfy any legal, accounting, or reporting requirements, and to resolve disputes or enforce our agreements.

Data Subject Rights: As a data subject, you have the right to access your personal data, request correction or deletion, object to processing, and request data portability in certain circumstances. You also have the right to withdraw consent at any time, where relevant.

Security Measures: We implement robust technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.

Data Protection Officer: The Financial Institution has appointed a Data Protection Officer (DPO) to oversee compliance with data protection laws and regulations. The DPO can be contacted for any inquiries or concerns regarding data protection.

Notification of Breaches: In the event of a personal data breach, we will notify you and the relevant authorities as required by law, outlining the nature of the breach, the possible consequences, and the measures being taken to address it.

Updates to the Policy: This policy may be updated from time to time to reflect changes in our practices or legal requirements. You will be notified of any significant changes to the policy.

Contact and Complaints: If you have any questions, complaints, or require further information about how we use your personal data, please contact our Customer Service Centre. If you believe that your data protection rights have been breached, you have the right to lodge a complaint with the Office of the Information and Data Protection Commissioner of Malta.

This section of the Terms and Conditions is intended to ensure full transparency regarding our data processing activities and to affirm your rights as a data subject under the applicable data protection legislation.

35 OBLIGATION OF COOPERATION AND INFORMATION PROVISION

Compliance with Anti-Money Laundering Laws: In adherence to regulations concerning the prevention of money laundering and the financing of terrorism, we are required to obtain, verify, and record information that identifies each individual or entity that engages in financial transactions with us.

Provision of Information: You are obligated to supply us with all necessary information and documentation as we may require to fulfil our regulatory obligations. It is your responsibility to promptly inform us of any changes or updates to the information or documents provided.

Verification of Transactions: The account statement shall constitute prima facie evidence of the transactions executed. You are required to present us with any documentary proof or information regarding discrepancies between the recorded transactions and those executed, or any transactions that were unauthorized.

Disclosure of Material Facts: You must inform us of any known facts or occurrences that could potentially result in an undue advantage for you or cause financial loss to us, in accordance with the provisions outlined in https://blackcat.app/support.

Tax Compliance Duties: We are mandated to perform due diligence and report details pertaining to you and your account(s) under Maltese tax legislation. Should there be grounds to believe you are subject to tax obligations in jurisdictions beyond Malta, we may be compelled to disclose information about you and your account(s) to Maltese or other relevant tax authorities. This disclosure may occur directly or through the Maltese tax authority, which may relay the information to foreign tax agencies. Upon our request for additional documentation or information for this purpose, you must provide it expeditiously. Failure to comply may lead to the suspension or closure of your account, or, as dictated by law or regulation, we may be required to withhold portions of payments to your account and remit those funds to the respective tax authorities.

FATCA and CRS Information: For comprehensive details on the Foreign Account Tax Compliance Act (FATCA) and the Common Reporting Standard (CRS), please consult the information previously provided to you or that which is available on our website.

36 SHORT MESSAGING

Notification via Mobile Messaging: We shall send short message notifications (PUSH/SMS) to the mobile phone number you have provided.

Scope of Notifications: These messages aim to keep you informed about various activities, including but not limited to notifications for APP access, transactional updates on your Account (such as credits and debits), as well as authorizations of Transactions, and other account-related events.

Obligation to Review Messages: It is your responsibility to promptly read and examine any messages we send. If we do not receive any communication from you within 24 hours of the message being sent, regarding discrepancies or errors in the message content, the details within the message will be considered as accurate and confirmed by you.

37 Chargebacks and Transaction Claims

Chargebacks: As part of the services provided under these Terms and Conditions, the Financial Institution processes chargebacks in accordance with MasterCard rules and regulations. A chargeback is a transaction reversal meant to serve as a form of consumer protection from fraudulent activity committed by both merchants and individuals.

Initiation of Chargebacks: You, as the Cardholder, may initiate a chargeback request if you believe a card transaction was processed in error or is fraudulent in nature. To do so, you must contact our customer service within the timeframe specified by MasterCard regulations, providing all necessary documentation and evidence to support your claim.

Chargeback Process: Upon receipt of a chargeback request, the Financial Institution will investigate the claim by liaising with the merchant's bank. If the chargeback is accepted, the transaction amount will be credited back to your account.

Grounds for Chargebacks: Chargebacks may be filed under several circumstances, including but not limited to unauthorized use of the card, services or goods not received, or transactions not processed in accordance with the agreed terms.

Transaction Claims: In the event of a dispute where a chargeback is not applicable or if a chargeback has been denied, you may raise a transaction claim.

Definition of Transaction Claim: A transaction claim refers to a formal complaint lodged by you when you have a grievance against a merchant, and a chargeback cannot be processed. This may occur if the grounds for a chargeback under MasterCard rules are not met, or if the chargeback process has been exhausted without resolution.
Filing a Transaction Claim: To file a transaction claim, you must submit a written statement to the Financial Institution detailing the nature of the dispute, including any relevant evidence.
Handling of Transaction Claims: The Financial Institution will review the claim and attempt to mediate between you and the merchant. If the Financial Institution determines that the claim has merit, it will take appropriate action, which may include negotiating a settlement with the merchant on your behalf.
Unfounded Transaction Claims: If a transaction claim is determined to be without basis, you may be subject to a transaction claim fee as outlined in our Tariffs of Charges. This fee compensates for the administrative costs incurred during the claim investigation process.
Resolution of Transaction Claims: The outcome of a transaction claim is contingent upon the evidence provided and the cooperation of the parties involved. The Financial Institution will communicate the result of the claim to you once a determination has been made.

By agreeing to these Terms and Conditions, you acknowledge and consent to the procedures and fees associated with chargebacks and transaction claims as outlined above.

38 AFFILIATE PROGRAM

38.1 AFFILIATE PROGRAM CONDITIONS

Agreement to Affiliate Program:

By applying for our Services, you consent to enrol as a participant in the affiliate program, which may include a Cashback program, administered by our partner, BALTIC TECHNOLOGY SOLUTIONS OÜ, subject to the Terms and Conditions of BALTIC TECHNOLOGY SOLUTIONS OÜ (hereinafter referred to as the "Affiliate Program").

Acknowledgement of Terms:

In conjunction with the application for and utilization of our Services and the Affiliate Program, you affirm that you have reviewed, comprehended, and agreed to the Terms and Conditions set forth by BALTIC TECHNOLOGY SOLUTIONS OÜ.
You hereby grant permission for the transfer of your personal data to BALTIC TECHNOLOGY SOLUTIONS OÜ, in its capacity as data controller, to the degree required for the establishment and continuation of a contractual relationship with BALTIC TECHNOLOGY SOLUTIONS OÜ. Your privileges as a data subject are delineated in the Data Protection Policy of BALTIC TECHNOLOGY SOLUTIONS OÜ.

Discontinuation of Participation:

You reserve the right to terminate your involvement in the Affiliate Program or any component thereof by following the procedures outlined in the Terms and Conditions of BALTIC TECHNOLOGY SOLUTIONS OÜ. Such termination should be affirmed through a notification submitted via the APP.

Reinstatement in Cashback Program:

Should you wish to reactivate your participation in any of the Cashback programs offered by our partner, BALTIC TECHNOLOGY SOLUTIONS OÜ, you may do so by dispatching a confirmation through the APP.

By subscribing to our Services, you acknowledge and agree to the stipulations mentioned above, which govern your membership in the Affiliate Program. Your engagement in the Affiliate Program is at your discretion, and you may opt to commence or cease participation in accordance with the terms provided by BALTIC TECHNOLOGY SOLUTIONS OÜ and communicated via the APP.

39 Partnership

39.1 Linked Wallets

General Overview

Linked Wallets are virtual-asset wallets offered and operated by Manerio UAB, a virtual-asset service provider (VASP) registered and supervised in the Republic of Lithuania. They are technically integrated into our mobile application (“APP”) and Web Portal interface.

The service allows Wallet Holders to view, fund, and withdraw digital assets while using a single interface that connects their Wallets (fiat) with Linked Wallets (virtual assets).

All Linked Wallets and the assets therein are entirely held, managed, and safeguarded by Manerio UAB, not us. We provides only a technical connection and consolidated display within the APP.

Supported Assets

The following digital assets are currently supported by Manerio UAB within the Linked Wallet environment:

Bitcoin (BTC)
Ethereum (ETH)
USD Coin (USDC) – TRC-20 (Tron network)
USD Coin (USDC) – ERC-20 (Ethereum network)

Additional assets may be introduced or removed by Manerio UAB in accordance with network, regulatory, or risk-management considerations.

Legal Relationship and Liability

Papaya Ltd is not the custodian, broker, or exchange operator for any digital assets.

The contractual counterparty for all custody, transfers, conversions, and blockchain interactions is Manerio UAB.

We:

(a) (a) does not hold or safeguard any crypto assets;

(b) (b) is not responsible for blockchain settlement or private-key management; and

All transactions and balances in Linked Wallets are governed by the Manerio UAB Terms of Service, which the Wallet Holder must accept before activation.

Activation and Consent

To activate Linked Wallets, the Wallet Holder must:

(a) open the “Linked Wallets” section of the APP;

(b) provide explicit consent for data sharing between us and Manerio UAB; and

By granting consent, the Wallet Holder authorises us to transmit limited personal and technical data (e.g., name, user ID, verification status) to Manerio UAB solely for linkage purposes, in line with GDPR Articles 6(1)(a) and 28(3).

Transfer Rules

The Linked Wallet function is designed exclusively for self-owned wallets. The Wallet Holder can add, view, and operate only Linked Wallets belonging to the same individual or legal entity that holds the Wallet with us.

Consequently, for any transfer between a Wallet (fiat) and a Linked Wallet (virtual asset), the sender and receiver are the same person — the Wallet Holder.

Transfers therefore constitute internal value exchanges between the Wallet Holder’s own holdings in different asset forms, and do not represent payments to third parties.

When a Wallet Holder initiates a transfer:

(a) from a Wallet (EUR) to a Linked Wallet (BTC, ETH, USDC), this constitutes a purchase or conversion of virtual assets;

(b) from a Linked Wallet to a Wallet (EUR), this constitutes a sale or reconversion of virtual assets;

(c) each conversion is processed by Manerio UAB using the prevailing market rate and network fees displayed in the APP before confirmation.

WE act solely as the initiating interface and never executes the blockchain transfer itself. Execution, confirmation, and settlement occur entirely within Manerio UAB’s infrastructure.

Because both the sender and receiver are the same Wallet Holder, we and Manerio UAB jointly record the transaction under AML/CFT requirements as an “own-account transfer”. Nevertheless, both institutions preserve information identifying the originator and beneficiary as required by Regulation (EU) 2023/1113 on fund and crypto-asset transfers (the “EU Travel Rule”).

It may decline or delay any transfer request that raises AML/CFT, sanctions, or fraud-risk alerts until the matter is resolved.

Exchange and Settlement

Currency or asset exchange rates applicable to transfers are provided by Manerio UAB and displayed prior to authorisation.

Settlement times depend on the relevant blockchain network and cannot be guaranteed.

We provide real-time status updates in the APP based on data received from Manerio UAB. These updates are indicative and not binding confirmations of blockchain settlement.

Risk Disclosure

The Wallet Holder acknowledges that digital-asset operations involve high volatility, potential loss of value, network congestion, and irreversible transactions.

Errors in wallet addresses, unsupported tokens, or networks may result in permanent loss of assets.

Papaya Ltd does not provide investment advice and strongly recommends independent professional assessment before performing conversions or transfers.

Suspension and Termination

Papaya Ltd may temporarily disable the Linked Wallet interface to comply with AML/CFT obligations, address cybersecurity concerns, or upon suspension of Manerio UAB’s services.

Such suspension does not affect ownership of assets held at Manerio UAB. Access to them remains available through Manerio UAB’s direct platform.

The Wallet Holder may disconnect Linked Wallets at any time through the APP; this revokes data-sharing consent and disables display of Linked Wallet balances.

AML/CFT and Compliance

Papaya Ltd and Manerio UAB each maintain independent AML/CFT frameworks and monitoring procedures.

Transfers between fiat and virtual-asset environments are subject to identity verification, transaction screening, and reporting under Maltese PMLFTR and Lithuanian AML Law.

The Wallet Holder undertakes not to use Linked Wallets for any illicit purpose or to conceal ownership of funds.

Where suspicious activity is detected, both institutions may freeze associated fiat or virtual balances pending investigation.

Data Protection

Data exchange between usd and Manerio UAB is governed by a Data-Processing Agreement compliant with Article 28 GDPR.

Each party acts as an independent controller for its processing operations.

Withdrawal of consent through the APP immediately terminates the data link and Linked Wallet functionality.

Disclaimer of Responsibility

We provides access to Linked Wallets solely for convenience.

We:

does not hold or safeguard virtual assets;
does not guarantee performance or value;
is not liable for network or blockchain failures; and
limits its responsibility to the secure operation of the interface and transmission of instructions.

Applicable Law

The relationship between us and the Wallet Holder in respect of Linked Wallet integration is governed by Maltese law.

The custody and management of digital assets by Manerio UAB are governed by Lithuanian law.

Disputes shall be subject to the jurisdiction of the courts of Malta, without prejudice to consumer rights in the Wallet Holder’s country of residence.

Security

Visit security center

Secure Card Payments

We adhere to the Payment Card Industry Data Security Standard (PCI DSS), ensuring your card details are handled with the highest level of care.

Protected Online Transactions

3D Secure technology adds an essential safeguard to every digital purchase.

Certified Information Security

Our systems align with ISO 27001 and undergo regular independent audits, the latest in December 2024, to uphold robust data protection.

Privacy and Oversight

Fully GDPR compliant and licensed by the MFSA, we uphold strict standards for data privacy and regulatory transparency.