(1) A payment service provider issuing a payment instrument must -
(a) subject to regulation 57, ensure that the personalised security features of the payment instrument are not accessible to persons other than the payment service user to whom the payment instrument has been issued;
(b) not send an unsolicited payment instrument, except where a payment instrument already issued to a payment service user is to be replaced;
(c) ensure that appropriate means are available at all times to enable the payment service user to notify the payment service provider in accordance with regulation 57(1)(b) or to request that the use of the payment instrument is no longer stopped in accordance with regulation 56(6);
(d) on request, provide the payment service user at any time during a period of 18 months after the alleged date of notification under regulation 57(1)(b) with the means to prove that such notification to the payment service provider was made;
(e) prevent any use of the payment instr