(1) A payment service user to whom a payment instrument has been issued must -
(a) use the payment instrument in accordance with the terms and conditions governing its issue and use; and
(b) notify the payment service provider in the agreed manner and without undue delay on becoming aware of the loss, theft, misappropriation or unauthorised use of the payment instrument.
(2) Paragraph (1)(a) applies only in relation to terms and conditions that are objective, non-discriminatory and proportionate.
(3) The payment service user must take all reasonable steps to keep safe personalised security credentials relating to a payment instrument or an account information service.