(1) A payment service provider issuing a payment instrument must -
(a) ensure that the personalised security credentials are not accessible to persons other than the payment service user to whom the payment instrument has been issued;
(b) not send an unsolicited payment instrument, except where a payment instrument already issued to a payment service user is to be replaced;
(c) ensure that appropriate means are available at all times to enable the payment service user to notify the payment service provider in accordance with regulation 72(1)(b) (notification of loss or unauthorised use of payment instrument) or to request that, in accordance with regulation 71(6), the use of the payment instrument is no longer stopped;
(d) on request, provide the payment service user at any time during a period of 18 months after the alleged date of notification under regulation 72(1)(b) with the means to prove that such notification to the payment service provider was made;
(e) provide the payment ser
…