(1) A payment service provider issuing a payment instrument shall -
(a) ensure that the personalised security credentials of the payment instrument are not accessible to parties other than the payment service user that is entitled to use the payment instrument,
(b) refrain from sending an unsolicited payment instrument, except where a payment instrument already given to a payment service user is to be replaced,
(c) ensure that appropriate means are available at all times to enable the payment service user concerned to make a notification pursuant to Regulation 93(1)(b) or to request the unblocking of a payment instrument pursuant to Regulation 92(4),
(d) on request, provide the payment service user concerned with the means to prove, for 18 months after notification, that the payment service user made a notification referred to in subparagraph (c),
(e) provide the payment service user concerned with an option to make a notification pursuant to Regulation 93(1)(b) free of charge and char
…