(1) The payment service provider that issues a payment instrument has the following obligations:
(a) that of making sure that the personalised security features of the payment instrument are not accessible to anyone other than the payment service user entitled to use the instrument;
(b) that of not sending an unsolicited payment instrument unless a payment instrument already given to the same payment service user is to be replaced;
(c) that of ensuring that appropriate means are available at all times to enable the payment service user concerned to give a notification under Regulation 70(1) (b) or ask for the unblocking of the instrument;
(d) on request, to provide the payment service user with the means to prove, for 18 months after giving such a notification, that he or she did so; and
(e) that of preventing the use of the instrument once such a notification has been given.
(2) Nothing in paragraph (1) detracts from the obligations of a payment service user under Regulation 70.