Мы используем cookie-файлы
Хорошо
Login to personal account
RULES for implementation of activities in the payment organization FREEDOM PAYMENTS JSC
RULES for implementation of activities in the payment organization FREEDOM PAYMENTS JSC
1. General Provisions
1.1. These Rules (hereinafter referred to as the Rules) of the payment organization Freedom Payments JSC define uniform conditions and procedures ensuring the implementation of transactions in the System of the Payment Organization Freedom Pay, and establish general requirements for the procedure for the System functioning, for the provision of payment services and for interaction between the System Participants.
1.2. The Rules have been developed in accordance with the Law of the Republic of Uzbekistan "On Payments and Payment Systems" and other regulatory legal acts of the Republic of Uzbekistan.
1.3. These Rules are mandatory for adherence by all the System Participants. Either Participant shall guarantee to the other Participants that it has the necessary legal capacity (legal personality), as well as all the rights and powers necessary and sufficient to access these Rules and fulfill obligations in accordance with all their terms and conditions.
2. Terms and Definitions
The terms used in the text of these Rules have the following meaning:
Authentication is a set of procedures established by the System Operator and communicated to the System Participants, and a set of measures to confirm the authenticity and correctness of the composition of electronic messages, as well as to establish the fact of transmission of the electronic message directly by the System Participant indicated as the payer.
Uninterrupted System Operation is an integrated property of the System, denoting its ability to prevent disruptions in proper functioning (including preventing the suspension (termination) of operations or their improper performance), as well as to restore proper functioning in the event of a disruption.
Identification is a procedure consisting in establishing the identity of an individual and/or legal entity on the basis of a provided set of documents certifying the identity of the individual and the constituent documents of the legal entity, necessary for identifying clients and registering them in the System with the entry of relevant data into the System.
Client/Payer is an initiator, a resident or non-resident, an individual who has the necessary legal capacity in accordance with the legislation of the Republic of Uzbekistan to make Payments.
Payment recipient/Service provider – beneficiary, resident or non-resident, legal entity and/or individual registered as an individual entrepreneur who has entered into a separate agreement with the Payment Organization, and in whose favor the Client makes a payment for goods, works and/or services, or an individual accepting funds from the Client that are not related to entrepreneurial activity as part of the functioning of the Electronic Money System.
Payment Organization/System Operator is Freedom Payments JSC.
Freedom Pay System/System is a set of software and hardware tools, documentation, organizational and technical measures that ensure the implementation of payments.
Settlement Participants include
Bank, Payer and Service Provider.
Chargeback (Dispute Financial) is a demand by the issuing bank for the need to return to the cardholder the amount of the disputed payment, in the event of improper performance by the Service Provider of its obligations to provide services, or in the event of receipt by the issuing bank of an application from the cardholder from whose card account the payment was made, regarding the unlawful debiting of money from this card account in order to pay for services.
Payment is a non-cash payment transaction using the System, paid by the Payer to the Payment Recipient/Service Provider for goods/works/services sold by the latter.
3. Description of Payment Services Provided by the Payment Organization
3.1. Services related to electronic payment processing and transferring the necessary information to the bank to make payments or accept funds under these payments.
Services related to electronic payment processing and transferring the necessary information to the bank to make payments or accept funds under these payments are carried out through the interaction between the Payment Organization System and the Bank System and in compliance with the requirements of applicable legislation of the Republic of Uzbekistan.
4. Procedure and Terms for Providing Payment Services to Clients of the Payment Organization
4.1. Services related to electronic payment processing and transferring the necessary information to the bank to make payments or accept funds under these payments (hereinafter referred to as the Service) are carried out as follows:
4.1.1. The Payment Organization, within the framework of the agreement concluded with the Bank (servicing the Payment Organization), ensures the acceptance of payments initiated by the Payer using bank cards indicating the purpose and the beneficiary of the corresponding payment, and subsequently submits the payment details for its execution to the corresponding Bank, and the Bank, in turn, executes the Client's instructions transmitted through the Payment Organization in electronic form.
4.1.2. The Client initiates transactions/payments via WEB-applications, online applications, mobile applications (applications for mobile devices), self-service terminal software, widgets and other applications that make the Client capable of initiating electronic orders to debit funds from the Client's bank account/the Client's bank card, with their crediting to the Bank for subsequent execution of the Client's order/instruction received by the Payment Organization from the Client and transferred by the Payment Organization to the Bank.
4.1.3. When providing the payment service, the Payment Organization shall ensure the following algorithm of actions:
1. The Client logs into the relevant application/website of the Payment Recipient via the Internet/mobile phone, selects the required amount of goods/works/services and initiates the payment procedure;
2. The System payment page appears before the Client, where the Client gets acquainted with the relevant application and/or website and agrees to the terms of these Rules and the Policy on the collection, processing and security of personal data of the Payment Organization within the framework of the activities of the Payment Organization. The Client also provides the Payment Organization with consent to the collection, processing, storage and cross-border transfer of personal data; the Client initiates a payment in favor of the Payment Recipient via the application/website in the payment showcase without following to external resources;
3. The Client enters the details for the payment execution by the Bank in the payment showcase;
4. To make the payment, the Client enters the bank card details;
5. The Payment Organization initiates the Client's order received in electronic form by sending a relevant request to the Bank;
6. The Bank, having received confirmation from the Payment Organization and the Client, debits the Client's bank card with the amount of the transaction initiated by the Client, taking into account the commission fee due to the Bank and the Payment Organization, if there is a condition on withholding the commission fee in the public offer or in another document, the terms of which were agreed by the Client;
7. The Payment Organization receives confirmation of the Payment execution from the Bank;
9. The Payment Organization issues the Client an electronic confirmation of the Payment executed by the Client and the debiting of the Payment Organization's commission fee from the Client, if there are conditions provided on withholding the commission fee;
10. The Bank, based on the data received electronically in the course of the Payment, transfers funds for the Payments to the Bank's transit account, for the purpose of subsequent transfer of these funds in favor of the Service Provider, after deduction of the commission fee due to the Bank and the Payment Organization. The terms of funds transfer in favor of the Service Provider are stipulated within the framework of the concluded agreement between the Service Provider and the Payment Organization. Transfers of funds within the framework of the activities of the Payment Organization in favor of the Service Provider are carried out taking into account the applicable legislation of the Republic of Uzbekistan.
5. Cost of Payment Services (Tariffs) Provided by the Payment Organization
5.1 Once the Payment Organization/Bank receives a Chargeback request, the Payment Organization shall submit a written request (in hard or electronic form) to the Service Provider to provide documents confirming the fulfillment of obligations to supply goods/works/services.
5.2. The Service Provider shall provide the Payment Organization with the documents requested by the Payment Organization in accordance with the terms of these Rules within 2 (two) business days from the date of receipt of such request.
5.3. In the absence of the documents from the Service Provider required for submission to the Payment Organization/Bank in accordance with paragraphs 5.1, 5.2 of the Rules, or in the event of their failure to submit them within the period specified in paragraph 5.2 of the Rules, or in the event that the Service Provider agrees with the fact of non-fulfillment or improper fulfillment of the Service Provider's obligations to the Payer/Client, or in the event that the Payment is indisputably recognized by the International Payment System (hereinafter referred to as the "IPS") or the Bank as fraudulent, the Payment Organization, at its own expense, shall return the Payment to be returned to the Payer, and subsequently withhold this amount from the funds to be transferred to the account of the Service Provider. The Service Provider hereby expresses its consent to the withholding by the Payment Organization of amount of the Payment returned by the Payment Organization or the Bank to the Payer/Client, from the funds to be transferred to the account of the Service Provider.
5.4. Crediting of funds for Payments to the Service Provider's account by the Payment Organization does not mean final and indisputable recognition of the authorization of such Payments. Such Payments may be recognized as unauthorized in accordance with the legislation of the Republic of Uzbekistan, these Rules and/or the rules of the IPS. The Service Provider hereby assumes all risks associated with the possible recognition of the Payment as fraudulent and undertakes to unconditionally return the money to the Payment Organization in the event of receiving a Chargeback from the Payment Organization.
5.5. Should the Bank or the Payment Organization identify a Payment, the authorization of which raises suspicions in the Bank or the Payment Organization, the Payment Organization may suspend provision of Payments for goods/works/services in the Online Store or other platforms of the Service Provider using bank cards through the Payment Organization's Payment System and crediting of the funds for such Payments to the Service Provider's account. The crediting of funds shall be suspended for the period of investigation of the authorized nature of Payments, but not more than 180 (one hundred eighty) calendar days from the date of the Payment.
5.6. Should the payment system of the Republic of Uzbekistan and/or the international payment system recognize the unauthorized nature of the Payment before the Payment Systems assign sanctions to the Bank and/or the Payment Organization, the Payment Organization may, in order to ensure execution, not to transfer the amounts relating to unauthorized Payments to the Service Provider’s account.
5.7. If, before the expiration of periods stipulated by the requirements of the Payment Systems for assigning sanctions for Payments, such sanctions are assigned, the Payment Organization shall reimburse the Payment Systems for the amounts of unauthorized Payments at the expense of the Service Provider.
5.8. If upon expiration of the periods stipulated by the requirements of the Payment Systems for the assignment of sanctions for Transactions, such sanctions are not assigned, or if the Payment Systems recognize the authorized nature of the Transactions, the amounts, which have been withheld by the Payment Organization in accordance with this paragraph of the Rules, shall be returned by the Payment Organization to the Service Provider’s account.
5.9. If the Chargeback amount exceeds 1 (one) % of the amount of all Payments in relation to the Service Provider preceding the date of exceeding the specified percentage, the Payment Organization may suspend processing of Payments (including crediting of funds to the Service Provider’s accounts) for a period of up to 180 (one hundred eighty) calendar days.
5.10. If the reports of the Payment Systems indicate suspicious card transactions and/or the amount of Chargeback on the payments of the Service Provider exceeds 5 (five) % of the amount of all payments of the Service Provider for one year, the Payment Organization may stop processing of the payments of the Service Provider, including crediting of funds to the Service Provider’s account.
6. Procedure for Interaction with Third Parties Providing Technological Support for Payment Services Rendered by a Payment Organization
6.1. The Payment Organization interacts with Service Providers within the framework of concluded agreements for the provision of services in the Freedom Pay system. In this case, Service Providers are checked for the presence of risks in accordance with the legislation of the Republic of Uzbekistan on combating the legalization (laundering) of proceeds from crime, the financing of terrorism and the financing of proliferation of weapons of mass destruction.
6.2. The Service Provider shall be independently liable to the Payer for all claims/lawsuits arising from the sale of Goods, the provision of services, and the performance of work to the Payer.
7. Interaction of the Payment Organization with the Payment System Operator and Payment System Participants
7.1 The risk management system in the Payment Organization is a set of measures taken by the Payment Organization for timely identification, measurement, control and monitoring of risks to ensure financial stability and stable functioning.
For the purpose of effective risk management, the Payment Organization has developed a risk management policy, which consists of:
- identification, measurement, control and monitoring of risks;
- assessment of the effectiveness of their application;
- control over the execution of all monetary transactions;
- development and practical implementation of measures to prevent and minimize risks.
7.2. The main objective of risk regulation in the Payment Organization is to maintain acceptable ratios of profitability with safety and liquidity indicators in the course of managing the assets and liabilities of the Payment Organization, i.e. minimization of losses. The risk management process in the Payment Organization includes:
- risk anticipation, determination of their probable extent and consequences;
- development and implementation of measures to prevent or minimize losses associated therewith.
7.3. All this implies the development of an in-house risk management strategy in such a way as to use all the development opportunities of the Payment Organization in a timely and consistent manner and at the same time keep the risks at an acceptable and manageable level.
7.4. The risk management system is characterized by such elements as management measures and methods. Risk management measures include: determination of the organizational structure of risk management that ensures control over the fulfillment by agents and subagents of the Payment Organization of the risk management requirements established by the risk management rules of the Payment Organization; communication of relevant information on risks to the management bodies of the Payment Organization; determination of the indicators and procedure for ensuring the smooth functioning of the Payment Organization; determination of risk analysis methods; determination of the procedure for exchanging information necessary for risk management; determination of the procedure for interaction in controversial, non-standard and emergency situations, including system failure cases; determination of the procedure for changing operational and technological means and procedures; determination of the procedure for ensuring the protection of information in the Payment Organization.
7.5. Requirements for storing information about cards and transactions made using them. The Payment Organization shall ensure compliance with the following basic requirements for storing information about cards and transactions made using them:
- Do not store following details under any circumstances:
The full content of any track of the magnetic strip on the back of the card; Card validation code - a 3-digit number printed on the signature panel located on the card;
- Store only that part of the card details that is essential for the business (i.e. cardholder name, card number, card expiration date);
Ensure the protection of information stored by the Payment Organization about cards and transactions made using them in accordance with the requirements of PCI DSS (Payment Card Industry Data Security Standard);
- Store all documents containing information about cards and transactions made using them in a safe place, accessible only to authorized persons;
- Destroy or erase all data carriers containing outdated data on transactions made using cards;
7.6. Risk management in the Payment Organization is determined by such methods as order execution sequence control by officials; making settlements within the limits of funds provided by the agents of the Payment Organization; making settlements in the Payment Organization by close of business; ensuring the limits provision possibility; and other methods of risk management.
7.7. Accumulation and storage of Clients' funds until they are received by the beneficiary is carried out on a special transit account of the Bank provided by the Bank to the Payment Organization for the provision of Payment Services to the Payment Organization.
1.1. These Rules (hereinafter referred to as the Rules) of the payment organization Freedom Payments JSC define uniform conditions and procedures ensuring the implementation of transactions in the System of the Payment Organization Freedom Pay, and establish general requirements for the procedure for the System functioning, for the provision of payment services and for interaction between the System Participants.
1.2. The Rules have been developed in accordance with the Law of the Republic of Uzbekistan "On Payments and Payment Systems" and other regulatory legal acts of the Republic of Uzbekistan.
1.3. These Rules are mandatory for adherence by all the System Participants. Either Participant shall guarantee to the other Participants that it has the necessary legal capacity (legal personality), as well as all the rights and powers necessary and sufficient to access these Rules and fulfill obligations in accordance with all their terms and conditions.
2. Terms and Definitions
The terms used in the text of these Rules have the following meaning:
Authentication is a set of procedures established by the System Operator and communicated to the System Participants, and a set of measures to confirm the authenticity and correctness of the composition of electronic messages, as well as to establish the fact of transmission of the electronic message directly by the System Participant indicated as the payer.
Uninterrupted System Operation is an integrated property of the System, denoting its ability to prevent disruptions in proper functioning (including preventing the suspension (termination) of operations or their improper performance), as well as to restore proper functioning in the event of a disruption.
Identification is a procedure consisting in establishing the identity of an individual and/or legal entity on the basis of a provided set of documents certifying the identity of the individual and the constituent documents of the legal entity, necessary for identifying clients and registering them in the System with the entry of relevant data into the System.
Client/Payer is an initiator, a resident or non-resident, an individual who has the necessary legal capacity in accordance with the legislation of the Republic of Uzbekistan to make Payments.
Payment recipient/Service provider – beneficiary, resident or non-resident, legal entity and/or individual registered as an individual entrepreneur who has entered into a separate agreement with the Payment Organization, and in whose favor the Client makes a payment for goods, works and/or services, or an individual accepting funds from the Client that are not related to entrepreneurial activity as part of the functioning of the Electronic Money System.
Payment Organization/System Operator is Freedom Payments JSC.
Freedom Pay System/System is a set of software and hardware tools, documentation, organizational and technical measures that ensure the implementation of payments.
Settlement Participants include
Bank, Payer and Service Provider.
Chargeback (Dispute Financial) is a demand by the issuing bank for the need to return to the cardholder the amount of the disputed payment, in the event of improper performance by the Service Provider of its obligations to provide services, or in the event of receipt by the issuing bank of an application from the cardholder from whose card account the payment was made, regarding the unlawful debiting of money from this card account in order to pay for services.
Payment is a non-cash payment transaction using the System, paid by the Payer to the Payment Recipient/Service Provider for goods/works/services sold by the latter.
3. Description of Payment Services Provided by the Payment Organization
3.1. Services related to electronic payment processing and transferring the necessary information to the bank to make payments or accept funds under these payments.
Services related to electronic payment processing and transferring the necessary information to the bank to make payments or accept funds under these payments are carried out through the interaction between the Payment Organization System and the Bank System and in compliance with the requirements of applicable legislation of the Republic of Uzbekistan.
4. Procedure and Terms for Providing Payment Services to Clients of the Payment Organization
4.1. Services related to electronic payment processing and transferring the necessary information to the bank to make payments or accept funds under these payments (hereinafter referred to as the Service) are carried out as follows:
4.1.1. The Payment Organization, within the framework of the agreement concluded with the Bank (servicing the Payment Organization), ensures the acceptance of payments initiated by the Payer using bank cards indicating the purpose and the beneficiary of the corresponding payment, and subsequently submits the payment details for its execution to the corresponding Bank, and the Bank, in turn, executes the Client's instructions transmitted through the Payment Organization in electronic form.
4.1.2. The Client initiates transactions/payments via WEB-applications, online applications, mobile applications (applications for mobile devices), self-service terminal software, widgets and other applications that make the Client capable of initiating electronic orders to debit funds from the Client's bank account/the Client's bank card, with their crediting to the Bank for subsequent execution of the Client's order/instruction received by the Payment Organization from the Client and transferred by the Payment Organization to the Bank.
4.1.3. When providing the payment service, the Payment Organization shall ensure the following algorithm of actions:
1. The Client logs into the relevant application/website of the Payment Recipient via the Internet/mobile phone, selects the required amount of goods/works/services and initiates the payment procedure;
2. The System payment page appears before the Client, where the Client gets acquainted with the relevant application and/or website and agrees to the terms of these Rules and the Policy on the collection, processing and security of personal data of the Payment Organization within the framework of the activities of the Payment Organization. The Client also provides the Payment Organization with consent to the collection, processing, storage and cross-border transfer of personal data; the Client initiates a payment in favor of the Payment Recipient via the application/website in the payment showcase without following to external resources;
3. The Client enters the details for the payment execution by the Bank in the payment showcase;
4. To make the payment, the Client enters the bank card details;
5. The Payment Organization initiates the Client's order received in electronic form by sending a relevant request to the Bank;
6. The Bank, having received confirmation from the Payment Organization and the Client, debits the Client's bank card with the amount of the transaction initiated by the Client, taking into account the commission fee due to the Bank and the Payment Organization, if there is a condition on withholding the commission fee in the public offer or in another document, the terms of which were agreed by the Client;
7. The Payment Organization receives confirmation of the Payment execution from the Bank;
9. The Payment Organization issues the Client an electronic confirmation of the Payment executed by the Client and the debiting of the Payment Organization's commission fee from the Client, if there are conditions provided on withholding the commission fee;
10. The Bank, based on the data received electronically in the course of the Payment, transfers funds for the Payments to the Bank's transit account, for the purpose of subsequent transfer of these funds in favor of the Service Provider, after deduction of the commission fee due to the Bank and the Payment Organization. The terms of funds transfer in favor of the Service Provider are stipulated within the framework of the concluded agreement between the Service Provider and the Payment Organization. Transfers of funds within the framework of the activities of the Payment Organization in favor of the Service Provider are carried out taking into account the applicable legislation of the Republic of Uzbekistan.
5. Cost of Payment Services (Tariffs) Provided by the Payment Organization
5.1 Once the Payment Organization/Bank receives a Chargeback request, the Payment Organization shall submit a written request (in hard or electronic form) to the Service Provider to provide documents confirming the fulfillment of obligations to supply goods/works/services.
5.2. The Service Provider shall provide the Payment Organization with the documents requested by the Payment Organization in accordance with the terms of these Rules within 2 (two) business days from the date of receipt of such request.
5.3. In the absence of the documents from the Service Provider required for submission to the Payment Organization/Bank in accordance with paragraphs 5.1, 5.2 of the Rules, or in the event of their failure to submit them within the period specified in paragraph 5.2 of the Rules, or in the event that the Service Provider agrees with the fact of non-fulfillment or improper fulfillment of the Service Provider's obligations to the Payer/Client, or in the event that the Payment is indisputably recognized by the International Payment System (hereinafter referred to as the "IPS") or the Bank as fraudulent, the Payment Organization, at its own expense, shall return the Payment to be returned to the Payer, and subsequently withhold this amount from the funds to be transferred to the account of the Service Provider. The Service Provider hereby expresses its consent to the withholding by the Payment Organization of amount of the Payment returned by the Payment Organization or the Bank to the Payer/Client, from the funds to be transferred to the account of the Service Provider.
5.4. Crediting of funds for Payments to the Service Provider's account by the Payment Organization does not mean final and indisputable recognition of the authorization of such Payments. Such Payments may be recognized as unauthorized in accordance with the legislation of the Republic of Uzbekistan, these Rules and/or the rules of the IPS. The Service Provider hereby assumes all risks associated with the possible recognition of the Payment as fraudulent and undertakes to unconditionally return the money to the Payment Organization in the event of receiving a Chargeback from the Payment Organization.
5.5. Should the Bank or the Payment Organization identify a Payment, the authorization of which raises suspicions in the Bank or the Payment Organization, the Payment Organization may suspend provision of Payments for goods/works/services in the Online Store or other platforms of the Service Provider using bank cards through the Payment Organization's Payment System and crediting of the funds for such Payments to the Service Provider's account. The crediting of funds shall be suspended for the period of investigation of the authorized nature of Payments, but not more than 180 (one hundred eighty) calendar days from the date of the Payment.
5.6. Should the payment system of the Republic of Uzbekistan and/or the international payment system recognize the unauthorized nature of the Payment before the Payment Systems assign sanctions to the Bank and/or the Payment Organization, the Payment Organization may, in order to ensure execution, not to transfer the amounts relating to unauthorized Payments to the Service Provider’s account.
5.7. If, before the expiration of periods stipulated by the requirements of the Payment Systems for assigning sanctions for Payments, such sanctions are assigned, the Payment Organization shall reimburse the Payment Systems for the amounts of unauthorized Payments at the expense of the Service Provider.
5.8. If upon expiration of the periods stipulated by the requirements of the Payment Systems for the assignment of sanctions for Transactions, such sanctions are not assigned, or if the Payment Systems recognize the authorized nature of the Transactions, the amounts, which have been withheld by the Payment Organization in accordance with this paragraph of the Rules, shall be returned by the Payment Organization to the Service Provider’s account.
5.9. If the Chargeback amount exceeds 1 (one) % of the amount of all Payments in relation to the Service Provider preceding the date of exceeding the specified percentage, the Payment Organization may suspend processing of Payments (including crediting of funds to the Service Provider’s accounts) for a period of up to 180 (one hundred eighty) calendar days.
5.10. If the reports of the Payment Systems indicate suspicious card transactions and/or the amount of Chargeback on the payments of the Service Provider exceeds 5 (five) % of the amount of all payments of the Service Provider for one year, the Payment Organization may stop processing of the payments of the Service Provider, including crediting of funds to the Service Provider’s account.
6. Procedure for Interaction with Third Parties Providing Technological Support for Payment Services Rendered by a Payment Organization
6.1. The Payment Organization interacts with Service Providers within the framework of concluded agreements for the provision of services in the Freedom Pay system. In this case, Service Providers are checked for the presence of risks in accordance with the legislation of the Republic of Uzbekistan on combating the legalization (laundering) of proceeds from crime, the financing of terrorism and the financing of proliferation of weapons of mass destruction.
6.2. The Service Provider shall be independently liable to the Payer for all claims/lawsuits arising from the sale of Goods, the provision of services, and the performance of work to the Payer.
7. Interaction of the Payment Organization with the Payment System Operator and Payment System Participants
7.1 The risk management system in the Payment Organization is a set of measures taken by the Payment Organization for timely identification, measurement, control and monitoring of risks to ensure financial stability and stable functioning.
For the purpose of effective risk management, the Payment Organization has developed a risk management policy, which consists of:
- identification, measurement, control and monitoring of risks;
- assessment of the effectiveness of their application;
- control over the execution of all monetary transactions;
- development and practical implementation of measures to prevent and minimize risks.
7.2. The main objective of risk regulation in the Payment Organization is to maintain acceptable ratios of profitability with safety and liquidity indicators in the course of managing the assets and liabilities of the Payment Organization, i.e. minimization of losses. The risk management process in the Payment Organization includes:
- risk anticipation, determination of their probable extent and consequences;
- development and implementation of measures to prevent or minimize losses associated therewith.
7.3. All this implies the development of an in-house risk management strategy in such a way as to use all the development opportunities of the Payment Organization in a timely and consistent manner and at the same time keep the risks at an acceptable and manageable level.
7.4. The risk management system is characterized by such elements as management measures and methods. Risk management measures include: determination of the organizational structure of risk management that ensures control over the fulfillment by agents and subagents of the Payment Organization of the risk management requirements established by the risk management rules of the Payment Organization; communication of relevant information on risks to the management bodies of the Payment Organization; determination of the indicators and procedure for ensuring the smooth functioning of the Payment Organization; determination of risk analysis methods; determination of the procedure for exchanging information necessary for risk management; determination of the procedure for interaction in controversial, non-standard and emergency situations, including system failure cases; determination of the procedure for changing operational and technological means and procedures; determination of the procedure for ensuring the protection of information in the Payment Organization.
7.5. Requirements for storing information about cards and transactions made using them. The Payment Organization shall ensure compliance with the following basic requirements for storing information about cards and transactions made using them:
- Do not store following details under any circumstances:
The full content of any track of the magnetic strip on the back of the card; Card validation code - a 3-digit number printed on the signature panel located on the card;
- Store only that part of the card details that is essential for the business (i.e. cardholder name, card number, card expiration date);
Ensure the protection of information stored by the Payment Organization about cards and transactions made using them in accordance with the requirements of PCI DSS (Payment Card Industry Data Security Standard);
- Store all documents containing information about cards and transactions made using them in a safe place, accessible only to authorized persons;
- Destroy or erase all data carriers containing outdated data on transactions made using cards;
7.6. Risk management in the Payment Organization is determined by such methods as order execution sequence control by officials; making settlements within the limits of funds provided by the agents of the Payment Organization; making settlements in the Payment Organization by close of business; ensuring the limits provision possibility; and other methods of risk management.
7.7. Accumulation and storage of Clients' funds until they are received by the beneficiary is carried out on a special transit account of the Bank provided by the Bank to the Payment Organization for the provision of Payment Services to the Payment Organization.
8. Information about Risk Management System used by the Payment Organization
8.1. In the presence of mandatory provisions of the legislation in force in the territory of the state, excluding the application of contractual terms in relations related to the implementation of activities by the Payment Organization, the abovementioned mandatory provisions shall have priority over the terms and conditions set out in the Rules.
8.2. Any discrepancies between the Settlement Participants, the Payment Organization, related to the implementation of activities by the Payment Organization, which may serve as the basis for the emergence of the need for judicial consideration of disputes, shall be considered based on the pre-trial claim procedure.
8.3. The claim of the Settlement Participant, set out in writing on official letterhead signed by its authorized official, shall be sent to the other party by registered mail or by other means confirming delivery of the claim to the addressee. The claim must be filed within 10 (ten) business days after the grounds for the claim arose, and contain the circumstances serving as the basis for its filing, as well as the date of occurrence of the abovementioned circumstances. Claims received after the expiration of the specified period will not be taken into consideration.
8.4. Consideration of claims includes the study of circumstances that allow establishing the fulfillment (non-fulfillment) by the Settlement Participants of their functions and obligations arising from these Rules and the agreements concluded therewith. The Payment Organization may request from the Settlement Participants any information necessary to clarify the aforementioned circumstances.
8.5. Resolution on the claim must be made within 15 (fifteen) calendar days from receipt of the claim and sent to the Settlement Participant in writing.
8.6. If it is impossible to resolve disagreements in the claim procedure, the disputes shall be resolved in the competent court of the Republic of Uzbekistan.
9. Procedure for Settling and Resolving Disputes with Clients
9.1. The Settlement Participants and the Payment Organization shall maintain confidentiality of non-public information about other Settlement Participants that has become known to the Settlement Participants in connection with accessing these Rules, except for cases when such information:
- was disclosed upon the request or with the permission of the Settlement Participant who is the owner of this information;
- is subjected to provision to third parties in the amount necessary to fulfill the obligations stipulated by these Rules;
- requires disclosure on the grounds stipulated by the legislation of the Republic of Uzbekistan.
9.2. Provision of confidential information to a third party for the purpose of fulfilling the Rules and other agreements of the Settlement Participants; provision of confidential information upon the legal request of law enforcement and other authorized state bodies, as well as in other cases stipulated by the applicable legislation of the Republic of Uzbekistan shall not constitute a violation of the confidentiality and security of the Settlement Participants.
9.3. The Payment Organization shall ensure the uninterrupted functioning of the System in 24/7/365 mode (24 hours a day, 7 days a week, 365 days a year), except for the time necessary for maintenance.
9.4. The Payment Organization and the Settlement Participants shall take all necessary measures to ensure the security and protection of information and documents exchanged within the Payment Organization or which are available to the Settlement Participants in connection with the use of the system, as well as for the purpose of identifying (preventing) fraud and combating the legalization of proceeds from crime, financing of terrorism and financing of proliferation of weapons of mass destruction.
9.5. The means and measures to prevent unauthorized access to software and hardware used in the Payment Organization, including software and hardware protection tools, must ensure the level of information protection and maintenance of its privacy in accordance with the requirements established by the legislation of the Republic of Uzbekistan. The Settlement Participants shall take all necessary measures to maintain confidentiality, prevent unauthorized use and protect identification data from unauthorized access by third parties.
9.6. Fault tolerance:
The fault tolerance of the service is ensured by distributing the load between two application servers. In case of unavailability of one of the servers (communication channel drop, high current load, server failure), all requests will be without delay automatically switched to the server that remains online. Thus, a balance is achieved in the performance of the servers in the basic operating mode and ensures uninterrupted transaction processing in the event of unforeseen circumstances, when one of the servers temporarily fails for some reason. The database server operates in the Master-Slave replication mode with a backup server, and in the event of a failure of the main server, the transaction processing nodes are automatically switched to the backup one.
9.7. Backup:
The database server is backed up using built-in MySQL tools. The backup scheme is as follows: every hour + final at 1:00 with deletion of hourly copies. Backups older than one month are deleted in order to prevent the data storage from overfilling. The relevance and preservation of the transaction processing system code base is ensured by the version control system.
9.8. Use of cryptographic data protection methods:
The payment organization uses cryptographic data protection methods when storing confidential information in databases, when transmitting confidential information via communication channels, and when verifying payment transactions for integrity and authenticity.
All cryptographic protection tools are represented by built-in modules of corresponding components of the information system and repeat the life cycle of the component in full.
Key information is generated as part of the commission. Backup storage of key information, if necessary, is ensured in accordance with the instructions of the manufacturer of the cryptographic tool in compliance with the best practices in the field of cryptographic protection tools.
9.9. Server infrastructure access security:
Administrative access to any of the servers is possible only with a 2048-bit SSH2-RSA key. It is impossible to gain access to the server infrastructure by brute-forcing passwords or any other unauthorized means. Client access to the personal account, as well as access of the Payment Organization administrator to the transaction management account, is carried out only through two-factor authorization.
9.10. Anti-fraud:
All transactions with payment cards after their transfer from the System service to the bank's payment system pass through the anti-fraud filter. Based on a set of rules, such as the presence of a card mask for sale on the black market, the reliability of the IP address from which the transaction is made, the use of a TOR client, etc., the filter calculates the risk level of the transaction and assigns it a certain rating. Depending on the level of transaction reliability set by the merchant, the bank's system processes or rejects the transaction.
10. Procedure for Compliance with Information Security Measures
10.1. Changes and/or additions to the Rules may be made either by approving a new version of the Rules or by preparing the text of changes and/or additions to the Rules.
10.2. If the Participant disagrees with the changes and/or additions to the Rules, the Participant may refuse further use of the System.
10.3. Subsequent changes and/or additions to the Rules may be made in the manner prescribed in this section of the Rules.
10.4. Further use of the Payment Organization after the entry into force of any changes and/or additions to the Rules means the Participant’s consent with such changes and/or additions.
8.1. In the presence of mandatory provisions of the legislation in force in the territory of the state, excluding the application of contractual terms in relations related to the implementation of activities by the Payment Organization, the abovementioned mandatory provisions shall have priority over the terms and conditions set out in the Rules.
8.2. Any discrepancies between the Settlement Participants, the Payment Organization, related to the implementation of activities by the Payment Organization, which may serve as the basis for the emergence of the need for judicial consideration of disputes, shall be considered based on the pre-trial claim procedure.
8.3. The claim of the Settlement Participant, set out in writing on official letterhead signed by its authorized official, shall be sent to the other party by registered mail or by other means confirming delivery of the claim to the addressee. The claim must be filed within 10 (ten) business days after the grounds for the claim arose, and contain the circumstances serving as the basis for its filing, as well as the date of occurrence of the abovementioned circumstances. Claims received after the expiration of the specified period will not be taken into consideration.
8.4. Consideration of claims includes the study of circumstances that allow establishing the fulfillment (non-fulfillment) by the Settlement Participants of their functions and obligations arising from these Rules and the agreements concluded therewith. The Payment Organization may request from the Settlement Participants any information necessary to clarify the aforementioned circumstances.
8.5. Resolution on the claim must be made within 15 (fifteen) calendar days from receipt of the claim and sent to the Settlement Participant in writing.
8.6. If it is impossible to resolve disagreements in the claim procedure, the disputes shall be resolved in the competent court of the Republic of Uzbekistan.
9. Procedure for Settling and Resolving Disputes with Clients
9.1. The Settlement Participants and the Payment Organization shall maintain confidentiality of non-public information about other Settlement Participants that has become known to the Settlement Participants in connection with accessing these Rules, except for cases when such information:
- was disclosed upon the request or with the permission of the Settlement Participant who is the owner of this information;
- is subjected to provision to third parties in the amount necessary to fulfill the obligations stipulated by these Rules;
- requires disclosure on the grounds stipulated by the legislation of the Republic of Uzbekistan.
9.2. Provision of confidential information to a third party for the purpose of fulfilling the Rules and other agreements of the Settlement Participants; provision of confidential information upon the legal request of law enforcement and other authorized state bodies, as well as in other cases stipulated by the applicable legislation of the Republic of Uzbekistan shall not constitute a violation of the confidentiality and security of the Settlement Participants.
9.3. The Payment Organization shall ensure the uninterrupted functioning of the System in 24/7/365 mode (24 hours a day, 7 days a week, 365 days a year), except for the time necessary for maintenance.
9.4. The Payment Organization and the Settlement Participants shall take all necessary measures to ensure the security and protection of information and documents exchanged within the Payment Organization or which are available to the Settlement Participants in connection with the use of the system, as well as for the purpose of identifying (preventing) fraud and combating the legalization of proceeds from crime, financing of terrorism and financing of proliferation of weapons of mass destruction.
9.5. The means and measures to prevent unauthorized access to software and hardware used in the Payment Organization, including software and hardware protection tools, must ensure the level of information protection and maintenance of its privacy in accordance with the requirements established by the legislation of the Republic of Uzbekistan. The Settlement Participants shall take all necessary measures to maintain confidentiality, prevent unauthorized use and protect identification data from unauthorized access by third parties.
9.6. Fault tolerance:
The fault tolerance of the service is ensured by distributing the load between two application servers. In case of unavailability of one of the servers (communication channel drop, high current load, server failure), all requests will be without delay automatically switched to the server that remains online. Thus, a balance is achieved in the performance of the servers in the basic operating mode and ensures uninterrupted transaction processing in the event of unforeseen circumstances, when one of the servers temporarily fails for some reason. The database server operates in the Master-Slave replication mode with a backup server, and in the event of a failure of the main server, the transaction processing nodes are automatically switched to the backup one.
9.7. Backup:
The database server is backed up using built-in MySQL tools. The backup scheme is as follows: every hour + final at 1:00 with deletion of hourly copies. Backups older than one month are deleted in order to prevent the data storage from overfilling. The relevance and preservation of the transaction processing system code base is ensured by the version control system.
9.8. Use of cryptographic data protection methods:
The payment organization uses cryptographic data protection methods when storing confidential information in databases, when transmitting confidential information via communication channels, and when verifying payment transactions for integrity and authenticity.
All cryptographic protection tools are represented by built-in modules of corresponding components of the information system and repeat the life cycle of the component in full.
Key information is generated as part of the commission. Backup storage of key information, if necessary, is ensured in accordance with the instructions of the manufacturer of the cryptographic tool in compliance with the best practices in the field of cryptographic protection tools.
9.9. Server infrastructure access security:
Administrative access to any of the servers is possible only with a 2048-bit SSH2-RSA key. It is impossible to gain access to the server infrastructure by brute-forcing passwords or any other unauthorized means. Client access to the personal account, as well as access of the Payment Organization administrator to the transaction management account, is carried out only through two-factor authorization.
9.10. Anti-fraud:
All transactions with payment cards after their transfer from the System service to the bank's payment system pass through the anti-fraud filter. Based on a set of rules, such as the presence of a card mask for sale on the black market, the reliability of the IP address from which the transaction is made, the use of a TOR client, etc., the filter calculates the risk level of the transaction and assigns it a certain rating. Depending on the level of transaction reliability set by the merchant, the bank's system processes or rejects the transaction.
10. Procedure for Compliance with Information Security Measures
10.1. Changes and/or additions to the Rules may be made either by approving a new version of the Rules or by preparing the text of changes and/or additions to the Rules.
10.2. If the Participant disagrees with the changes and/or additions to the Rules, the Participant may refuse further use of the System.
10.3. Subsequent changes and/or additions to the Rules may be made in the manner prescribed in this section of the Rules.
10.4. Further use of the Payment Organization after the entry into force of any changes and/or additions to the Rules means the Participant’s consent with such changes and/or additions.
11. Payment Organization Details
FREEDOM PAYMENTS JSC
Address: Republic of Uzbekistan, Tashkent, Mirabad district, T. Shevchenko Street, Bld. 21A, Office 301.
TIN: 305614419
Bank details:
Head office of Universal Bank JSCB
Settlement account: 2020 8000 9008 9437 5001
MFO: 00973, OKED: 63110
FREEDOM PAYMENTS JSC
Address: Republic of Uzbekistan, Tashkent, Mirabad district, T. Shevchenko Street, Bld. 21A, Office 301.
TIN: 305614419
Bank details:
Head office of Universal Bank JSCB
Settlement account: 2020 8000 9008 9437 5001
MFO: 00973, OKED: 63110
© 2024 Freedom Pay
Address and contacts
The company is PCI DSS compliant
Лицензия платежной организации №5 от 23.04.2020 ЦБ РУ
Лицензия платежной организации №5 от 23.04.2020 ЦБ РУ
Republic of Uzbekistan,Tashkent city, Shevchenko str., 21A, office 301
Operating hours: 10:00 - 19:00
Company
For developers
Help
Payment solutions
Согласие на сбор и обработку персональных данных
Cубъект персональных данных (далее - субъект) - физическое лицо, к которому относятся персональные данные;
Персональные данные – любые относящиеся к субъекту сведения, зафиксированные на электронном, бумажном и/или ином материальном носителе;
Сбор персональных данных - действия, направленные на получение персональных данных;
Организация – Общество с ограниченной ответственностью «Freedom Pay»;
Текст настоящего согласия прочитан Субъектом лично, дополнений и возражений не имеет.
Персональные данные – любые относящиеся к субъекту сведения, зафиксированные на электронном, бумажном и/или ином материальном носителе;
Сбор персональных данных - действия, направленные на получение персональных данных;
Организация – Общество с ограниченной ответственностью «Freedom Pay»;
Текст настоящего согласия прочитан Субъектом лично, дополнений и возражений не имеет.
У Вас есть вопросы?
Оставьте заявку и наши менеджеры свяжутся с вами