HBL Terms and Conditions

HBL (Hypothekarbank Lenzburg AG) is our partner for issuing Virtual Cards. The agreement with their Terms and Conditions will be requested in the google form when providing personal data, before requesting the Virtual card. When an agreement is given, you can remove your agreement only by contacting Trafi Customer Support.

These terms and conditions apply to the physical and/or virtual Trafi payment cards (hereinafter “payment card”) issued by Hypothekarbank Lenzburg AG (hereinafter “Bank”). 

1. Contractual relationships and definitions

1.1 Based on an application for Trafi payment cards accepted by the Bank (“Basic Application”), Trafi AG, Zürich (hereinafter referred to as the “Customer“), together with one or more of its Trafi Mobility App Users (hereinafter referred to as the “Cardholder”) may apply to the Bank for a payment card (“Card Application”). 

1.2 The Bank shall provide the Cardholder with a physical and/or virtual payment card with corresponding card data and authentication procedures, thereby enabling the Cardholder in particular to obtain goods and services without cash.

1.3 The payment card is in the name of the Cardholder. The card data always refers to a specific bank account at the Bank (hereinafter “Account”), which is in the name of the Customer.

1.4 The Cardholder must be a Trafi App User wtih assigned Mobility budget. The Cardholder undertakes to use the payment card only within the scope of the authorization issued by the Customer. However, internal instructions issued by the Customer cannot be held against the Bank. The Cardholder authorizes the Customer to make and accept all declarations concerning the payment card with effect also for him/her.

1.5 The Customer undertakes to the Bank to settle all transactions authorized with the payment card.

1.6 Card data includes the card number, expiration date, three-digit security code (CVC2/CVV2), calculated security elements, and alternative card data linked to the card number (so-called “tokens”). Authentication methods include in particular a personal identification number (PIN), passwords, codes, biometric methods, and security protocols. 

1.7 By using the Payment Card for the first time, both the Customer and the Cardholder confirm that they have read, understood and accepted these Terms and Conditions for the use of the Payment Card.

2. Deployment types (functions)

The payment card can be used only for indicated services under Trafi program. 

3. Duties of care of the Customer or Cardholder

The Customer or the Cardholder undertakes to comply with the following duties of care:

3.1 Signature: Upon receipt of the physical payment card, the Cardholder must immediately sign it in the space provided for this purpose.

3.2 Storage: The payment card must be stored with particular care.3.3 Secrecy of authentication procedures: The payment card PIN and other elements relevant to authentication procedures (e.g. passwords) must be kept secret and may not be disclosed by the Cardholder to other persons under any circumstances. In particular, the payment card PIN and elements of the authentication procedure may neither be noted on the payment card nor stored or saved in any other way, including in modified form.

3.4 Changing the payment card PIN: The payment card PIN can be changed at ATMs set up for this purpose to a new four-digit payment card PIN made up of numbers, which immediately replaces the previously valid payment card PIN. The Customer may alternatively make the change via its digital connections in the Trafi App, if the card management is activated accordingly. The payment card PIN must not consist of easily ascertainable number combinations (such as telephone number, date of birth, car license plate number) and must be different from other PINs and passwords of the Cardholder.

3.5 No passing on of the payment card: The Cardholder may not pass on or disclose his/her payment card or card data, except for the purpose of legitimization or authentication of a payment at a designated acceptance point.

3.6 Notification in the event of loss or compromise: In the event of confirmed or suspected loss or compromise of the payment card and/or data or mobile devices (e.g. cell phone) related to authentication procedures, the Cardholder shall immediately notify the Customer or the Bank by telephone.

3.7 Duty to check: The Customer or the Cardholder is obliged to check transaction and debit notifications (e.g. account statements, transaction notifications in an app, etc.) as well as authentication requests without delay and to report any misuse or irregularities to the Customer or the Bank without delay.

3.8 Security of devices used: Mobile devices (especially cell phones) of the Customer or Cardholder can be used as carriers of card data and for authentication procedures. The security and ownership of the mobile devices used are therefore of key importance. The Customer or Cardholder is obligated to prevent the use of the mobile devices by third parties (e.g., by activating a screen lock), to store the mobile devices carefully, to keep applications and operating systems up-to-date, and to refrain from interfering with the operating system (e.g., “jailbreaking” or “rooting”). If a mobile device is no longer used or is replaced by a new one, card data and elements used for authentication must be deleted and the bank’s instructions for changing a mobile device must be followed.

4. Coverage obligation

The payment card may only be used if the account has the necessary funds (credit balance or drawing limit) to settle all transactions authorized by the payment card. The Customer and the Cardholder acknowledge that not all transactions initiated by points of acceptance are matched in real-time with the credit balance or drawing limit and that this may result in a shortfall of funds in the account. If transactions are authorized that exceed the credit balance or the drawing limit, the Customer must immediately make up the caused shortfall in the account. He shall be liable without reservation for all obligations arising from the use of the payment card or from the contractual relationship.

5. Encumbrance rights of the bank

The Bank is entitled to debit all authorized amounts from the use of the payment card to the account. The Bank’s right to debit shall remain unrestricted even in the event of disputes between the Customer and third parties (in particular Cardholders or points of acceptance). Amounts in foreign currencies shall be converted into the currency of the account.

6. Data processing / Involvement of third parties

6.1 The Bank’s privacy policy applies, available at: https://www.hbl.ch/rechtliches.

6.2 The Bank may obtain all information from debt collection agencies and the Central Office for Credit Information (hereinafter referred to as ZEK) that is necessary for the verification of the card application and for the processing of the contract. The Bank may also notify the ZEK in the event of blocked cards, qualified payment arrears or misuse of the card. ZEK is expressly permitted to make this data available to its members (members are companies from the consumer credit, leasing and credit card business). To this extent, the Customer releases the bank and the above-mentioned offices from the bank-Customer or official secrecy.

6.3 The Bank may engage third parties for the provision of its contractual services, each of which shall be carefully examined with regard to compliance with data protection. These are in particular service providers for card production and transaction processing (e.g. Mastercard, NiD). These service providers receive personal data of the Customer and the Cardholder and process them if and to the extent necessary for the provision of the respective service. The data is transaction data such as card number, date and amount of the transaction and information on the point of acceptance. Subject to section 7 below, all service providers are obliged to process personal data in accordance with instructions, i.e. they may process the personal data received from the Customer and the Cardholder exclusively in accordance with the Bank’s instructions.

6.4 The Customer and the Cardholder acknowledge and agree that Mastercard may also process the data received for its own purposes and in accordance with its own data protection provisions in Switzerland and abroad, either itself or through other third parties (cf. the Mastercard Rules: https://www.mastercard.us/content/dam/mccom/global/documents/mastercard-rules.pdf). If Mastercard transfers the data to a country that does not have an adequate level of data protection, this transfer will be based on Mastercard’s Binding Corporate Rules (“BCR”), the provisions of which may be enforced by the Customer and the Cardholder as “third party beneficiary” (available at: https://www.mastercard.us/content/dam/mccom/global/documents/mastercard-bcrs.pdf). If and to the extent necessary, the Customer and the Cardholder release the Bank from the banking secrecy for this purpose.

6.5 In particular, the bank may delegate authentication procedures to third parties (e.g. smartphone manufacturers) without restriction based on contractual agreements.

7. Authorization of transactions

The Cardholder authorizes an acceptance point (merchant) to initiate transactions and the Bank to debit authorized amounts from the Account or to reduce the Account’s credit limit accordingly and to irrevocably reimburse the amounts to the acceptance point by disclosing the Card data to the acceptance point as follows:
a) one-time manual announcement of the card data (e.g. when using the card data on the Internet, a verbal announcement via telephone or similar);
b) manual disclosure and subsequent permanent storage of card data at an acceptance point for the purpose of authorizing multiple transactions;
c)electronic transmission of card data from the magnetic track of the card;
d) electronic transmission of card data from the chip of the card;
e) contactless electronic transmission of card data from the card’s chip using Near Field Communication (NFC);
f) Contactless electronic transmission of card data from the chip of a payment-enabled device (e.g., cell phone, wearable);
g) contactless electronic transmission of card data from the internal or external memory of a payment-enabled device (e.g., cell phone, wearable);
h) electronic transmission of card data from a central electronic repository when using card data on the Internet.

The claims acknowledged by the Cardholder shall be binding on the Customer, irrespective of the internal legal relationship between the Cardholder and the Customer and of any commercial register entries and publications to the contrary.

Depending on the authorization type, a transaction may require additional authentication of the Cardholder. The authentication procedure may be determined for each transaction by the bank, the Cardholder, the acceptance point or third parties. If several authentication procedures are available to the Cardholder for a transaction, the Cardholder is obliged to choose a “strong” authentication procedure. The payment card supports the following authentication procedures.

8. Transaction authentication

8.1 Depending on the authorization type, a transaction may require additional authentication of the Cardholder. The authentication procedure may be determined for each transaction by the bank, the Cardholder, the acceptance point or third parties. If several authentication procedures are available to the Cardholder for a transaction, the Cardholder is obliged to choose a “strong” authentication procedure. The payment card supports the following authentication procedures.

8.2 Strong authentication methods:
a) number (PIN) on a physical device provided for this purpose (e.g. ATM, terminal);
b) Entering a one-time password generated by the bank and sent by SMS in an input mask provided by the bank;
c) Confirmation of the transaction within an application provided by the bank on a mobile device (e.g. smartphone) of the Cardholder;
d) Use of biometric methods provided by the Bank (e.g. fingerprint, facial recognition) on a mobile device of the Cardholder.

8.3 Other authentication methods:
a) Signing a transaction receipt issued by an acceptance point;
b) Entry of user names and/or passwords agreed by the Cardholder with points of acceptance for stored card data (e.g. in-app purchases, card data stored at points of acceptance);
c) Presentation of identification documents (e.g. passport, identity card) at an acceptance point.

8.4 Authentication requests must be carefully checked by the Cardholder before issuing an authentication. Authentications may only be issued if the request is directly related to a transaction authorized by the Cardholder and the request contains the correct data (e.g. transaction amount, name of acceptance point, etc.). A successful authentication cannot be revoked by the Cardholder.

9. Deposit and update of map data

9.1 If the Cardholder deposits card data with points of acceptance or other third parties for the purpose of permanent storage for future transactions, all transactions subsequently initiated shall be deemed authorized (cf. Section 8b). If the Cardholder wishes to revoke such authorization, he/she must do so directly with the point of acceptance by terminating any contracts (e.g. subscriptions), deleting the deposited Card Data or adjusting the payment terms.

9.2 The Bank is entitled to update card data of the Cardholder without prior consultation with the Customer and/or the Cardholder or to notify the Customer and/or the Cardholder of new card data (e.g. in the event of a new validity date). The Customer and/or the Cardholder are responsible for updating any deposited card data accordingly.

10. Reporting of abuses and irregularities

10.1 If misuse or other irregularities are detected or suspected in connection with transactions, debits or authentication requests by the Customer and/or the Cardholder, the Bank must be informed immediately by telephone.

10.2 In the event of misuse or other irregularities, the Customer and the Cardholder are required to do everything possible to clarify the matter and mitigate any damage. In doing so, they must follow the Bank’s instructions. At the Bank’s request, the Customer and/or the Cardholder shall submit a claim form provided by the Bank to the Bank in full and in due time, file a criminal complaint with the competent police authority, request a copy of the complaint and deliver it to the Bank.11.3 The Customer shall be liable to the Bank for all costs and expenses incurred by the Bank as a result of complaints made against the Customer’s better knowledge or with fraudulent intent.

11. Dispute transactions

11.1 The Customer and/or the Cardholder are responsible for the transactions concluded using the card data; in particular, any complaints regarding goods or services purchased as well as other disputes and claims arising from these legal transactions must be settled directly with the relevant acceptance point.

11.2 The Bank’s right of encumbrance shall remain unrestricted (cf. Section 5).

11.3 If discrepancies in authorized transactions cannot be clarified or cannot be clarified sufficiently, the transactions concerned must be objected to the Bank in writing or through a channel provided by the Bank no later than 30 days after they have been debited to the account. The Bank may, at its sole discretion and without guarantee of success, initiate a recovery request based on the payment system rules and regulations. The Customer and the Cardholder shall support the Bank in the recovery request by providing additional information on the disputed transactions in due time. Any correction entry/credit entry on the Customer’s account shall only be definitive after completion of the reclaim request.

11.4 The Bank is entitled to charge an expense allowance for processing in the event of repeated, complex or futile complaints.

12. Assumption of damage in the event of no-fault

12.1 Provided that the Customer and the Cardholder have complied with these Terms and Conditions for the use of the Trafi payment card in all respects (in particular the duties of care pursuant to Section 3) and are not otherwise at fault, the Bank shall assume liability for any losses incurred by the Customer and/or the Cardholder as a result of misuse of the payment card and/or the card data by third parties. This also includes damage resulting from theft, forgery or falsification of the payment card, misuse of the card data on the Internet or similar.

12.2 Persons close to the Customer or the Cardholder (e.g. employees of the Customer, family members of the Cardholder) and persons living in the same household as the Cardholder are not considered “third parties” in the aforementioned sense.

12.3 Debits that have been authenticated by a strong authentication procedure (cf. Section 9.2) shall in any case be deemed to have been authorized by the Cardholder.

12.4 Damages, for which an insurance has to pay, as well as possible consequential damages of any kind are not taken over.

13. Disclaimer

The Bank assumes no responsibility in the event that an acceptance point does not accept the payment card or technical malfunctions or operational failures make transactions impossible. The Bank is entitled at any time (e.g. in the event of suspected misuse) to reject transactions without prior consultation with the Cardholder and not to process them. The Customer and the Cardholder have no claims for compensation.

14. Limits and restrictions

14.1 The Bank or the Customer may, at its own discretion, set limits or restrictions on transactions and/or debits. These may relate to cumulative amounts, a number of transactions, and specific transactions (e.g. cash withdrawals, countries, merchant categories, etc.). The Bank or the customer may change or remove limits and restrictions or introduce new limits and restrictions at any time. Limits and restrictions may be communicated to the Customer and/or the Cardholder, although the Bank is generally not obliged to do so. The Customer is responsible for notifying the Cardholder.

14.2 The Bank may allow the Customer to set its own limits or restrictions. However, the Bank shall not be responsible for the correct application of the same. Debits authorized by the Cardholder shall also be borne by the Customer in the event of limit overruns or violations of restrictions.

15. Blocking the payment card

15.1 The Bank is entitled to block the payment card at any time without prior notice to the Customer or the Cardholder and without stating reasons.

15.2 The Bank shall block the payment card, card data or elements thereof if the Customer or the Cardholder expressly so requests (e.g. in case of loss of the payment card) and in case of termination of the Card Contract by the Customer or the Cardholder.

15.3 Cardholders without account authorization can only block payment cards in their name and corresponding card data.

15.4 The blocking can be requested by telephone at +41 (0) 800 813 713. The card holder or the Customer may furthermore have the payment card blocked via his digital connection in the Trafi App. The Customer may have the payment card blocked via his digital connections to the Bank

15.5 The blocking will be lifted with the written consent of the Customer at the bank. The Customer or the account holder can also unblock the card via their digital connections to the bank if the card management is activated accordingly. 

16. Payment card for other services of the bank 

If the payment card is used for other services provided by the Bank, the separate provisions agreed with the Bank for this purpose shall apply.

17. Fees

For the issuance of the payment card and its authorization, as well as for the processing of the transactions made, the Bank may charge the Customer fees, which shall be disclosed in an appropriate manner. These fees shall be charged to the Customer’s account to which the payment card is issued.

18. Validity and card data renewal

18.1 The payment card is valid until the end of the date indicated on it (expiry date). In case of an ordinary course of business and without an express waiver by the Customer or the Cardholder, the Payment Card shall be automatically replaced by a new Payment Card before the end of its validity.

18.2 The Bank is authorized to adjust or change the card data at any time, irrespective of the validity. The Bank shall notify the Customer of any changes in an appropriate manner. The Customer is responsible for notifying the Cardholder.

18.3 If the Cardholder does not receive his/her new Card at least five days before the expiry date of the previous Card, he/she must notify the Bank immediately.

19. Termination and consequences

19.1 The payment card may be terminated by the Customer or the Cardholder or the Bank at any time. The revocation of a power of attorney or authorization to use the payment card by the Customer and the end of the relationship between Customer and Cardholder as Trafi App User with assigned Mobility budget.

19.2 After the payment card has been canceled, the Customer or the Cardholder must return the payment card to the Bank immediately and without being asked to do so, and must delete all card data from both their own and third-party devices. 

19.3 If the payment card is canceled, the Customer shall not be entitled to a (partial) refund of any fees already charged.

19.4 Despite the termination of the payment card, the Bank shall remain entitled to debit the relevant account with all amounts attributable to the authorization of transactions prior to blocking the payment card.

20. Partial nullity

If parts of these Terms and Conditions for the Use of Trafi Payment Cards are void or legally ineffective, the remaining provisions shall continue to apply. The parties shall then interpret and structure the provisions in such a way that the intended purpose of the invalid or legally ineffective parts is achieved as far as possible.

21. General Terms and Conditions and Privacy Policy

The “General Terms and Conditions” and the Privacy Policy of the Bank shall also apply in the currently valid version to the use of the Trafi payment card. In the event of any contradictions, these terms and conditions for the use of the Trafi payment card shall take precedence.

22. Changes in the conditions

The Bank reserves the right to amend these Terms and Conditions at any time. Changes will be communicated to the Customer in an appropriate form. The Customer shall be responsible for notifying the Cardholder. The amendments shall be deemed to be approved by both the Customer and the Cardholder if the Payment Card is not terminated before the amendments come into force.

HBL/