Security

I. Scope of Security Protection

This Website's security protection covers all data and activities related to your use of the service, including but not limited to:

• Personal Information: Your registered account information (name, email, mobile phone number), identity verification materials (passport, driver's license), and billing/delivery addresses;
• Payment Data: Credit card information (Visa/Mastercard numbers, expiration dates, CVV/CVC codes) used for payments, transaction records (order numbers, transaction amounts, payment times), and payment authorization information;
• Account Activities: Account login, password modification, payment operations, refund applications, and other account-related behaviors;
• System Environment: The server system, data storage system, and payment transaction system that support this Website's operations.

II. Security Protection Measures Implemented by This Website

To ensure the security of your data and transactions, this Website has adopted industry-leading security technologies and management systems, complying with international security standards (such as Payment Card Industry Data Security Standard (PCI DSS)) and global privacy regulations (such as EU GDPR, California CCPA):

1. Data Encryption Technology

• Transmission Encryption: All data transmitted between your device (computer, mobile phone) and this Website's server (including personal information, payment data, and operation instructions) is protected by 256-bit SSL (Secure Sockets Layer) encryption technology. This technology prevents data from being intercepted, tampered with, or stolen during transmission, and you can confirm the encryption status through the "padlock" icon in the browser address bar;
• Storage Encryption: Sensitive payment data (such as full credit card numbers) is not stored in plain text. Instead, it is processed using tokenization technology—replacing the original card number with a unique, non-reversible "token" that can only be decrypted by authorized payment institutions. Other personal information is stored using AES-256 encryption algorithm, and only authorized personnel with special permissions can access it after multi-factor authentication;
• End-to-End Encryption: For cross-border payment transactions involving third-party institutions (such as credit card issuers, payment gateways), this Website implements end-to-end encryption, ensuring that only the sender and receiver of the data can decrypt and view it, and no intermediate party can obtain the original data.

2. Account Security Protection

• Multi-Factor Authentication (MFA): You can enable MFA for your account (recommended). After enabling, in addition to entering your password during login or sensitive operations (such as modifying payment methods), you also need to complete secondary verification through a verification code sent to your registered mobile phone/email or biometric information (fingerprint, facial recognition) to prevent account theft due to password leakage;
• Login Risk Control: This Website's intelligent risk control system monitors login behaviors in real time. If abnormal login activities are detected (such as login from an unusual geographic location, login using an unfamiliar device, or multiple consecutive login failures), the system will immediately trigger security measures: temporarily lock the account, send a login alert to your registered mobile phone/email, and require additional identity verification before unlocking;
• Password Security Management: This Website enforces strict password complexity requirements—your account password must be 8-20 characters long, including uppercase letters, lowercase letters, numbers, and special symbols, and cannot be the same as your account name, registered mobile phone number, or email address. The system will also prompt you to update your password regularly (at least once every 90 days) and prevent the use of previously used passwords.

3. Transaction Security Guarantee

• Real-Time Transaction Monitoring: This Website's transaction risk control system monitors all payment transactions in real time, using machine learning algorithms to identify abnormal transactions (such as sudden large-value payments, frequent cross-border transactions, or transactions inconsistent with your usual consumption habits). For high-risk transactions, the system will automatically pause the transaction and require you to confirm the transaction authenticity through secondary verification (such as answering security questions, providing transaction purpose);
• Payment Authorization Mechanism: All credit card payments require real-time authorization from the card issuer. This Website will only initiate payment requests after verifying that the transaction information (cardholder name, CVV/CVC code, billing address) matches the information registered with the issuer, preventing unauthorized use of stolen credit card information;
• Transaction Record Traceability: Every transaction on this Website is assigned a unique, non-modifiable transaction ID, and complete transaction records (including transaction time, amount, payment method, device information, and authorization results) are stored in a tamper-proof database. You can view the transaction records at any time through your account, and the records can be used as evidence for dispute resolution.

4. System and Management Security

• Server Security: This Website's servers are deployed in data centers that comply with international security standards (such as ISO 27001 certification), with 24/7 physical security protection (including access control, video surveillance, and fire prevention systems) to prevent physical damage or theft of servers;
• Regular Security Audits: This Website entrusts third-party professional cybersecurity companies to conduct regular security audits (at least once every quarter) and vulnerability scans, including penetration testing of the system, code security reviews, and data leakage risk assessments. Any identified security vulnerabilities will be fixed within 24 hours;
• Employee Access Control: This Website implements strict access control for internal employees. Only employees in specific positions (such as customer service, risk control) can access limited data within the scope of their work, and all access operations are recorded in a log (retained for at least 1 year). Employees are required to sign a confidentiality agreement, and any violation of data security regulations will result in legal liability.

III. Your Security Obligations

To jointly maintain the security of your account and transactions, you shall fulfill the following security obligations:

1. Account Information Protection

• Keep Account Credentials Confidential: You shall keep your account name, password, MFA verification device (such as mobile phone), and security questions confidential, and shall not disclose them to any third party (including this Website's employees, unless required for official verification). Do not use easily guessable information (such as birthday, anniversary) as your password or security question answers;
• Avoid Sharing Accounts: You shall not share your GlobalPay account with others or allow others to use your account to conduct transactions. If you need to authorize others to manage your account (such as corporate users), you must use the official "sub-account authorization" function of this Website and set clear access permissions (such as limiting sub-accounts to only view transaction records, not initiate payments);
• Timely Update Contact Information: You shall keep your registered mobile phone number, email address, and other contact information up to date. If your contact information changes (such as changing your mobile phone number), you must update it in your account settings immediately. This ensures that you can receive real-time security alerts (such as login alerts, transaction confirmation notifications) and complete secondary verification when needed.

2. Device and Network Security

• Use Secure Devices: You shall use devices (computers, mobile phones) with up-to-date operating systems and anti-virus software to access this Website. Do not use devices with known security vulnerabilities (such as devices infected with malware) or public devices (such as Internet cafe computers) to conduct sensitive operations (such as payment, password modification);
• Maintain Network Security: You shall access this Website through a secure network (such as a private home network with a password). Avoid using unencrypted public Wi-Fi (such as free Wi-Fi in shopping malls, restaurants) for payment transactions, as such networks may be monitored by hackers and lead to data leakage;
• Verify Website Authenticity: Before accessing this Website, you shall confirm that the URL is the official address and check for the "padlock" encryption icon in the browser. Do not access this Website through links in unknown emails, text messages, or social media messages, as these may be phishing links designed to steal your account information.

3. Transaction Security Responsibilities

• Confirm Transaction Details: Before submitting a payment transaction, you shall carefully check the transaction details (order number, amount, recipient, and payment method) to ensure that the information is correct. Once the transaction is authorized and completed, it cannot be canceled without a valid reason;
• Monitor Account and Transactions: You shall regularly log in to your GlobalPay account to check transaction records and account status. If you find any unauthorized transactions (such as unknown payments, refunds), account login records from unfamiliar devices, or changes to personal information that you did not initiate, you must immediately contact this Website's customer service via the official email (service@payworldcard.com) and apply to freeze the account to prevent further losses;
• Cooperate with Security Verification: When this Website's risk control system requires you to complete additional security verification (such as providing transaction proof, verifying identity documents) for abnormal transactions or operations, you shall cooperate promptly and provide true, accurate materials. Failure to cooperate may result in transaction suspension or account restrictions.

IV. Security Incident Handling

1. Reporting of Security Incidents

If you discover any security incidents related to your account or transactions (such as account theft, payment data leakage, or fraudulent transactions), you shall report to this Website's customer service immediately through the following channels:

• Official Email: Send an email to service@payworldcard.com with the subject "[Security Incident Report] + Your Account Name", and include details of the incident (incident time, type, affected transactions/information, and your contact information);
• Account Security Center: Log in to your account (if possible), enter the "Account Security Center", and submit a "Security Incident Report" form, attaching relevant evidence (such as screenshots of abnormal transactions, login logs).

This Website will confirm receipt of the report within 1 hour and assign a dedicated security specialist to handle the incident.

2. Handling Process of Security Incidents

• Emergency Response: After receiving a security incident report, this Website will take emergency measures within 2 hours to control the risk, such as freezing the affected account, canceling pending transactions, or blocking the use of the affected payment method;
• Investigation and Analysis: The security specialist will conduct a detailed investigation into the incident, including checking login logs, transaction records, and system operation logs, and may request additional information or evidence from you. The investigation results will be fed back to you within 3 working days;
• Loss Compensation and Recovery: If the security incident is caused by this Website's security system failure or internal employee negligence, this Website will bear the direct economic losses caused to you (such as unauthorized transaction amounts) and assist you in recovering your account and data. If the incident is caused by your failure to fulfill security obligations (such as password leakage), this Website will provide technical support to help you recover the account, but will not be liable for the resulting losses;
• Post-Incident Prevention: After handling the security incident, this Website will analyze the root cause of the incident, optimize security measures (such as upgrading risk control algorithms, strengthening employee training), and prevent similar incidents from occurring again.

3. Notification of Security Incidents

If a security incident occurs that may affect the security of multiple users' data (such as a system vulnerability leading to potential data leakage), this Website will issue a security notice through the following channels within 24 hours of discovering the incident:

• Post a notice on the homepage of this Website;
• Send a notification to all affected users via registered mobile phone numbers or emails, including details of the incident, impact scope, and measures that users can take (such as changing passwords, checking transactions);
• Cooperate with regulatory authorities and public security organs to investigate the incident and publish the progress of the handling in a timely manner.

V. Division of Security Responsibilities

1. Responsibilities of This Website

This Website shall be liable for the following situations:

• Security incidents caused by defects in this Website's security system (such as encryption technology failure, server vulnerability) or improper management (such as internal employee data theft, insufficient access control);
• Failure to fulfill the security protection obligations stipulated in these Terms, resulting in the leakage of your personal information or payment data, or unauthorized use of your account;
• Errors in transaction processing caused by this Website's system failure, leading to economic losses to you.

In the above cases, this Website will take measures to remedy the losses, such as compensating direct economic losses, assisting in recovering account control, and eliminating the impact of data leakage.

2. Your Responsibilities

You shall be liable for the following situations:

• Security incidents caused by your failure to keep account credentials confidential (such as password leakage, sharing accounts with others) or improper use of the account (such as logging in on unsafe devices);
• Failure to update contact information in a timely manner, resulting in inability to receive security alerts or complete secondary verification, leading to account theft or transaction risks;
• Disregard of security warnings from this Website (such as prompts for abnormal transactions, risky login locations) and continued operations, resulting in losses;
• Providing false information or materials during security verification, leading to incorrect handling of security incidents.

In the above cases, this Website will not be liable for the losses caused to you, but will provide necessary technical guidance to help you reduce the impact of the incident.

3. Exemption from Liability

This Website shall not be liable for security incidents or losses caused by the following reasons:

• Force majeure (such as natural disasters, wars, or major power outages) that leads to the failure of security systems;
• Attacks by hackers using advanced technologies beyond the current level of industry security protection (such as zero-day vulnerabilities that have not been publicly disclosed);
• Security vulnerabilities or data leakage of third-party platforms (such as your mobile phone operating system, email service provider) that lead to the leakage of your account information;
• Your intentional actions (such as deliberately disclosing account information to defraud compensation) or violations of laws and regulations.

VI. Terms Update and Dispute Resolution

1. Update of These Terms

This Website has the right to update these Terms in accordance with changes in laws and regulations (such as data security laws, payment industry regulatory policies), technological developments (such as the emergence of new encryption technologies), or changes in security risks (such as new types of cyberattacks). The updated Terms will be published on the "Help Center - Security Terms" page of this Website, and a notice will be sent to your registered email or mobile phone number. The updated Terms will take effect 7 natural days after publication. If you continue to use this Website's services after the effective date, you are deemed to have accepted the updated Terms.

2. Dispute Resolution

• If you have objections to this Website's security protection measures or the handling of security incidents, you may first negotiate with this Website's customer service via the official email (service@payworldcard.com) to reach a settlement;
• If negotiation fails, you may choose to file a lawsuit with the people's court having jurisdiction over the place where this Website is registered (Registered Address: [Specific Address]) or submit the dispute to an international commercial arbitration institution (for overseas users) for arbitration in accordance with its current arbitration rules (Arbitration Place: New York, USA; Arbitration Language: English; the arbitration award is final and binding on both parties).

3. Other Provisions

• These Terms are an integral part of the GlobalPay Website User Service Agreement. If there is a conflict between these Terms and the User Service Agreement, these Terms shall prevail (unless otherwise specified in the User Service Agreement);
• Matters not covered in these Terms shall be governed by relevant international security standards, global privacy laws, and the payment industry's code of conduct;
• This Website reserves the final right of interpretation of these Terms, but the interpretation shall not violate the mandatory provisions of laws and regulations. If the interpretation conflicts with laws and regulations, the laws and regulations shall prevail.