1. General Provisions

1.1. These Rules of the payment organization Freedom Pay (hereinafter, the Rules) establish uniform terms and procedures ensuring the execution of payment transactions in the Freedom Pay System (hereinafter, the Payment Organization) and set out the general requirements for the procedure of providing payment services:

• for the sale (distribution) of electronic money;
• for the acceptance and processing of payments made using electronic money;
• for the processing of payments initiated by a client in electronic form and the transfer of the necessary information to a bank or an organization carrying out certain types of banking operations for the purpose of making a payment and/or transfer or accepting money in respect of such payments;
• for the acceptance of cash for making a payment without opening a bank account of the sender of money.

1.2. The Rules have been developed in accordance with the Law of the Republic of Kazakhstan On Payments and Payment Systems (hereinafter, the Law) and other regulatory legal acts of the Republic of Kazakhstan.

1.3. These Rules are binding upon all Participants in settlements of the Payment Organization’s system.

1.4. The conclusion by the payment organization of agreements for the provision of payment services shall be carried out in accordance with the Law, the Civil Code of the Republic of Kazakhstan, and other regulatory legal acts of the Republic of Kazakhstan. At the same time, an agreement for the provision of payment services shall be deemed concluded and shall become effective from the moment the client of the payment organization performs the actions предусмотренных in the Agreement of Accession to the Freedom Pay system or accepts the terms of the Public Offer for the sale and distribution of electronic money, as well as for making cashless payments using electronic money, posted on the payment organization’s website at: https://freedompay.kz/kz.

1.5. The Rules use the terms defined by the Law, including the Laws of the Republic of Kazakhstan On Electronic Document and Electronic Digital Signature, On Counteracting the Legalization (Laundering) of Proceeds from Crime and the Financing of Terrorism and the Financing of the Proliferation of Weapons of Mass Destruction, and other regulatory legal acts of the Republic of Kazakhstan in the field of making payments and ensuring their security.

2. Terms and definitions

The terms used in these Rules shall have the following meanings:

2.1. Authorization means the verification carried out by the payment organization of the Participants of the Electronic Money System in order to grant them the right to perform transactions using electronic money in the Payment Organization’s System, including granting access to their Personal Account. The authorization procedure shall be established by the Payment Organization and communicated to the Electronic Money Holders during registration.

2.2. Agent of the Electronic Money System (hereinafter, the Agent) means a bank, an organization carrying out certain types of banking operations, the National Postal Operator, and a payment agent engaged in the acquisition of electronic money from the issuer and from individual holders for the subsequent sale thereof to individuals on the basis of an agreement concluded with the electronic money issuer or the operator of the electronic money system.

2.3. Authentication means the procedures and set of measures established by the payment organization and communicated to the System Participants for confirming the authenticity and correctness of electronic messages, as well as for establishing the fact that an electronic message was transmitted directly by the System Participant indicated as the sender and recipient.

2.4. Continuity of functioning of the payment organization means an integrated characteristic of the Payment Organization denoting its ability to prevent disruptions to proper functioning (including prevention of suspension (termination) of transactions or improper execution of transactions), as well as to restore proper functioning in the event of such disruption.

2.5. Electronic Money Holder or EM Holder means:

• an individual, resident or non-resident, who has reached the age of sixteen and has received electronic money from the Issuer, the Agent, or from other individuals who are System Participants;
• Agents;
• individual entrepreneurs and legal entities;
• Partners that have received electronic money from Participants of the payment organization who are individuals as payment under civil law transactions.

The rights of an Electronic Money Holder shall arise from the moment of receipt of electronic money.

2.6. Issue/Issuance of Electronic Money means the issuance by the Issuing Bank of electronic money to System Participants through exchange thereof for an equal amount of money at nominal value.

2.7. Payout means the transfer of money previously credited by the Service Provider to the Bank’s specialized transit account for the purpose of subsequent transfer to the current account of the Client’s Payment Card and/or IBAN on the basis of an instruction received by the Bank from the Payment Organization.

2.8. Identification Application means an application of an individual for identification in the Payment Organization’s System, drawn up in the prescribed form, to be completed by the System Participant for the purpose of undergoing identification in accordance with these Rules and containing a condition regarding the conclusion of the relevant agreement between the Payment Organization and the System Participant.

2.9. Identification means the procedure provided for by these Rules consisting in establishing the identity of an individual upon personal presence and presentation of an identity document by such individual, or by means of remote identification on the basis of information from available sources obtained from the operational center of the interbank money transfer system.

2.10. Information on Information Security Incidents (including information on violations and failures in information systems) means information on individual or serial failures in the operation of the information and communication infrastructure or its individual objects that create a threat to their proper functioning and/or conditions for the unlawful obtaining, copying, dissemination, modification, destruction, or blocking of the electronic information resources of the payment organization.

2.11. Information Security means the state of protection of electronic information resources, information systems, and information and communication infrastructure against external and internal threats.

2.12. Information and Communication Infrastructure of the Payment Organization (hereinafter, the information infrastructure) means the aggregate of information and communication infrastructure facilities intended to ensure the functioning of the technological environment for the purpose of generating electronic information resources and providing access thereto.

2.13. Information Asset of the Payment Organization means the aggregate of information and an information and communication infrastructure object used for its storage and/or processing.

2.14. Information Security Incident (including violations and failures in information systems) (hereinafter, an information security incident) means individual or serial failures in the operation of the information and communication infrastructure or its individual objects that create a threat to their proper functioning and/or conditions for the unlawful obtaining, copying, dissemination, modification, destruction, or blocking of the electronic information resources of the payment organization.

2.15. Use of Electronic Money means the transfer of electronic money by one System Participant to another System Participant for the purpose of making payment under civil law transactions and/or other operations related to the transfer of ownership rights to electronic money.

2.16. Payment History means a section in the Personal Account of the Electronic Money Holder containing a chronological record of payments and other transactions carried out in the System by the Electronic Money Holder using electronic money.

2.17. EM Conversion / Conversion means an intra-system transfer of electronic money into electronic money of another payment service with reflection of the electronic money acquired through conversion in the electronic wallets of other payment organizations. If such service is provided within the framework of the payment organization, information thereon shall be additionally posted on the payment organization’s internet resource.

2.18. Client means an individual possessing the proper legal capacity/capacity to act, making payments using the System, and also deemed to have accepted the terms of public offers, rules of activity, and agreements of accession to the System, which form the basis for the provision of payment services using the System. Clients shall also include a legal entity / individual entrepreneur in accordance with the legislation of the Republic of Kazakhstan, who has performed conclusive actions aimed at concluding an agreement for the provision of payment services and, in the established cases, depending on the interaction, possesses Authentication Data for access to the System for the purpose of managing its Account and the subsequent provision by the payment organization of the payment services предусмотренных by the Rules.

2.19. Personal Account means the personal section of the Electronic Money Holder on the payment organization’s internet resource, through which the electronic money holder has access to their electronic wallet in order to obtain the necessary information on the balance of electronic money, transactions carried out thereunder, making payments and other transactions using electronic money in the manner provided for by these Rules and concluded agreements. The list of services provided through the Personal Account of the Electronic Money Holder shall be established by the payment organization.

2.20. Login means a unique sequence of symbols designating the conventional name of the Electronic Money Holder in the System and used for the purpose of authorization to access the Personal Account.

2.21. International Payment System (IPS) means a system of settlements between banks of different countries using unified standards of payment instruments of such system.

2.22. Operator of the Electronic Money System / Operator means Freedom Pay LLP, which is a payment organization and ensures the functioning of the Electronic Money System, including collection, processing, and transmission of information generated when carrying out transactions using electronic money. Transactions involving electronic money include issuance (performed by the Issuing Bank), distribution, use, and redemption of electronic money.

2.23. Information Security Assurance means the process aimed at maintaining the confidentiality, integrity, and availability of the information assets of the payment organization.

2.24. Offer means a public offer for the provision of payment services by the payment organization for the sale of electronic money, as well as for cashless payments using electronic money, posted on the payment organization’s internet resources.
Within the framework of these Rules, for the purposes of providing the payment service of processing payments initiated by the client in electronic form and transmitting the necessary information to a bank or an organization carrying out certain types of banking operations for making a payment and/or transfer or accepting money in respect of such payments, the Agreement of Accession to the Freedom Pay system posted on the payment organization’s internet resource shall be used.

2.25. Password means a unique sequence of symbols known only to the Electronic Money Holder, intended for access to the payment organization’s services.

2.26. Redemption of Electronic Money means a service of the Issuing Bank of Electronic Money providing for the exchange by the issuer of electronic money issued by it, presented by the Electronic Money Holder or subject to exchange without presentation by the holder in cases provided for by the laws of the Republic of Kazakhstan, for an equal amount of money at their nominal value.

2.27. Partner means legal entities, individual entrepreneurs, and other persons accepting electronic money of the Payment Organization’s System as payment for goods supplied, works performed, and/or services rendered by them.

2.28. Software and Technical Means of the Payment Organization means the software and technical means of the Payment Organization ensuring the provision of services to System Participants for carrying out transactions with electronic money.

2.29. Recipient of Payment/Transfer means a legal entity or an individual registered as an individual entrepreneur, having concluded a separate agreement with the payment organization and in whose favor the Client makes a payment for Goods, or an individual receiving money from the Client not related to entrepreneurial activity.

2.30. Protection Perimeter of the Information and Communication Infrastructure means the aggregate of hardware and software means separating the information and communication infrastructure of the payment organization from external information networks and ensuring protection against information security threats.

2.31. Security Procedures means a set of organizational measures and software and technical means of information protection intended to certify the rights of the electronic money holder to use electronic money and to detect errors and/or changes in the content of transmitted and received electronic messages when using electronic money.

2.32. Service Provider (Merchant) means a trade and service enterprise providing services for the sale of goods, works, and/or services to third parties and having concluded the relevant Agreements with the payment organization for the provision of payment services.

2.33. Freedom Pay System / System means the aggregate of software and technical means, documentation, and organizational and technical measures ensuring information technology interaction between Participants in settlements for payment services established within the framework of these Rules.

2.34. Participants in Settlements of the System / Participants means the Issuer, Agent, payment organization, individuals (residents and non-residents who have reached the age of sixteen), and Partners who have undertaken the obligation to comply with the rules of the payment organization.

2.35. Information Security Threat means the aggregate of conditions and factors creating prerequisites for the occurrence of an information security incident.

2.36. Electronic Money / EM means unconditional and irrevocable monetary obligations of the Issuer stored in electronic form and accepted as a means of payment in the Payment Organization’s System by the Participants. Electronic money is denominated in the national currency of the Republic of Kazakhstan, the tenge.

2.37. Electronic Wallet means a microprocessor (chip), personal computer software, or other software and technical means in which electronic money is stored and/or which provides access thereto, opened with the payment organization.

2.38. Electronic Message means any message generated electronically and transmitted between System Participants through a secure communication channel.

2.39. Issuing Bank means a bank having contractual relations with the Operator for the issuance and redemption of Electronic Money in respect of transactions carried out by settlement participants using Electronic Money.

2.40. Payment Agent means a legal entity or individual entrepreneur having concluded an agency agreement for the provision of payment services with a bank, an organization carrying out certain types of banking operations, or a payment organization.

2.41. Payment Subagent means a legal entity or individual entrepreneur having concluded an agency agreement for the provision of payment services with the Payment Agent.

3.1. Services for the sale (distribution) of electronic money:
Services for the sale (distribution) of electronic money are provided by the payment organization acting as the System Operator on the basis of an agreement for the issuance and redemption of electronic money concluded between the payment organization and the Issuing Bank of electronic money. In accordance with the terms of such agreement, the payment organization performs the functions of the System Operator and carries out activities to ensure the acquisition of electronic money by System Participants from the Issuing Bank, as well as to ensure the execution of transactions using such electronic money.
For the purpose of ensuring transactions with electronic money, the payment organization may additionally conclude information technology interaction agreements with Agents of electronic money. On the basis of such agreements, the Agents acquire the status of Participants in the System’s settlements and obtain the ability to acquire, sell, and submit electronic money for redemption within the System. In addition, on the basis of payment services agreements concluded by the payment organization with the Issuing Bank, the Payment Organization may act as an Agent of the Electronic Money System and carry out activities for the acquisition of electronic money from the Issuing Bank and individual holders for their subsequent sale to individual Clients in accordance with the Law.
The legal relationships established by these Rules in the part relating to the sale and distribution of electronic money between the Participants in settlements shall be governed by the requirements of the Law and by the contractual terms established between the Issuing Bank and the Operator, the Operator and the Agents, and the Operator and the Clients (the latter legal relationships being governed on the basis of the Offer posted on the website at https://freedompay.kz/kz).

3.1. Services for the acceptance and processing of payments made using electronic money:
Payments using electronic money shall be made in compliance with the requirements of the current legislation of the Republic of Kazakhstan.
All settlements using electronic money constitute the transfer of electronic money by its holder to another System Participant for the purpose of making payments under civil law transactions and/or other operations related to the transfer of title to electronic money. The Operator of the Electronic Money System shall ensure the collection, processing, and transmission of information generated in the course of transactions using electronic money. For the purpose of providing payment services, the Operator shall conclude agreements with service providers. In order to ensure the continuity of the processes of issuance and redemption of electronic money, the Operator must maintain contractual relations with the Issuing Bank of electronic money. In addition, the Operator may conclude other information technology interaction agreements with Agents of electronic money ensuring the possibility for Clients of the System to acquire and sell electronic money.

3.2. Services for processing payments initiated by the client in electronic form and transmitting the necessary information to a bank or an organization carrying out certain types of banking operations for making a payment and/or transfer or accepting money in respect of such payments:
The services are provided by the payment organization on the basis of separate agreements concluded with the Acquiring Bank. Within the framework of such agreement, the payment organization processes information on a payment initiated by the Client using payment cards, indicating the payment purpose details and the ultimate beneficiary. The payment organization ensures the transmission of the payment details for execution in favor of the relevant Acquiring Bank. The Acquiring Bank, in turn, executes the Client’s instruction transmitted through the payment organization in electronic form and performs the actual debiting and crediting of the payment in favor of the ultimate beneficiary.

3.3. Services for the acceptance of cash for making a payment without opening a bank account of the sender of money (hereinafter, the Service) are provided by the payment organization within the framework of agreements concluded between the payment organization and the Clients (suppliers of goods/works/services), the terms of which may provide for the possibility of engaging Payment Agents and/or Payment Subagents on the part of the payment organization for the provision of payment services on the basis of separate agency/subagency agreements for the provision of payment services concluded between the payment organization and the Payment Agent, and between the Payment Agents and the Payment Subagents (where a Payment Subagent is engaged). The services are provided to Clients by accepting cash from Clients (the sender of money) deposited through an electronic terminal or cash desk at the relevant payment acceptance points of the payment organization or its Payment Agent. Between the Client, the payment organization, the Payment Agent, and the servicing bank (a partner of the payment organization), using the relevant software and technical means, the possibility is established for the acceptance, processing, storage, and transmission of information on the accepted payment, the payer, and additional parameters indicating under which contractual obligations and in favor of which Client of the payment organization the relevant payment has been accepted.

4.1. Procedure for Providing the Service for the Sale (Distribution) of Electronic Money:
4.1.1. In order to acquire electronic money, the Client must register an electronic wallet. Registration shall be carried out using the subscriber telephone number.

4.1.2. In order to register an electronic wallet, the Client must review the terms of the Offer of the payment organization posted on the Website of the Payment Organization and, if agreeing thereto, the Client shall perform full and unconditional acceptance of the Offer.

4.1.3. By taking actions to register an electronic wallet, the Client accepts the terms of the Offer and also fully and without any reservations accepts the terms of the Offer for the provision of cashless payment services using electronic money within the electronic money system of the Payment Organization.

4.1.4. Registration of the Client’s electronic wallet in the System, as well as the acquisition of electronic money and subsequent replenishment of the balance of the electronic wallet, may be carried out by the Client through top-up of the electronic wallet in cash via electronic terminals of payment agents/subagents, ATMs, financial internet portals, as well as by using payment cards and other electronic payment methods, the list of which is posted on the Website of the System, as follows:

4.1.4.1. Issuance of EM shall be carried out by the EM issuer after receipt of money from the Client or Agents in an amount equal to the nominal value of the obligations assumed.

4.1.4.2. At the time of sale of EM to the Client, a sales receipt shall be issued to the Client.

4.1.5. The sales receipt shall contain the following details:

• name and details of the issuer, including its business identification number;
• time and date of the transaction;
• serial number of the receipt;
• amount of money accepted or payments received from the electronic money holder;
• amount of electronic money issued;
• identification code of the electronic wallet of the electronic money holder who is an individual;
• amount of commission remuneration (if charged).

Additional details established by the Issuing Bank of electronic money may also be reflected in the sales receipt.

4.1.6. Electronic money shall be deemed sold to the Client from the moment information on the available balance is reflected in the Client’s electronic wallet.

4.1.7. The timeframe for provision of the payment service shall be 1 (one) business day from the moment of receipt of money from Clients, EM.

4.2. Procedure for Providing the Service for Acceptance and Processing of Payments Made Using Electronic Money:

4.2.1. In the EM System, the payment organization is the Operator of the EM System. According to the Offer, the Operator of the EM System provides Clients with services for acceptance and processing of payments made using EM.

4.2.2. For the purpose of receiving the payment service, the Client must complete registration in the EM System and acquire EM. After registration of the Client’s account in the EM System and acquisition of EM, the Client shall be entitled to use the EM System, including to access the account balance for the purpose of making payments.

4.2.3. Payments shall be made by the Client by generating, certifying, and transmitting via the EM System to the Issuing Bank of electronic money an instruction using EM to make a payment in favor of a specific Payment Recipient in electronic form.

4.2.4. To generate an instruction, the Client shall provide the payment details (including information on:

• the Payment Recipient in whose favor the payment is made using electronic money;
• payment details identifying the purpose of payment (such as the number and date of the agreement between the Client and the Payment Recipient, and other details depending on what information is required to be provided at the time of payment);
• the payment amount; etc.)
• by one of the following methods:
• by completing the relevant form on the Website;
• by completing the relevant form on an electronic terminal of a payment agent/subagent;
• by completing the relevant form on a mobile device using the EM System mobile application.

4.2.5. Certification of the instruction to make a payment shall be carried out depending on the settings of the EM System established by the Client himself/herself:

• by entering the Authentication Data assigned to the Client at the time of registration of the Client Account;
• by entering the Authentication Data assigned to the Client at the time of registration of the Client Account, as well as entering the Confirmation Code sent/transmitted to the Subscriber Number by software means of the Payment Organization;
• by using commands through Message-confirmation of payments.

4.2.6. Entry of correct Authentication Data, Confirmation Codes, or commands through Message-confirmation of payments shall be recognized by the parties as an unambiguous and indisputable confirmation of the payments made.

4.2.7. The use of Authentication Data in electronic messages transmitted by the Client for the purpose of authorizing the Account and using the EM System, Confirmation Codes, and commands transmitted through Message-confirmation for the purpose of generating and sending instructions shall give rise to legal consequences analogous to the use of handwritten signatures in accordance with the requirements of the legislation of the Republic of Kazakhstan, and all documents related to performance of the Service Agreement concluded on the terms of the Offer and certified by any of the above methods shall be recognized as documents in written form.

4.2.8. After verifying the correctness of the Authentication Data, Confirmation Codes, or commands transmitted through Message-confirmation entered by the Client, as well as the sufficiency of the amount of electronic money on the balance of the Client’s Account for making the payment, the Payment Organization shall transmit the information specified by the Client in the instruction to the Issuer and shall also notify the Client of acceptance for execution or refusal to execute the relevant instruction by the issuer of electronic money.

4.2.9. Execution by the Issuer of the Client’s instructions to make a payment shall be carried out on the terms established by the Offer for the provision of cashless payment services using Electronic Money within the System.

4.2.10. The Payment Organization undertakes to record in the electronic accounting register the occurrence, change, or termination of the mutual rights and obligations of the parties under the Service Agreement entered into by the Client by acceding to the Offer through performance of conclusive actions provided for by the Offer.

4.2.11. The Client shall be informed of each payment made by posting information in the “Reports” section of the Client’s Account, access to which is provided to the Client on the Website of the System. The Client undertakes to check the information in the “Reports” section at least 1 (one) time per day. If the Client does not check information on payments made in the “Reports” section on the Website of the System, the Payment Organization shall not be liable in connection with the Client’s failure to receive information about the transaction. By accepting the Offer, the Client acknowledges and confirms that from the moment information on the payment made is posted in the “Reports” section on the Website of the System, the obligation of the Payment Organization to inform the Client shall be deemed duly performed.

4.2.12. The Payment Organization may also send the Client SMS notifications regarding debit transactions (except for transactions involving payment in favor of the Payment Organization) and transactions replenishing the Client’s Account to the Subscriber Number specified upon registration of the Client’s Account.

4.3. Registration in the Electronic Money System of Partners — suppliers of goods/works/services accepting electronic money as payment:

4.4. For a legal entity and/or an individual entrepreneur (hereinafter, the Partner) to accept electronic money as payment, a Partnership Agreement for acceptance of electronic money by the Payment Organization shall be concluded in a form agreed between the Partner and the Payment Organization.

4.5. For registration of the Partner in the EM System, the Partner shall perform the following actions:

• Complete the service provider questionnaire for connection to the EM System;
• After submission of the questionnaire, the procedure for approval and signing of the agreement between the Partner and the Payment Organization shall take place.
• Based on the assigned unique Partner identifier, connection to the EM System shall be performed.

4.6. Procedure for Generating Statistical and Other Reporting for the Issuer of Electronic Money:

4.6.1. The Payment Organization shall daily transmit to the Issuer the following set of incoming files and reports containing information on transactions performed using electronic money:

1) Incoming files (registers) intended for automated accounting of transactions:

• transaction detail file for transactions carried out in the EM System;
• file of aggregate amounts by counterparties with breakdown by provider/agent code;
• file of aggregate amounts by counterparties, being the result of grouping the transaction detail file by transaction code and unique contract identifier;
• file of payment orders executed by Clients through the Website of the System or electronic terminals of payment agents/subagents;
• file of consolidated payment orders generated by grouping payment orders executed by Clients;
• file of turnover and balances by wallets;

2) Reports: report on settlements with counterparties for transactions involving payment for goods and services and wallet top-ups in human-readable format (repeats the contents of the file of aggregate amounts by counterparties).

• report on settlements with counterparties for transactions involving payment for goods and services and wallet top-ups in human-readable format (repeats the contents of the file of aggregate amounts by counterparties).
• report on consolidated payment orders (loan repayments) in human-readable format (repeats the contents of the file of consolidated payment orders);
• report on balances and turnover by wallets.

4.6.2. On a quarterly basis, a report for the National Bank of the Republic of Kazakhstan shall also be generated and submitted in accordance with the requirements established by the regulatory legal acts of the National Bank of the Republic of Kazakhstan.

4.7. Procedure for Reflection of Electronic Wallets in the EM System (Scheme of Cash and Information Flows):

4.7.1. According to the below scheme of movement of cash and information flows between the participants of the EM System, issuance (emission) of electronic money shall be carried out by the Issuer after receipt of money from Clients (individuals, agents, individual entrepreneurs, and legal entities), subject to registration in the EM System in accordance with the Rules.

4.7.2. Issuance of electronic money to the Client shall be carried out by the Issuer after the Client makes payment by cashless transfer of money.

4.7.3. When depositing or transferring money, the Client shall indicate the number of the Electronic Wallet opened in the EM System to which the electronic money acquired by the Client is to be credited.

4.7.4. In the event money is deposited by third parties for crediting EM to the Client’s Electronic Account, the rights and obligations in relation to the acquired/gratuitously received EM shall arise for the Client as the owner of the electronic wallet. Such actions shall be regarded as performed by third parties in the interests of the owner of the electronic wallet.

4.7.5. The Issuer shall ensure that the total amount of money received from Clients reflected in its balance sheet account corresponds to the amount of electronic money recorded in the Issuer’s position in the EM System.

4.7.6. The Client’s EM shall be deemed issued by the Issuer from the moment information on the available amount of EM is reflected in the Electronic Wallet.

4.7.7. The Payment Organization shall verify the data received from the Issuer and reflect the amount of issuance of electronic money specified in the electronic message of the Issuer in the Issuer’s position in the EM System and in the Client’s Electronic Wallet.

4.8. Use and Redemption of Electronic Money:

4.8.1. EM shall be used by its holder for the purpose of making payments under civil law transactions, as well as for performing other transactions on the terms defined by the Rules and not contrary to the legislation of the Republic of Kazakhstan.

4.8.2. Payments and other transactions using EM shall be carried out by its Holder in favor of an identified holder of electronic money.

4.8.3. Electronic money held by an unidentified individual shall not be subject to redemption or sale to an Agent (acquisition by an Agent).

4.8.4. A Partner that has received EM in the System in the course of civil law transactions shall acquire a monetary claim against the Issuing Bank in the amount of the payment received.

4.8.5. The maximum amount of a single transaction carried out by an unidentified holder of electronic money who is an individual shall not exceed an amount equal to three times the monthly calculation index established for the relevant financial year by the law on the republican budget. (These requirements came into effect on March 19, 2026.)

4.8.6. The maximum amount of electronic money stored on one electronic device of an unidentified holder of electronic money who is an individual shall not exceed an amount equal to three times the monthly calculation index established for the relevant financial year by the law on the republican budget. (These requirements came into effect on March 19, 2026.)
The aggregate amount of payments and/or other transactions using electronic money from the electronic wallet of an unidentified holder of electronic money who is an individual during a business day shall not exceed an amount equal to three times the monthly calculation index established for the relevant financial year by the law on the republican budget. (These requirements came into effect on March 19, 2026.)

4.8.7. Redemption of EM is a payment service providing for the exchange by the Issuer of electronic money issued by it, presented by Clients/Partners/Agents, or subject to exchange without presentation by the holder in cases provided for by the laws of the Republic of Kazakhstan, for an amount of money equal to their nominal value.

4.8.8. Redemption of EM shall be carried out by the Issuer by transferring an amount of money equal to their nominal value to the bank account of the Client as holder of electronic money who is an individual, or by issuing cash to such Client.

4.8.9. For redemption of EM to the bank account of the Client — EM Holder through the mobile application and/or the Website of the System, the Client shall generate an instruction for redemption of electronic money, in which the Client shall indicate the amount of electronic money to be redeemed and specify the bank account to which the redemption of electronic money is to be made. The Payment Organization shall send the Client’s instruction to the Issuer for carrying out the redemption procedure. Before redemption, the Issuer shall carry out a procedure for verification of the bank account specified by the holder of electronic money to which the electronic money is to be redeemed:

• if, upon verification by the Issuing Bank of the data specified by the holder of electronic money/client in the instruction, the bank account belongs to the client, the transaction shall be deemed successful and the issuer shall redeem the electronic money to the client’s bank account;
• if, upon verification by the Issuing Bank of the data specified by the Client in the instruction, the bank account does not belong to the Client, redemption of the electronic money shall not be carried out. The Client shall be sent a notification of the incomplete EM redemption transaction due to mismatch between the identification data of the holder of electronic money and the owner of the bank account.

4.8.10. Transactions for redemption of electronic money to unidentified holders of electronic money are unavailable. If the Client initiates a transaction for redemption of electronic money, the Client shall be sent a notification of the impossibility of carrying out such transaction, with a proposal to undergo the full identification procedure indicating the addresses where the holder of electronic money may apply to undergo full identification (personal presence on the side of the payment organization) or through remote identification on the basis of information from available sources obtained from the operational center of the interbank money transfer system. Identification of the holder of electronic money shall be carried out by the Issuing Bank and/or the Operator of the electronic money system upon the personal presence of the holder of electronic money and presentation by him/her of an identity document, or by means of remote identification on the basis of information from available sources obtained from the operational center of the interbank money transfer system. The issuer of electronic money shall be obliged to identify an individual in the event such individual acquires electronic money in an amount exceeding three times the monthly calculation index established for the relevant financial year by the law on the republican budget.

4.8.11. The Issuer shall reconcile the data received and shall also send a message to the payment organization regarding redemption of electronic money under the relevant application of the Client.

4.8.12. Upon redemption of electronic money, the amount of money issued shall correspond to the amount of electronic money presented for redemption.

4.8.13. It is prohibited to redeem electronic money by transferring money to a bank account or an electronic payment instrument of the holder of electronic money who is an individual without obtaining confirmation that such bank account or electronic payment instrument belongs to the relevant individual.

4.9. Procedure for Closing an Electronic Wallet in the Electronic Money System

4.9.1. Upon closing the Electronic Wallet by the Client in the mobile application and/or on the Website of the System, an instruction for closing the Electronic Wallet shall be generated indicating the withdrawal method permitted by the Operator for Electronic Money. If the Client is unidentified and intends to redeem electronic money with subsequent closure of the electronic wallet, the Client must undergo the identification procedure, since redemption of EM in favor of an unidentified EM holder is not permitted. After completion of such procedure, the Client shall send an instruction to close the Electronic Wallet and to withdraw electronic money by the methods indicated above. After redemption of the electronic money, the payment organization shall process in the System the Client’s instruction to close the Electronic Wallet.

4.9.2. If there is no EM in the Client’s Electronic Wallet, the legislation of the Republic of Kazakhstan does not require completion of the identification procedure for closure of the Electronic Wallet.

4.10. Identification of the Holder of Electronic Money — Individual:

4.10.1. Identification in the System is a full identification procedure of an individual. According to the requirements of the Law, the issuer of electronic money shall be obliged to identify an individual in the event such individual acquires electronic money in an amount exceeding three times the monthly calculation index established for the relevant financial year by the law on the republican budget. Identification of the holder of electronic money shall be carried out by the issuer of electronic money and/or the operator of the electronic money system upon the personal presence of the holder of electronic money and presentation by him/her of an identity document, or by means of remote identification on the basis of information from available sources obtained from the operational center of the interbank money transfer system.

4.10.2. Identification shall include the following measures:

• recording information necessary for identification of an individual performing a transaction with money or other property and/or other property: details of the identity document, individual identification number, as well as legal address;
• recording information necessary for identification of a legal entity performing a transaction with money or other property and/or other property: details of incorporation documents, business identification number, as well as address of location.

4.10.3. The timeframe for provision of the payment service shall be within 1 (one) business day following the day of receipt of the payment.

4.10.4. Additional conditions within the framework of compliance with Resolution No. 11 of the Board of the National Bank of the Republic of Kazakhstan dated February 28, 2022 “On Approval of the Requirements for Internal Control Rules for the Purpose of Counteracting the Legalization (Laundering) of Proceeds from Crime, Financing of Terrorism and Financing of the Proliferation of Weapons of Mass Destruction for Payment Organizations”:
- An organization acting as the operator of an electronic money system may open no more than three electronic wallets for one holder of electronic money within one electronic money system.
- The organization shall take measures for enhanced monitoring of transactions of clients who are holders of two electronic wallets within one electronic money system.
An organization processing transactions using electronic money shall ensure generation in its automated system of complete information on the parameters of each transaction using electronic money, including the following information:

1. Transaction identifier within the electronic money system;
2. Date and time of the transaction;
3. Information on the electronic wallets of the sender and recipient (unique identifier, identification status of the holder);
4. Information on the sender of electronic money (if available);
5. Information on the recipient of electronic money;
6. Transaction purpose code;
7. Name of the payment service provider (payment intermediary), including a foreign one, in whose favor transfer of electronic money is made from the sender for payment for services of third parties not represented in the electronic money system as service providers;
8. Information on redemption of electronic money (bank, bank account number).

When transferring electronic money from the sender in favor of a payment service provider (payment intermediary), including a foreign one, for payment for services of third parties not represented in the electronic money system as service providers, the Organization shall ensure display of the full chain of participants of the transaction in the payment document (check, receipt, statement of details).

4.11. Procedure for Providing the Service for Processing Payments Initiated by the Client in Electronic Form and Transmitting the Necessary Information to a Bank or an Organization Carrying Out Certain Types of Banking Operations for Making a Payment and/or Transfer or Accepting Money in Respect of Such Payments (hereinafter, the “payments”):

4.11.1. The payment processing service shall be carried out as follows:

4.11.1.1. The Payment Organization, within the framework of the agreement concluded with the servicing Acquiring Bank, shall ensure processing of payments initiated by the Client using payment cards, indicating the details of the purpose of the relevant payment and the beneficiary of the relevant payment, followed by ensuring transmission of the payment details for its execution in favor of the relevant Bank, and the Bank, in turn, shall execute the Client’s instruction transmitted through the Payment Organization in electronic form.

4.11.1.2. Initiation of payments by the Client shall be carried out by means of WEB applications, online applications, mobile applications (applications for mobile devices), self-service terminal software, widgets, and other applications ensuring the possibility for the Client to initiate in electronic form instructions for debiting money from the Client’s payment card with subsequent crediting thereof in favor of the Bank for the purpose of further execution of the Client’s order/instruction received by the Payment Organization from the Client and transmitted by the Payment Organization to the acquiring bank.

4.11.1.3. When providing the payment service, the Payment Organization shall ensure the following algorithm of actions:

• The Client, via the internet, mobile telephone, or self-service terminal, accesses the relevant application of the Payment Organization;
• The Client reviews the tariff (amount of the fee) for the provision by the Payment Organization of the relevant service;
• The Client reviews the terms of provision of the payment service and agrees to the terms of the Agreement of Accession to the System posted in the relevant application;
• The Client initiates in the application a payment in favor of the Service Provider;
• The Client enters into the electronic application the details for execution of the payment by the Acquiring Bank;
• To pay the payment and/or transfer money, the Client enters the details of the payment card and bank account;
• The Payment Organization, by means of a request to the acquiring bank, initiates the Client’s instruction received in electronic form;
• The Bank, upon receiving confirmation from the Payment Organization and the Client, debits from the Client’s payment card and/or current account the amount of the transaction initiated by the Client, including the commission remuneration of the Payment Organization;
• The Payment Organization receives from the Acquiring Bank confirmation of execution of the payment;
• The Payment Organization issues to the Client an electronic confirmation evidencing performance by the client of the transaction and deduction from the client of the commission of the Payment Organization;
• The Bank, on the basis of the data received in electronic form during the transaction, transfers money under the transactions to the current account of the Service Provider and/or to the Client’s bank card and/or IBAN, less the commission remuneration of the Bank and the Payment Organization.
• Transfer by the Acquiring Bank to the current account of the Service Provider for completed payments, as well as to the Client’s bank card and/or IBAN within the framework of payouts received from the Service Provider, shall be carried out by the Bank in the currency permitted by the special transit account of the servicing Bank.

4.11.2. The timeframe for provision of the payment service shall be within 1–4 business days following the day of receipt of the payment.

4.11.3. Within the framework of payout transactions: A payout transaction represents sequential execution by the payment organization of the instruction of the Service Provider initiated by it using the System for transfer of money in favor of the transfer recipient (an individual who is a client of the Service Provider). To perform a payout transaction, the Service Provider shall replenish the specialized transit account with its own funds to enable initiation of transfers in favor of transfer recipients through the System of the payment organization. Also, at the initiative and request of the Service Provider itself, payouts may be made from the amounts of payments accepted through the System in favor of the Service Provider. For the purposes of avoiding discrepancies, the payment organization establishes that transactions shall be carried out by the bank using a specialized transit account. The payment organization shall receive payout requests from Service Providers in real time and, upon receipt of such request, shall transmit to the bank payment information regarding the need to debit money from the bank’s specialized transit account and credit money to the payment card of the relevant transfer recipient. Upon receipt of information from the payment organization, the Bank shall transfer money from the specialized transit account to the payment card of the transfer recipient. The payment organization shall inform Clients in real time of the result of each transaction performed. To perform payout transactions, the payment organization shall conclude an agreement with the bank for provision of payout transaction services, pursuant to which the payment organization shall ensure transmission to the bank of payment information received from the Service Provider through the System containing the details of the payment card of the transfer recipient. General procedure of actions:

• The payment organization provides the Service Provider with access to the Personal Account for performing the Payout transaction;
• The Service Provider ensures replenishment of the specialized transit account with funds for the purposes of performing payout transactions;
• The Service Provider sends to the payment organization a payout request transmitting data through the communication channel (API channel) of the payment organization;
• The payment organization, after receiving data from the Service Provider, through the communication channel with the bank generates payment information for the bank to perform the Payout transaction; the bank transfers money from the specialized transit account to the payment card of the transfer recipient.

4.12. Services for acceptance of cash for making a payment without opening a bank account of the sender of money (hereinafter, the “service”) shall be provided by the payment organization within the framework of agreements concluded between the payment organization and Clients (suppliers of goods/works/services), the terms of which may provide for the possibility of engaging Payment Agents and/or Payment Subagents on the part of the payment organization for the provision of payment services on the basis of separate agency/subagency agreements for the provision of payment services concluded between the Payment Organization and the Payment Agent, and between Payment Agents and Payment Subagents (where a Payment Subagent is engaged). The services shall be provided to Clients by accepting cash from payers (the sender of money) deposited through an electronic terminal or cash desk at the relevant payment acceptance points of the payment organization or its Payment Agent. Between the Client, the payment organization, the Payment Agent, and the servicing bank (a partner of the payment organization), using the relevant software and technical means, the possibility shall be established for acceptance, processing, storage, and transmission of information regarding the accepted payment, the payer, and additional parameters indicating under which contractual obligations and in favor of which Client of the payment organization the relevant payment has been accepted.

4.12.1. The acceptance of cash for making a payment without opening a bank account of the sender of money shall be carried out by the sender of money depositing cash through the cash desk or electronic terminal and (device) of the Payment Agent/Subagent (hereinafter in this section of the Rules referred to as the “payment service”). Upon deposit of cash, the sender of payment shall be issued a document confirming the payment. Payment agents/subagents, when providing payment services, shall act on behalf of the payment organization.

4.12.2. The payment service shall be provided in the following manner:

1. The Payment Agent shall conclude a payment services agreement with the payment organization.
2. The payment organization shall maintain a register of Payment Agents/Subagents and shall also monitor compliance by Payment Agents/Subagents with the requirements of the Law on Payments and the terms and conditions for the provision of payment services set out in agency agreements for the provision of payment services.
3. The Payment Agent/Subagent shall undergo registration in the System with assignment by the Payment Organization of a personal ID. Authorization of the Payment Agent/Subagent in the System using the personal ID shall serve as the identifier of the agent/subagent in the System.
4. By agreement of the parties, the service may be provided using an advance payment for the planned volume of Payments. For this purpose, the Payment Agent/Subagent shall open a current account with a partner bank of the Payment Organization with an auto-balancing function for the amounts of accepted Payments (at the request of the agent/subagent, the Bank shall automatically transfer a certain amount of money from the current account of the agent/subagent within a period agreed with the agent/subagent, in accordance with the required conditions). The amount of the advance payment made by the Payment Agent/Subagent shall be recorded on its balance in the System. The Payment Agent/Subagent undertakes to maintain in the above account a minimum non-reducible balance of funds (guaranteed amount/contribution) sufficient to fulfill its obligations to the Payment Organization and the Client in respect of the Payment being made.
5. Upon completion of a payment, the Payment Agent/Subagent shall, in real time, transmit data on the accepted Payment to the System. The Payment Agent/Subagent shall be obliged to transmit to the System data on each accepted Payment directly during the period of acceptance of the Payment, without errors or distortions. Each operation involving transmission of data on a Payment shall be carried out automatically via a communication channel, while authorization of the Payment Agent/Subagent in the System shall constitute authorization of the dispatch of payments.
6. Upon receipt from the Payment Agent/Subagent of information on the Payment, the payment organization shall debit from the balance of the Payment Agent/Subagent an amount equal to the accepted payment and credit it to the Client’s personal account. At the same time, if the amount of the guarantee contribution on the balance of the Payment Agent/Subagent is insufficient to fulfill its obligations in respect of the accepted Payment, such obligation of the Payment Agent/Subagent shall be unsecured, and the Payment Organization shall have the right to suspend performance of the agreement or grant the Payment Agent/Subagent a deferral in remittance of the payment (commercial credit or overdraft) on the basis of a separate agreement concluded by the Payment Organization with the Payment Agent/Subagent or a letter of guarantee.
7. After acceptance of the Payment, the Payment Agent shall be obliged to issue to the Client a receipt confirming the use of the electronic terminal (device) or cash desk of the Payment Agent/Subagent.
8. When accepting Payments, the Payment Agent/Subagent may charge a commission on the Payment. The amount of the commission shall be determined in the agreement concluded between the Payment Organization and the Payment Agent/Subagent.
9. On a monthly basis, the Payment Agent/Subagent shall provide the Payment Organization with a report on accepted payments signed on its part, a certificate of completed works, and an invoice for the amount of remuneration, on the basis of which reconciliation of mutual settlements shall be carried out.

4.12.3. The payment service shall be provided within 1 (one) business day following the day of acceptance of the payment.

4.12.4. Procedure for Interaction Between the Payment Organization and the Client:

1. The Payment Organization shall conclude agreements with Clients for the provision of payment services for the acceptance of cash.
2. The agreement for the provision of payment services shall set out the terms and conditions governing the crediting of money from the bank account of the Payment Organization to the bank account of the Client, the rights and obligations of the parties, the terms for charging the remuneration of the Payment Organization, and other mandatory provisions.
3. The Client of the Payment Organization shall also undergo registration in the System for the purpose of transmitting information on accepted Payments made in its favor.
4. By agreement of the parties, the contractual terms may provide for conditions under which the Payment Organization ensures advance payments (preliminary reimbursement) for the planned volume of Payments, with the relevant amount reflected on the settlement balance, or the agreement may provide for conditions for the acceptance and processing of Payments without preliminary reimbursement, by way of remittance (transfer) of the Payment by the Payment Organization to the Client on a periodic basis.

5.1. The tariffs of Freedom Pay LLP for payment services are established by Appendix No. 1 to the Rules.

6.1. Third parties are legal entities and individual entrepreneurs who:

• provide services to the Payment Organization or act in the interests of the Payment Organization;
• are not part of the group of companies of the Payment Organization and are not employees of the Payment Organization.

6.2. Connection of a third party’s information systems to the systems of the Payment Organization shall be carried out on the basis of a concluded agreement for the provision of information and/or technological services or agency agreements for the acceptance of payments, which must mandatorily include provisions on non-disclosure of confidential information.

6.3. The non-disclosure agreement on confidential information shall establish the obligation of the third party to maintain the confidentiality of information, as well as liability for disclosure of confidential information to which it is granted access.

6.4. The concluded agreement or non-disclosure agreement on confidential information must take into account the standard provisions regarding the third party’s compliance with information security requirements. Such requirements shall include at a minimum the following:

• obligations to maintain the required level of information security;
• liability for breach of the said obligations;
• measures for notification of information security incidents and breaches in the information protection system.

6.5. Procedure for interaction when working with Service Providers:
The Payment Organization shall conduct marketing research on a regular basis, including market analysis, competitiveness analysis, and consumer capacity analysis. When onboarding a new Service Provider into the System, the commercial department of the Payment Organization shall carry out an economic analysis of its activities. After carrying out the above actions and making a positive decision regarding cooperation with the Service Provider, all necessary documents shall be requested from the latter within the framework of an assessment for compliance with the requirements of legislation in the field of legalization, counteraction, and anti-money laundering. In the absence of compliance risks, technical documentation shall be exchanged for connecting the Service Provider to the System via the API technical interaction protocol. The Service Provider shall be entered into the System with the provision of a Personal Account and the relevant access rights, through which the latter shall have the ability to view any transactions carried out in favor of such Service Provider. In addition, through the Personal Account, the Service Provider shall have the ability to download all necessary registers and to view all deductions made by the Payment Organization.

6.6. Conclusion of an agreement with the Service Provider:

• After completion of all actions in accordance with Section 6 of the Rules, an Agreement shall be concluded between the Payment Organization and the Service Provider.
• The Payment Organization shall conclude a payment services agreement with the Service Provider.
• The Service Provider shall undergo registration in the System with assignment of a unique identifier.

For the purposes of the Payment Organization, the risk management system shall mean a set of measures adopted by the payment organization for the purpose of timely identification, measurement, control, and monitoring of risks in order to ensure financial soundness and stable functioning. For effective risk management, the payment organization shall carry out:

• identification, measurement, control, and monitoring of risks;
• control over all monetary transactions;
• development and practical implementation of measures aimed at preventing and minimizing risks;
• and assessment of the effectiveness of their application.

7.1. The main objective of risk regulation in the payment organization is to maintain an acceptable level of profitability together with safety and liquidity indicators in the course of managing the assets and liabilities of the Payment Organization, i.e., to ensure minimization of losses.

7.2. The risk management process in the payment organization includes:

• anticipation of risks and determination of their probable scope and consequences;
• development and implementation of measures to prevent or minimize the losses associated therewith.

7.3. In developing a risk management strategy, it is necessary to timely and consistently use all opportunities for the development of the payment organization while simultaneously keeping risks at an acceptable and manageable level.

7.4. The risk management system is characterized by such elements as measures and methods of management. Risk management measures include:
- determination of the organizational structure of risk management ensuring control over compliance by agents and subagents of the payment organization with the risk management requirements established by the risk management rules of the payment organization; communication of relevant risk information to the management bodies of the payment organization;
- determination of indicators and the procedure for ensuring uninterrupted functioning of the Payment Organization;
- determination of risk analysis methodologies; determination of the procedure for exchange of information necessary for risk management; determination of the procedure for interaction in disputed, non-standard, and emergency situations, including cases of system failures; determination of the procedure for changing operational and technological means and procedures; determination of the procedure for ensuring information protection in the Payment Organization.

7.5. Requirements applicable to the storage of information on card details and on transactions carried out using such cards.

7.6. The Organization shall ensure compliance with the following basic requirements applicable to the storage of information on card details and on transactions carried out using such cards:
- Under no circumstances store:

• the full contents of any track of the magnetic stripe located on the reverse side of the card;
• the Card Validation Code, being the 3-digit number printed on the signature panel located on the card;

- Store only that part of the payment card information which is material for business purposes (i.e., the payment card holder’s name, the payment card number in encrypted form, and the expiry date).
- Ensure protection of the information stored by the Organization regarding payment card details and transactions carried out using such cards in accordance with the requirements of PCI DSS (Payment Card Industry Data Security Standard).
- Store all materials containing information on payment card details and transactions carried out using such cards in a secure place accessible only to authorized persons.
- Destroy or erase all media containing outdated data on transactions carried out using cards.

7.7. In the event of suspicion of fraudulent actions by the wallet holder and/or third parties, or upon detection of a malfunction of software and hardware facilities, in order to ensure the security of the electronic money payment organization, the Issuing Bank shall independently block the Electronic Wallet or send a written request to the Operator to block the Electronic Wallet of the EM Holder, indicating the reason for which the electronic wallet must be blocked. In the event the Operator receives such request from the Issuing Bank to block the electronic wallet of the EM Holder, the Operator shall be obliged to block the specified electronic wallet.

7.8. Exceeding by the EM Holder the limits on the types and amounts of transactions with electronic money, as well as detection by the Operator of the disclosure by the electronic wallet holder of his/her own authorization parameters (username, password) to other persons, shall also entail blocking of the electronic wallet by the Operator.

7.9. Risk regulation for the purpose of safeguarding the Client’s funds shall be carried out by means of automatic blocking of acceptance by the System in the event that the amount of the security deposit has been exhausted.

7.10. Risk management in the payment organization shall be carried out by such methods as management of the sequence of execution of instructions by officials; carrying out settlements within the limits of the funds provided by agents of the payment organization; carrying out settlements in the payment organization by the end of the business day; ensuring the possibility of providing a limit; and other methods of risk management.

8.1. Where there are mandatory provisions of the legislation in force within the territory of the state that exclude the application of contractual terms in relations connected with the activities of the payment organization, such mandatory provisions shall prevail over the terms of the Rules.

8.2. Disagreements between Participants of the payment organization connected with the activities of the payment organization or settlements between the Participants, which may serve as grounds for the need for judicial consideration of disputes between the Participants, shall be reviewed by the payment organization in the claims procedure.

8.3. A claim of a Participant of the Payment Organization, set out in writing on its official letterhead and signed by its authorized officer, shall be sent to the other party by registered mail or by any other method confirming delivery of the claim to the addressee. The claim must be submitted within 10 (ten) business days after the occurrence of the grounds for the claim and shall contain an indication of the circumstances serving as the basis for its submission, as well as the date of occurrence of such circumstances. Claims received after the expiry of the above period shall not be considered.

8.4. Consideration of claims shall include examination of the circumstances making it possible to establish the performance (or non-performance) by the Participants of the payment organization of their functions and obligations arising from these Rules and the agreements concluded with them. The payment organization shall be entitled to request from the Participants of the Payment Organization any information necessary to clarify such circumstances.

8.5. A decision on a claim must be adopted within 15 calendar days after receipt of the claim and sent to the Participant in writing.

8.6. If it is impossible to settle disagreements through the claims procedure, disputes shall be resolved through judicial proceedings at the location of the Payment Organization in accordance with the legislation of the Republic of Kazakhstan.

9.1. The Payment Organization shall take all measures to ensure that the Participants in Settlements of the System maintain confidentiality with respect to information about other Participants that is not publicly available and has become known to them in connection with accession to these Rules, except where such information:

• is disclosed upon the request of or with the permission of the Participant in Settlements who is the owner of such information;
• is subject to provision to third parties to the extent necessary for the performance of obligations provided for by these Rules;
• is required to be disclosed on the grounds provided for by the legislation of the Republic of Kazakhstan.

9.2. Access to the Electronic Wallet and performance of any transactions using the Electronic Wallet shall be possible exclusively after Authentication of the EM Holder.

9.3. Authentication of the EM Holder when accessing the Electronic Wallet shall be carried out by software provided by the Payment Organization using the authorization data of the EM Holder: login, password, mobile phone number and, where necessary, special SMS messages.

9.4. The Operator shall ensure uninterrupted functioning of the System on a 24/7/365 basis (24 hours a day, 7 days a week, 365 days a year), except during maintenance periods.

9.5. The Operator shall ensure protection of information on the means and methods of ensuring information security, personal data, and other information subject to mandatory protection in accordance with the legislation of the Republic of Kazakhstan, which may become known to it in the course of conducting activities in the EM payment organization.

9.6. The Participants in Settlements undertake to take all necessary measures to ensure security and protect information and documents exchanged within the payment organization or accessible to the Participants in Settlements in connection with the use of the payment organization, as well as for the purpose of detecting (preventing) fraud and counteracting the legalization of proceeds derived from crime and the financing of terrorism.

9.7. The means and measures for preventing unauthorized access to the software and technical facilities used in the payment organization, including software and technical protection tools, shall ensure the level of information protection and preservation of its confidentiality in accordance with the requirements established by the legislation of the Republic of Kazakhstan. The Participants in Settlements undertake to take all necessary measures to preserve confidentiality, prevent unauthorized use, and protect identification data from unauthorized access by third parties.

9.8. In the event of loss of authorization data by a Participant, the Operator shall provide such Participant with the opportunity to restore access to the Electronic Wallet.

9.9. The Payment Organization, acting as the Operator of electronic money systems, shall ensure the creation and functioning of an information security management system, which forms part of the overall management system of the Operator of electronic money systems and is intended to manage the process of ensuring information security.

9.10. The information security management system shall ensure protection of the information assets of the Operator of electronic money systems allowing for a minimal level of potential damage to the business processes of the Operator of electronic money systems.

9.11. The Payment Organization, acting as the Operator of electronic money systems, shall ensure an appropriate level of the information security management system, as well as its development and improvement.

9.12. The Payment Organization, acting as the Operator of electronic money systems, for the purpose of ensuring the confidentiality, integrity, and availability of information, shall perform the following functions:

• organizes the information security management system, carries out coordination and control of information security activities and measures for identifying and analyzing threats, countering attacks, and investigating information security incidents;
• ensures methodological support for the information security process, formalizes and keeps up to date the following processes: Access Management for employees and third parties, Change Management in information assets, Vulnerability Management, Incident Management, Backup and Archiving Management of information assets, Training and Awareness Enhancement of personnel;
• selects, implements, and applies methods, tools, and mechanisms for managing, ensuring, and controlling information security within the scope of its authority;
• collects, consolidates, stores, and processes information on information security incidents;
• analyzes information on information security incidents;
• ensures the implementation and proper functioning of software and technical tools automating the information security process, as well as the provision of access thereto;
• determines restrictions on the use of privileged accounts;
• organizes and conducts activities to raise awareness of employees of the Operator of electronic money systems on information security issues;
• monitors the state of the information security management system of the Operator of electronic money systems;
• periodically (but at least once a year) informs the management of the Operator of the electronic money system about the state of the information security management system.

9.13. The Payment Organization, acting as the Operator of electronic money systems, shall manage information security risks by specifying acceptable level criteria in relation to information assets.

9.14. Upon realization of information security risks, an action plan aimed at minimizing the occurrence of similar risks shall be developed.

9.15. The Payment Organization shall take the necessary measures to ensure proper consolidation, systematization, and storage of information on information security incidents obtained in the course of monitoring information security activities.

9.16. The retention period for information on information security incidents shall be at least 5 (five) years.

9.17. The Payment Organization, acting as the Operator of electronic money systems, shall determine the procedure for taking urgent measures to eliminate an information security incident, its causes, and consequences. This procedure shall be regulated in the form of a business process and approved by an Order of the chief executive officer of the Payment Organization.

9.18. The Payment Organization, acting as the Operator of electronic money systems, shall maintain a log of information security incidents reflecting all information about the information security incident, the measures taken, and the proposed corrective measures.

9.19. The Payment Organization, acting as the Operator of electronic money systems, shall provide the National Bank with information on the following identified information security incidents:

• exploitation of vulnerabilities in application and system software;
• unauthorized access to an information system;
• a denial-of-service attack on an information system or data transmission network;
• infection of a server with malicious software or code;
• an unauthorized transfer of electronic money resulting from a breach of information security controls;
• information security incidents posing a threat to the stability of the activities of the operator of the electronic money system.

9.20. The above information on information security incidents shall be provided by the Payment Organization as soon as possible, but no later than 48 hours from the moment of detection, in the form of an information security incident card.

9.21. Information on processed information security incidents shall be submitted in electronic format using the platform of the National Bank for the exchange of information security events and incidents.

9.22. The Payment Organization shall take measures to record each information security incident.

9.23. The Payment Organization reserves the right to delegate the provision of information security to a third party.

10. Software and Technical Means of the Payment Organization and Equipment Necessary for the Provision of Payment Services

10.1. The System provides the possibility of interaction between the participants of the system in accordance with uniform standards and algorithms, regardless of the payment system through which payment for an order or payout to a user is made.

10.2. The operation of the System is based on electronic invoices created upon requests from merchants and services, on the one hand, and settlements with identified or unidentified users, on the other hand.

10.3. Requests may be made either in a fully automated mode using the API or manually through a special web interface (personal account). Information on a payment is provided to the participants of the system online.

10.4. Drivers for connecting payment systems have the capability to interact with various types of payment infrastructure, including:
- internet acquiring of bank cards;
- cash payment acceptance systems:

• cash settlement departments of banking institutions;
• payment terminals;
• money transfer systems;

- electronic money and mobile payment systems;
- bank card acquiring for payment acceptance points.

10.5. Drivers for connecting payment systems also allow the use of payout infrastructure from services in favor of users by means of:

• online payouts to bank cards;
• payouts to ATMs via SMS code;
• payouts to the recipient’s IBAN accounts.

10.6. The functionality of the System consists of the following main modules and services:
- Merchant interfaces:

• API and Mobile SDK for connecting merchants and services;
• CMS modules and packages for connection;
• client interface for merchants and services (personal account);
• payment refund API;
• payer notification option;
• invoice issuing option;
• generation of payment QR codes (static and dynamic);
• ticket generation and processing service;
• Android and iOS mobile application.

- Administrator interfaces:

• employee personal account for operation management and monitoring;
• statistics generation section;
• anti-fraud analytics service;
• role creation and management section;
• agent management section;
• online connection to the system.

- User interfaces:

• payment monitoring functionality.

11.1. Amendments and/or additions to the Rules may be made either by approving a new version of the Rules or by preparing the text of amendments and/or additions to the Rules.

11.2. The effective date of amendments and/or additions to the Rules shall be determined by the Payment Organization subject to the timeframes stipulated in the Agreement.

11.3. In the event of disagreement of a Participant in Settlements with amendments and/or additions to the Rules or tariffs, such Participant shall be entitled to refuse further use of the payment organization by redeeming the electronic money held by it and closing the electronic wallet with the Payment Organization.

11.4. Any subsequent amendments and/or additions to the Rules shall be made in accordance with the procedure established by this section of the Rules.

11.5. Continued use of the payment organization after the effective date of any amendments and/or additions to the Rules shall constitute the consent of the Participants in Settlements to such amendments and/or additions.

2. Services for the acceptance and processing of payments made using electronic money:

3. Services for processing payments initiated by the client in electronic form and transmitting the necessary information to a bank or an organization carrying out certain types of banking operations for making a payment and (or) transfer or accepting money in respect of such payments within the framework of the Payment Acceptance and Payout services provided to Service Providers and Clients (individuals):

4. Services for the acceptance of cash for making a payment without opening a bank account of the sender of money: