Terms and Conditions (“Agreement”)
This Agreement was last modified on February 24th, 2020.
This Agreement documents the legally binding terms and conditions related to the use of the app mobysign app (App) on your smartphone, eventually in support of any other device, and of mobysign service in general. By using or accessing the App in any way you are agreeing to be bound by these Terms of Service.
The App and all of its original content are the sole property of mobysign limited and are, as such, fully protected by the appropriate international copyright, patents and other intellectual property rights laws.
Any service integrated with mobysign reserves the right to terminate your use, without any advance notice.
Links to Other Websites
Use of mobysign
mobysign is an authentication layer capable of turning your Smartphone into an easy to use and secure device to pay, login, make dispositions and sign documents. mobysign can be integrated by service providers and websites, where mobysign user will be able to confirm such operations by the fingerprint (for smartphones with relevant reader) or typing a PIN, chosen by the user during the registration phase of the App. The PIN can be changed by the user whenever the user wishes.
You may receive an Activation Code as the effect of an identification of your identity by a provider (e.g. your bank) and you shall be able to register on mobysign App using that Activation Code and a username (“user”) provided by the identity provider to use its service. Terms and conditions of such mobysign service will be those related to that service provider; please read it carefully. The person using mobysign can be identified, after another identification, via other specific mobysign user and other Activation Code for another service provided by another service provided; also in this case the user shall be able to register on such other service via mobysign App using that Activation Code and a user. The person using mobysign can have more Activation Codes and mobysign users. If the identification made by a service provider requires the check of the phone number related to the smartphone where mobysign is installed or is going to be installed, such phone number shall be verified; in fact the App will send a SMS automatically or under confirmation. In this case please verify you have enough credit and the SMS service as active with your mobile operator for sending a SMS.
During the first registration on the App the user has to choose a nickname in order to be identified on those services where the nickname can be used instead of the specific mobysign user of such service.
During the first registration phase on the App the user can choose to be identified also via a real or virtual phone number for services where it is accepted, except that the case the registration service provider requires to check the phone number that will be mandatory; if the user chooses to use the phone number or it is mandatory from the registration provider, the user has to update the phone number via App functionality in case of change of such phone number as soon as the change has been performed. If the user chooses to be identified via virtual phone number, this will be displayed on the smartphone; the user has to take note of this; note that in this case if the user registers, after first registration, under a further registration service requiring the real phone number check, the user shall be identified via the real phone number, losing the virtual one, if such registration is successful. In general, the user can register one or more credit/debit cards under his/her mobysign account and grants permission to Mobysign in order to store the data of the aforementioned cards; the user accepts card data registered will be used under his/her confirmation to pay all different merchants federated to mobysign network. Said confirmation will be made via strong authentication through the mobile device where the App is operating. The user can choose to activate biometric recognition functions that require the subscription of an annual recursive payment; in this case the user will confirm the first payment upon activation, while the following payments will be carried out in automatic recursive mode: the user can at any time interrupt the subscription to this service from the App and thus deactivate the relevant following payments.
Any complaint or refund request related to purchases done through Mobysign shall be sent via email to firstname.lastname@example.org within the time limits dictated by local, national and international laws, by regulations and conditions of the merchant, in any case no more than 12 months since the date of the purchase. Any damage associated with the use of mobysign will not be subject to any compensation.
Frauds and chargebacks
- When the user registers, the parameters relating to his/her authentication are defined. Such authentication, in the case of payments, represents a SCA (“Strong Customer Authentication”) compliant with the European directive PSD2
- During the registration of one or more credit/debit cards carried out by the user, Mobysign will perform a first test transaction through 3DS verification of the user’s credit card number. The amount of the test cannot exceed the amount of € 0.02 which will in any case be immediately refunded at the end of the test. 3DS authentication is the SCA provided by the issuer who issued the card, who is responsible for recognizing the user as the cardholder.
If the test is successful, we match the user to the Mobysign SCA on the same mobile phone from which the test transaction was tested.
- The fact that the user is the legitimate cardholder is guaranteed by the 3DS test, therefore from the positive test on, the user will use the Mobysign SCA for all transactions performed with Mobysign, regardless of who the merchant is.
- Payment transactions made by the user with Mobysign are not within the scope of PSD2 and therefore do not require the SCA, but in any case, Mobysign will apply the Mobysign SCA for each transaction to ensure a high level of security.
- The user agrees to use the Mobysign SCA for all transactions made with the Mobysign app, attributing to the same SCA at least the same value as the SCA provided by the card issuer.
- The user accepts the rules of the credit and debit card circuits including those relating to frauds and chargebacks. In any case, for what is illustrated in the previous points, it is not possible to or ask for a chargeback or deny having carried out a Mobysign transaction motivating that the SCA of the payment transaction was not carried out with the SCA of the issuer.
Technical Data Sheet illustrating the FEA Insurance service
For the Fea Insurance service, refer to the information contained in the previous paragraph Use of Mobysign considering in addition the following peculiarities.
The service concerns the signing of documents according to the requirements shared with the participating insurance agencies.
The Mobysign app must be installed on the signer’s smartphone and used by the signatory to complete the subscription through the solution, through confirmation made with two authentication factors such as fingerprint (biometric factor), face recognition (biometric factor) or PIN (knowledge factor) chosen by the signatory during installation, and in any case through the signatory’s smartphone (possession factor) whose possession is proven through the private key stored therein in a special security memory.
The signing phase consists of an encryption process in which this private key with a length of not less than 2048 bits is used, while the public key of the signatory related to the private key allows the verification of the signature through the Mobysign system. The holder of the electronic signature through the private key and the third party through the public key, respectively, make manifest and verify the origin and integrity of an IT document or a set of IT documents.
The solution complies with the regulatory provisions of eIDAS, CAD and other regulations applicable in Italy and guarantees:
- identification of the signatory of the document: the identification of the signatory is performed with the physical presence or video call of the latter by the provider or by one of the subjects delegated by the latter. The identification of the signatory is carried out by using a valid identity document (identity card, passport or driving license) and the tax code, as well as any documents proving the company position if the signature is used for business purposes and not personal;
- the unique connection of the signature to the signatory: the affixing of the advanced electronic signature to the IT document takes place remotely, ie by fingerprint or PIN or facial recognition by the signatory through their mobile phone. These systems ensure that the FEA is affixed to the electronic document using a tool which, with a high level of security, can only be used by the signatory subject; moreover, during the registration to the app the user must prove with an SMS the correspondence of his mobile phone number, as well as the possession of the email declared to the registration operator, on which he will receive a QRcode to click or frame to start the registration process ;
- the exclusive control of the signer of the signature generation system: that only the signer has exclusive control of the signature generation system is guaranteed, as required by the applicable legislation, by two different authentication factors, i.e. by the use of a mobile phone device under the control of the signatory (possession factor) and a biometric factor (fingerprint or face recognition), the latter possibly replaced by the PIN (knowledge factor);
- the possibility of verifying that the signed electronic document has not undergone any changes after the signature has been affixed: the FEA solution adopted by the lender makes use of cryptographic signature mechanisms (cryptographic keys) which ensure, after the moment of signing, the inalterability of the signed documents. The asymmetric encryption algorithm used is RSA and the length of the encryption keys is not less than 2048 bits;
- the possibility for the signer to obtain evidence of what he is about to sign: the documentation signed by the signatory through the advanced electronic signature tool is made available to the signer via email and on the Mobysign app; </ li>
- the provider of the FEA solution is the Agency that identifies the user;
- the absence of any element in the subject of the subscription aimed at modifying the acts, facts or data represented therein: the documents subject to subscription are produced using the formats provided for by the technical rules of the CAD on training, transmission copy, duplication, reproduction and time validation of IT documents (DPCM 13.11.2014);
- the unique connection of the signature to the signed document: the unique connection is guaranteed by the use, at the end of the subscription process, of double key encryption and decryption algorithms.
For use, the user receives a notification on the phone and an email. Or by reading the notification or email, you can read the document to be signed and click on all the points where your signature is required. Later you can confirm on the app with the double authentication factor.
This Agreement is governed in accordance with the laws of the UK and local laws.
Changes to This Agreement