Payment Security and Data Protection

1. Payment Processing Organization

To ensure maximum security and convenience for our clients, EUROASIA INSURANCE partners with leading payment providers in Uzbekistan. When paying for insurance policies on our website eai.uz, you are redirected to the secure payment pages of our partners:

• Click - payment system
• Payme - payment system
• JSC "Octobank" - bank internet acquiring
• JSC "Uzum Bank" - bank internet acquiring

Important to know:

EUROASIA INSURANCE does not receive, process, or store your bank card data. All card data (card number, expiration date, CVV2/CVC2 code) is entered exclusively on the secure pages of payment providers and banks. We receive from our partners only confirmation of successful payment and the minimum information necessary to issue an insurance policy: transaction number, payment amount, and payment date.

This approach provides an additional level of protection for your financial data, because card processing is carried out by specialized organizations that have all necessary licenses and security certificates.

2. Payment Security

All our payment partners apply a multi-level system for transaction protection and fraud risk control.

PCI DSS Standard Compliance

The payment pages of our partners fully comply with the requirements of the international Payment Card Industry Data Security Standard (PCI DSS). This means that when processing your card data, the strictest information protection requirements established by the world's leading payment systems, including Visa, Mastercard, and UnionPay, are observed.

Data Encryption (SSL/TLS)

All data transmitted between your device and payment pages is protected by the TLS (Transport Layer Security) encryption protocol. You can verify this by checking for the https:// prefix in the browser address bar and the lock icon. This technology prevents third parties from intercepting or decrypting your data.

3D-Secure Technology

Our payment partners use 3D-Secure technology for additional authentication of cardholders. This is an international security protocol developed by payment systems:

• Verified by Visa - for Visa cards
• Mastercard SecureCode - for Mastercard cards
• Mir Accept - for MIR cards

How it works:

1. After entering card data on the payment page, you are automatically redirected to the secure page of your issuing bank.
2. The bank sends you a one-time password (OTP) via SMS or through a mobile application.
3. After entering this password, the transaction is confirmed.

This additional verification ensures that the payment is made by the legitimate cardholder, not by a fraudster who has stolen the card data.

Monitoring and Fraud Prevention

Our partners - Click, Payme, Octobank and Uzum Bank - use advanced anti-fraud systems that analyze each transaction in real time across multiple parameters:

• Verification against blacklists of compromised cards
• Analysis of the payer's geographical location (IP address)
• Control of limits by amount and number of operations
• Detection of suspicious behavior patterns

When signs of fraud are detected, the system can automatically decline the payment or request additional authentication to protect your funds.

3. Protection of Your Personal Data

EUROASIA INSURANCE takes all necessary legal, organizational, and technical measures to protect your personal data from unauthorized or accidental access, destruction, modification, blocking, copying, distribution, and other unlawful actions.

Personal Data Security Measures

The security of your data in our information systems is ensured by the following measures:

• Threat identification and analysis. We conduct regular assessment and analysis of potential personal data security threats at all stages of their processing. This allows us to timely identify new risks and take preventive protection measures.
• Application of comprehensive protection measures. We use a combination of organizational and technical measures that fully comply with the requirements of the legislation of the Republic of Uzbekistan in the field of personal data protection.
• Use of certified information security tools. To neutralize identified threats, we use information security tools that have undergone conformity assessment procedures in the established manner.
• Verification of security measures effectiveness. We regularly conduct internal and external audits to verify the effectiveness of applied security measures before putting new information systems into operation and during their use.
• Personal data media accounting. Strict accounting is maintained of all machine media containing personal data to prevent their loss or unauthorized use.
• Detection and elimination of security incidents. Monitoring systems have been implemented that allow timely detection of unauthorized access to personal data and immediate response to information security incidents.
• Data recovery. The ability to quickly restore personal data that may have been destroyed or modified due to unauthorized access or technical failures is ensured.
• Access regulation and action registration. Strict rules for access to personal data based on the principle of least privilege have been established. All actions performed with personal data in information systems are recorded in audit logs and subject to regular control.
• Continuous security level control. We carry out continuous monitoring of the security level of our information systems and respond promptly to changes in the information security threat landscape.

Data Transfer to Payment Providers

When making payments on our website, we transfer to payment providers only the minimum necessary information:

• Payment amount
• Service description (insurance policy)
• Unique order number in our system
• Contact information for communication, if necessary

Your bank card data is transmitted directly from your browser to the payment provider, bypassing our servers. We guarantee that this information is not stored or processed on our servers.

4. Your Actions to Ensure Security

Your vigilance also plays a key role in ensuring payment security. Please follow these recommendations:

• Keep card data secret. Never share your PIN code and CVV2/CVC2 code (three digits on the back of the card) with anyone. EUROASIA INSURANCE or payment provider employees never request this information by phone or email.
• Check the website address. Before payment, make sure you are on the official website eai.uz. After clicking the payment button, you will be redirected to the secure page of the payment provider. Verify that the address corresponds to the official domain: click.uz, payme.uz, octobank.uz, or uzumbank.uz.
• Beware of phishing. Do not click on suspicious links from emails or SMS messages allegedly sent on our behalf. Always enter the website address manually in the browser address bar.
• Use secure devices. Make payments only from personal computers and smartphones with installed and regularly updated antivirus software. Avoid payments through public computers or unsecured Wi-Fi networks.
• Enable SMS notifications. Activate SMS notifications from your bank to instantly receive notifications about all operations on your card. This will allow you to promptly detect unauthorized charges.
• Regularly check card statements. Periodically review transaction history in your bank's mobile application or internet banking to ensure there are no suspicious transactions.
• Use a separate card for online payments. Consider getting a separate card specifically for internet purchases with a limited limit. This minimizes potential losses in case of data compromise.