PAYMENT SECURITY POLICY

1. Security Commitment

The card payment system is provided by payment gateway partners ("Payment Gateway Partners") that are legally licensed to operate in Vietnam. Accordingly, the card payment security standards applied on the 1Zone E-commerce Platform comply with applicable industry security standards.

2. Security Regulations

The payment transaction policy for international cards and domestic cards (Internet Banking) complies with the security standards of the Payment Gateway Partners, including:

• Customers' financial information shall be protected throughout the transaction process through the SSL (Secure Sockets Layer) protocol.
• Compliance with the Payment Card Industry Data Security Standard (PCI DSS) certified by Trustwave.
• One-Time Passwords (OTP) are sent via SMS to ensure authenticated account access.
• 128-bit MD5 encryption standards.
• Information security principles and regulations in the banking and financial sector in accordance with the regulations of the State Bank of Vietnam.

The payment transaction security policy of the 1Zone E-commerce Platform applicable to Customers is as follows:

• The 1Zone E-commerce Platform provides a token storage utility and only stores encrypted token strings provided by the Payment Gateway Partners. 1Zone does not directly store Customers' card information. The security of Customers' payment card information is managed by licensed Payment Gateway Partners. For international cards, card information that may be used to establish transactions is not stored on the systems of the 1Zone E-commerce Platform. Such information shall be stored and secured by the Payment Gateway Partners.
• For domestic cards (Internet Banking), the 1Zone E-commerce Platform only stores the order code, transaction code, and bank name.

The 1Zone E-commerce Platform is committed to strictly implementing all necessary security measures for payment activities conducted on the 1Zone E-commerce Platform.