All systems operational

Security & Trust

We build the best 3D Secure solution for fintech issuers and processors. This page provides a transparent view of our security practices, compliance certifications, and data protection.

Compliance

PCI DSS

Certified

PCI 3DS

Certified

ISO 27001

Certified

Trusted by leading fintechs

Resources

No documents match your filter.

Access Control

Zero Trust

All internal services authenticate via mTLS. No implicit trust between services.

Identity Management

Centralised identity provider with SSO, SCIM provisioning, and domain verification.

Privileged Access

Just-in-time access for production. All sessions recorded and reviewed.

Data Security

Encryption at Rest

AES-256 encryption. Keys managed via AWS KMS with automatic annual rotation.

Encryption in Transit

TLS 1.3 enforced on all connections. HSTS headers with 12-month max-age.

Tokenisation

Cardholder data tokenised at point of entry using PCI-validated tokenisation. No plaintext storage.

Infrastructure

Cloud Hosting

Hosted on a major cloud provider within the EU. Multi-AZ deployment with automated failover.

Tenant Isolation

Strict data separation at every layer. Dedicated encryption keys per tenant.

DDoS Protection

Cloudflare enterprise with automatic mitigation and always-on WAF.

Product Security

Audit Logging

Every authentication event, API call, and configuration change is logged with full audit trail.

Role-Based Access Control

Granular permissions with principle of least privilege enforced across all systems.

SSO & MFA

SAML 2.0 single sign-on and mandatory multi-factor authentication for all admin access.

Risk Profile

Data classificationSensitive — payment card data

Hosting regionEuropean Union

RedundancyMulti-region with automated failover

Recovery targetsAvailable under NDA

Pen testingAnnual + continuous scanning

Availability SLA99.99%%

Subprocessors

Amazon Web Services EMEA SARLCloud Infrastructure

Provision of cloud infrastructure to facilitate the Company's processing of Customer Personal Data to deliver the Services.

38 Avenue John F. Kennedy, L-1855, Luxembourg

LexisNexis Risk Solutions Europe LimitedFraud Services

Processing of Customer Personal Data to provide fraud services and to support the creation and enhancement of fraud services and products.

80 Harcourt Street, Dublin 2, Dublin, D02 F449, Ireland

Forter Solutions UK Ltd.Fraud Services

Processing of Customer Personal Data to provide fraud services and to support the creation and enhancement of fraud services and products.

30 Old Bailey, London EC4M 7AU, UK

Twilio Ireland LimitedSMS Delivery Services

Sending transactional SMS to cardholders to allow the cardholder to authenticate the transaction.

25-28 North Wall Quay, Dublin 1, Ireland

Sinch Sweden AB (Mailgun)Email Delivery Services

Provision of email API services for transactional email delivery as part of authentication and notification workflows.

Lindhagensgatan 74, 112 18 Stockholm, Sweden

Cloudflare, Inc.DDoS Protection & API Security

DDoS protection and API security services to safeguard the Company's infrastructure and Customer Personal Data during transit.

101 Townsend St, San Francisco, CA 94107, USA

Knowledge Base

Updates

18 March 2025Compliance

PCI DSS v4.0 recertification complete

We have completed PCI DSS v4.0 recertification. The updated attestation is available under NDA.

20 February 2025Compliance

PCI 3DS certification renewed

Annual PCI 3DS certification renewed across all supported schemes. No customer action required.

14 February 2025General

3DS authentication latency reduced

Average response times reduced by 35%% following infrastructure upgrades. Zero downtime.