Security & Compliance

PCI DSS, 3DS 2.2, CBRT compliant payment infrastructure with HSM key management and full audit trail.

Built for regulated environments

Every architectural decision was made with compliance in mind — not bolted on after.

Hosted fields and tokenization keep raw card data off your infrastructure entirely.

Full frictionless and challenge flow support. Step-up triggered automatically by risk score.

Transaction monitoring, suspicious activity detection, and behavioral fraud signals aligned with Central Bank requirements.

Every state transition, every routing decision, every risk signal — persisted and queryable.

All cryptographic keys stored in Hardware Security Modules. No software key exposure.

PAN, CVV, and all PII are automatically redacted from logs, APM, and exception traces.

Redis-based distributed locking prevents race conditions across multi-pod deployments.

Per-merchant IP allowlisting for API access. Scoped API keys with fine-grained permissions.

Append-only event store. Every state transition is hash-chained and tamper-evident.

Regular third-party penetration tests. Reports available under NDA.