PSD2 / PSD3 · SCA
Strong customer authentication
We apply SCA exemptions where the rules allow them. Low-value and trusted-beneficiary flows skip a challenge. The rest route through 3DS2. You keep the lift on approval rates without breaking the law.
Compliance as infrastructure
topropay is a pure orchestration layer for high-volume merchants. We absorb PSD2, PCI DSS and 3DS2 into one API. You keep your acquirers and your approval rates. You carry far less of the audit.
Every framework, one layer
EU payments span a thicket of regulation. We fold each rule set into the orchestration layer, so a single integration keeps you aligned across markets. For the buyer-facing summary see payment card industry PCI compliance; for card-flow scope see the credit card payment processor guide.
PSD2 / PSD3 · SCA
We apply SCA exemptions where the rules allow them. Low-value and trusted-beneficiary flows skip a challenge. The rest route through 3DS2. You keep the lift on approval rates without breaking the law.
PCI DSS Level 2
Card details are captured and vaulted inside our PCI-audited scope. Your systems see a token, never a PAN. That shrinks your own audit to the smallest SAQ tier we can support.
3DS2 · EMV
One 3DS2 layer sits above all your routes. We request the right flow per transaction. Liability shifts to the issuer when the check passes. Cascading still recovers a soft decline behind it.
GDPR
Cardholder and transaction data is processed under GDPR. We hold a clear data-processing agreement. Retention is scoped to what payments and reconciliation truly need. Nothing is sold on.
KYC / AML
Our framework supports merchant onboarding checks and ongoing transaction monitoring. Suspicious patterns are flagged for review. You stay aligned with acquirer and scheme rules across markets.
Reconciliation
Every authorisation, retry, settlement and fee is logged in one ledger. Auditors get a clean, exportable record. Disputes get resolved against facts, not guesswork. One feed, every acquirer.
The orchestration boundary
There is no white-label lock-in here. The compliance weight moves to us. Your commercial relationships and your customer experience stay exactly where they are.
topropay absorbs
You retain
Onboarding
We map your current acquirers, card flows and audit obligations in one session. You see exactly which scope moves to us.
You point checkout at one API. Card data lands inside our PCI scope. No PAN ever touches your servers again.
Routing, SCA and 3DS2 switch on together. You ship across EU markets with the compliance layer already in place.
Before you call
No. We sit above them. You keep every PSP and acquirer relationship you already hold. We orchestrate the traffic and carry the compliance layer on top.
Card data is captured and vaulted in our audited scope. Your systems handle tokens only. Most merchants drop to a far smaller self-assessment as a result.
Done well, it helps. We claim valid exemptions first and only challenge when needed. Cascading then recovers soft declines behind the authentication step.
Book a discovery call. We map your acquirer setup, scope the compliance you can hand over, and model the approval-rate uplift from smart routing. One session, no rebuild.
Related