Trust & compliance
Compliance posture across every direct rail
Rail-specific scheme rules — NACHA, SEPA mandate handling, Bacs indemnity — layered
on top of the platform's PCI DSS Level 1 posture where card also applies.
- NACHA compliance
- ACH authorisations captured per WEB / TEL / PPD shape rules; R-code handling per NACHA operating rules; retry limits observed.
- SEPA mandate handling
- SDD Core and SDD B2B mandate IDs captured and retained per scheme rules; refund windows honoured.
- PCI DSS Level 1
- Vault, switch and tokenisation are PCI DSS Level 1 service-provider components — inherited even when the merchant runs bank rails only.
- Sanctions & AML alignment
- Sanctions screening at onboarding; AML monitoring tuned per merchant vertical and counterparty pattern.
- Audit-grade event log
- Every direct-rail attempt logged with timestamp, mandate reference and rail response code — SOC / ISAE evidence-ready.
- Licensed verticals only
- Licensed gaming, regulated financial services and other compliance-bound verticals supported only where current operating licences exist. Grey and black-market verticals are out of scope regardless of rail choice.