- PCI DSS Level 1
- Vault, switch and tokenisation are PCI DSS Level 1 service-provider components; the charity inherits the posture across every donate channel.
- SCA & PSD2
- Selective EMV 3DS2 on the European card side keeps approval high on donate surfaces without skipping the SCA bar.
- NACHA / SEPA / Bacs mandates
- Recurring bank-rail donations captured and retained per scheme rules; mandate IDs travel with each renewal.
- Sanctions & AML alignment
- Sanctions screening on onboarding; AML monitoring tuned per charity vertical, cross-border volume and donor pattern.
- Donor-data minimisation
- Only the metadata the charity needs is captured. Donor-consent flags travel with the vault token; withdrawal of consent is honoured across channels.
- Licensed verticals only
- Registered charities, licensed NGOs and other regulated non-profits supported where the appropriate registration exists in the operating jurisdiction. Fraudulent 'charity' fronts and unlicensed vehicles are out of scope.