- PCI DSS Level 1
- Annual on-site assessment plus quarterly ASV scans; sub-merchants inherit the posture regardless of integration shape.
- SCA & PSD2
- Selective 3DS2 on the authorisation path keeps approval high in Europe without skipping the compliance bar.
- Signed events
- Webhook events HMAC-signed with rotation; replay-safe with idempotency keys; SIEM-friendly out of the box.
- Scheme programme tracking
- Visa VDMP / VAMP and Mastercard ECP / EFMP thresholds tracked across the connected acquirer panel.
- Data residency
- Regional data-residency options for merchants under regulators that require it.
- Licensed verticals only
- Licensed gaming, regulated financial services and other compliance-bound verticals supported only where current operating licences exist. Grey and black-market verticals — including unlicensed gambling — are out of scope regardless of integration shape.