- PCI DSS Level 1
- Where the QR resolves to a card authorisation, the platform vault and switch operate at PCI DSS Level 1 posture; sub-merchants inherit it.
- EMVCo QR compliance
- Merchant-Presented QR (MPM) format compliance for interoperability with major banking / wallet apps.
- PIX & UPI partner posture
- PIX and UPI QR flows are delivered through licensed partner gateways; AML / KYC inherited from the partner's licence.
- SCA & PSD2
- Where a QR-scan flow lands on a card authorisation, selective 3DS2 applies as it would on any other card path.
- Sanctions & AML alignment
- Sanctions screening at onboarding; AML monitoring tuned per merchant vertical, volume and channel mix — QR included.
- Licensed verticals only
- Licensed gaming, regulated financial services and other compliance-bound verticals supported only where current operating licences exist. Grey and black-market verticals are out of scope regardless of QR channel.