Security
Compliance
Learn about Notch Pay’s compliance measures and regulatory requirements
Notch Pay is committed to maintaining the highest standards of regulatory compliance and security. This guide outlines our compliance framework and the measures we take to ensure that all transactions processed through our platform adhere to relevant laws and regulations.
Regulatory Framework
Notch Pay operates within a comprehensive regulatory framework designed to ensure the security, integrity, and legality of all financial transactions.Compliance Standards
Our platform adheres to multiple international and regional compliance standards:- PCI DSS (Payment Card Industry Data Security Standard): Ensures secure handling of payment information
- ISO 27001: International standard for information security management
- GDPR Principles: Application of data protection and privacy principles
- Local Financial Regulations: Compliance with specific regulations in each country of operation
Know Your Customer (KYC)
Notch Pay implements robust KYC procedures to verify the identity of users and prevent fraud, money laundering, and terrorist financing.KYC Requirements
Depending on account type and transaction volumes, we may require:Individual Accounts
- Full legal name
- Date of birth
- Current address
- Phone number
- Email address
- Government-issued ID (National ID, Passport, Driver’s License)
- Proof of address (utility bill, bank statement)
- Selfie or photo verification
Business Accounts
- Business name and registration number
- Business address and contact information
- Business type and industry
- Business registration documents
- Tax identification number
- Ownership structure and beneficial owners
- Director/officer information
- Bank account information
Verification Levels
Notch Pay employs a tiered verification approach:- Identity Verification: Government ID and personal information verification
- Enhanced Verification: Additional documentation for high-volume accounts or high-risk activities
Ongoing Monitoring
KYC is not a one-time process. We continuously monitor accounts for:- Changes in transaction patterns
- Updates to business information
- Expiration of verification documents
- Risk indicators that may require additional verification
Anti-Money Laundering (AML)
Our AML program is designed to detect and prevent the use of our platform for money laundering activities.AML Measures
Key components of our AML program include:- Transaction Monitoring: Automated systems to detect suspicious transaction patterns
- Risk-Based Approach: Enhanced due diligence for high-risk customers and transactions
- Screening: Checking against sanctions lists, politically exposed persons (PEPs), and adverse media
- Suspicious Activity Reporting: Procedures for reporting suspicious activities to relevant authorities
- Record Keeping: Maintaining comprehensive records of all transactions and customer information
Red Flags
Our systems monitor for common money laundering red flags, including:- Unusual transaction patterns or volumes
- Transactions with high-risk countries
- Structuring (breaking down large transactions into smaller ones)
- Rapid movement of funds
- Inconsistencies in customer information
- Transactions that don’t align with the customer’s profile
Counter-Terrorist Financing (CTF)
Notch Pay implements specific measures to prevent the use of our platform for terrorist financing.CTF Measures
Our CTF program includes:- Sanctions Screening: Checking all users against global sanctions lists
- Continuous Monitoring: Regular rescreening of existing customers
- Risk Assessment: Evaluating the terrorist financing risk of different customer types and transactions
- Staff Training: Specialized training for staff on identifying terrorist financing indicators
Data Protection and Privacy
Notch Pay is committed to protecting user data and maintaining privacy in compliance with relevant regulations.Data Protection Measures
Our data protection framework includes:- Encryption: End-to-end encryption of sensitive data
- Access Controls: Strict controls on who can access customer data
- Data Minimization: Collecting only necessary information
- Retention Policies: Clear policies on how long data is kept
- User Rights: Processes for users to access, correct, or delete their data
- Breach Notification: Procedures for notifying users and authorities in case of data breaches
Privacy by Design
We incorporate privacy considerations into all aspects of our product development:- Privacy impact assessments for new features
- Default privacy-enhancing settings
- Regular privacy audits and reviews
Fraud Prevention
Notch Pay employs advanced fraud prevention measures to protect both our platform and our users.Fraud Detection Systems
Our multi-layered fraud detection approach includes:- Machine Learning Algorithms: To identify unusual patterns and potential fraud
- Device Fingerprinting: To detect suspicious devices
- Behavioral Analysis: To spot abnormal user behavior
- Velocity Checks: To identify rapid or repeated transaction attempts
- IP Analysis: To detect suspicious locations or VPN usage
Fraud Prevention Measures
We implement various measures to prevent fraud:- Two-Factor Authentication: Additional security layer for account access and transactions
- Transaction Limits: Customizable limits to control transaction amounts
- Verification Steps: Additional verification for high-risk transactions
- Chargeback Protection: Systems to prevent and manage chargebacks
- Merchant Monitoring: Ongoing review of merchant activities and risk profiles
Compliance for Merchants
If you’re a merchant using Notch Pay, you have specific compliance responsibilities.Merchant Requirements
As a merchant, you should:- Provide Accurate Information: Ensure all business information is accurate and up-to-date
- Maintain Proper Documentation: Keep records of transactions and customer interactions
- Follow Terms of Service: Adhere to Notch Pay’s terms regarding prohibited activities
- Implement Security Measures: Protect your account credentials and customer data
- Report Suspicious Activity: Alert Notch Pay to any suspicious transactions or account activity
Prohibited Activities
Notch Pay prohibits the use of our services for:- Illegal goods or services
- Intellectual property infringement
- Adult content or services (unless properly licensed)
- Gambling (unless properly licensed)
- Pyramid or Ponzi schemes
- Virtual currencies (without proper authorization)
- High-risk or deceptive business practices
Compliance for Developers
Developers integrating with Notch Pay’s API have specific compliance considerations.Developer Requirements
When integrating with our API, developers should:- Secure API Keys: Protect API keys and never expose them in client-side code
- Implement Proper Authentication: Secure your applications with proper authentication
- Validate User Input: Prevent injection attacks and other security vulnerabilities
- Handle Data Securely: Encrypt sensitive data and implement proper access controls
- Follow API Guidelines: Adhere to our API usage guidelines and rate limits
Security Best Practices
We recommend the following security practices:- Use HTTPS for all API requests
- Implement webhook signature verification
- Regularly rotate API keys
- Monitor API usage for unusual patterns
- Keep libraries and dependencies updated
Reporting Compliance Issues
Notch Pay encourages the reporting of compliance concerns or potential violations.How to Report
You can report compliance issues through:- Email: compliance@notchpay.co
- Dashboard: Use the “Report Issue” feature in your account dashboard
- Phone: Contact our compliance team at the number provided in your account
Whistleblower Protection
We are committed to protecting those who report compliance concerns in good faith from retaliation or negative consequences.Staying Updated
Compliance requirements evolve over time. Stay updated with Notch Pay’s compliance changes through:- Email Updates: Regular communications about important compliance changes
- Dashboard Notifications: Alerts about new requirements or verification needs
- Documentation: This compliance guide is regularly updated
- Blog: Our blog features posts about significant regulatory changes