Notch Pay is committed to maintaining the highest standards of regulatory compliance and security. This guide outlines our compliance framework and the measures we take to ensure that all transactions processed through our platform adhere to relevant laws and regulations.

Regulatory Framework

Notch Pay operates within a comprehensive regulatory framework designed to ensure the security, integrity, and legality of all financial transactions.

Compliance Standards

Our platform adheres to multiple international and regional compliance standards:

  • PCI DSS (Payment Card Industry Data Security Standard): Ensures secure handling of card payment information
  • ISO 27001: International standard for information security management
  • GDPR Principles: Application of data protection and privacy principles
  • Local Financial Regulations: Compliance with specific regulations in each country of operation

Know Your Customer (KYC)

Notch Pay implements robust KYC procedures to verify the identity of users and prevent fraud, money laundering, and terrorist financing.

KYC Requirements

Depending on account type and transaction volumes, we may require:

Individual Accounts

  • Full legal name
  • Date of birth
  • Current address
  • Phone number
  • Email address
  • Government-issued ID (National ID, Passport, Driver’s License)
  • Proof of address (utility bill, bank statement)
  • Selfie or photo verification

Business Accounts

  • Business name and registration number
  • Business address and contact information
  • Business type and industry
  • Business registration documents
  • Tax identification number
  • Ownership structure and beneficial owners
  • Director/officer information
  • Bank account information

Verification Levels

Notch Pay employs a tiered verification approach:

  1. Identity Verification: Government ID and personal information verification
  2. Enhanced Verification: Additional documentation for high-volume accounts or high-risk activities

Ongoing Monitoring

KYC is not a one-time process. We continuously monitor accounts for:

  • Changes in transaction patterns
  • Updates to business information
  • Expiration of verification documents
  • Risk indicators that may require additional verification

Anti-Money Laundering (AML)

Our AML program is designed to detect and prevent the use of our platform for money laundering activities.

AML Measures

Key components of our AML program include:

  • Transaction Monitoring: Automated systems to detect suspicious transaction patterns
  • Risk-Based Approach: Enhanced due diligence for high-risk customers and transactions
  • Screening: Checking against sanctions lists, politically exposed persons (PEPs), and adverse media
  • Suspicious Activity Reporting: Procedures for reporting suspicious activities to relevant authorities
  • Record Keeping: Maintaining comprehensive records of all transactions and customer information

Red Flags

Our systems monitor for common money laundering red flags, including:

  • Unusual transaction patterns or volumes
  • Transactions with high-risk countries
  • Structuring (breaking down large transactions into smaller ones)
  • Rapid movement of funds
  • Inconsistencies in customer information
  • Transactions that don’t align with the customer’s profile

Counter-Terrorist Financing (CTF)

Notch Pay implements specific measures to prevent the use of our platform for terrorist financing.

CTF Measures

Our CTF program includes:

  • Sanctions Screening: Checking all users against global sanctions lists
  • Continuous Monitoring: Regular rescreening of existing customers
  • Risk Assessment: Evaluating the terrorist financing risk of different customer types and transactions
  • Staff Training: Specialized training for staff on identifying terrorist financing indicators

Data Protection and Privacy

Notch Pay is committed to protecting user data and maintaining privacy in compliance with relevant regulations.

Data Protection Measures

Our data protection framework includes:

  • Encryption: End-to-end encryption of sensitive data
  • Access Controls: Strict controls on who can access customer data
  • Data Minimization: Collecting only necessary information
  • Retention Policies: Clear policies on how long data is kept
  • User Rights: Processes for users to access, correct, or delete their data
  • Breach Notification: Procedures for notifying users and authorities in case of data breaches

Privacy by Design

We incorporate privacy considerations into all aspects of our product development:

  • Privacy impact assessments for new features
  • Default privacy-enhancing settings
  • Regular privacy audits and reviews

Fraud Prevention

Notch Pay employs advanced fraud prevention measures to protect both our platform and our users.

Fraud Detection Systems

Our multi-layered fraud detection approach includes:

  • Machine Learning Algorithms: To identify unusual patterns and potential fraud
  • Device Fingerprinting: To detect suspicious devices
  • Behavioral Analysis: To spot abnormal user behavior
  • Velocity Checks: To identify rapid or repeated transaction attempts
  • IP Analysis: To detect suspicious locations or VPN usage

Fraud Prevention Measures

We implement various measures to prevent fraud:

  • Two-Factor Authentication: Additional security layer for account access and transactions
  • Transaction Limits: Customizable limits to control transaction amounts
  • Verification Steps: Additional verification for high-risk transactions
  • Chargeback Protection: Systems to prevent and manage chargebacks
  • Merchant Monitoring: Ongoing review of merchant activities and risk profiles

Compliance for Merchants

If you’re a merchant using Notch Pay, you have specific compliance responsibilities.

Merchant Requirements

As a merchant, you should:

  1. Provide Accurate Information: Ensure all business information is accurate and up-to-date
  2. Maintain Proper Documentation: Keep records of transactions and customer interactions
  3. Follow Terms of Service: Adhere to Notch Pay’s terms regarding prohibited activities
  4. Implement Security Measures: Protect your account credentials and customer data
  5. Report Suspicious Activity: Alert Notch Pay to any suspicious transactions or account activity

Prohibited Activities

Notch Pay prohibits the use of our services for:

  • Illegal goods or services
  • Intellectual property infringement
  • Adult content or services (unless properly licensed)
  • Gambling (unless properly licensed)
  • Pyramid or Ponzi schemes
  • Virtual currencies (without proper authorization)
  • High-risk or deceptive business practices

Compliance for Developers

Developers integrating with Notch Pay’s API have specific compliance considerations.

Developer Requirements

When integrating with our API, developers should:

  1. Secure API Keys: Protect API keys and never expose them in client-side code
  2. Implement Proper Authentication: Secure your applications with proper authentication
  3. Validate User Input: Prevent injection attacks and other security vulnerabilities
  4. Handle Data Securely: Encrypt sensitive data and implement proper access controls
  5. Follow API Guidelines: Adhere to our API usage guidelines and rate limits

Security Best Practices

We recommend the following security practices:

  • Use HTTPS for all API requests
  • Implement webhook signature verification
  • Regularly rotate API keys
  • Monitor API usage for unusual patterns
  • Keep libraries and dependencies updated

Reporting Compliance Issues

Notch Pay encourages the reporting of compliance concerns or potential violations.

How to Report

You can report compliance issues through:

  • Email: compliance@notchpay.co
  • Dashboard: Use the “Report Issue” feature in your account dashboard
  • Phone: Contact our compliance team at the number provided in your account

Whistleblower Protection

We are committed to protecting those who report compliance concerns in good faith from retaliation or negative consequences.

Staying Updated

Compliance requirements evolve over time. Stay updated with Notch Pay’s compliance changes through:

  • Email Updates: Regular communications about important compliance changes
  • Dashboard Notifications: Alerts about new requirements or verification needs
  • Documentation: This compliance guide is regularly updated
  • Blog: Our blog features posts about significant regulatory changes

Compliance Resources

For more information about compliance, consult these resources:

If you have specific compliance questions, please contact our compliance team at compliance@notchpay.co.