Stancer documentation

English

Français

English

Français

Appearance

Security & Compliance

Authorisation

In addition to being an authorised payment institution, Stancer holds the necessary certifications for providing you with secure services that meet international standards for payments.

Certification

Our infrastructure is certified PCI DSS Level 1, which means that we can provide secure hosting for all your customers’ data.

We are PCI 3DS and PCI PIN certified, enabling us to manage card transactions. We are also certified for the following card schemes: CB, VISA, MC.

Hosting

All of our data is hosted in France, with our partner(s) Scaleway & OP CORE.

Access to your User Area

Due to the extent of the actions that are possible from your User Area, our teams have implemented a series of preventive measures to protect access to your data, as well as to prevent hacking attempts. You must therefore change your password on a regular basis. Moreover, if a login under unusual circumstances is detected, strong authentication will be required in order to access your User Area.

In addition, all attempts to change your login email address or your password will require strong authentication, to prevent all fraudulent alterations.

Please note that we may make checks at any time to ensure the security of your information: you may be asked to re-enter your password, and a verification code may be sent to you by SMS. Furthermore, the User Area is secured using the XXX protocol, which protects you against attempted data theft.

Security of exchanges

We have set up robust protection to ensure the security of your information and that of your customers:

  • With our API: in order to exchange with the Stancer API, we use the TLS protocol, which makes it possible to communicate with our services in complete security.
  • With the terminal: your terminal secures all of your transactions via the TLS protocol. This protocol provides you and your customer with assurance that the information that transits through it is secure.

Management of data

For its payment services, Stancer acts as a processor of your customers’ personal data. In this respect, you are still responsible for your customers’ data and required to comply with the requirements of the GDPR.

In accordance with the requirements of the ACPR (French Prudential Supervision and Resolution Authority) and the GDPR, we store your data for the regulatory time-limits that are imposed on us. All of the measures implemented by Stancer concerning your personal data and that of your customers is mentioned in our Standard Terms of Use.

Illegal activity/ies

Stancer is an authorised payment institution. For Stancer, this status means that the utmost vigilance is required in combating fraud and the financing of illegal activities, so that we can provide both you and our partners with assurance of legal compliance and of the security of your activity. We may therefore have to implement various measures with regard to you signing up for our services. All the measures that may be implemented in respect of our regulatory obligations are stated in our Standard Terms of Use.

Moreover, if we determine that our services are being used for purposes that are prohibited by our Standard Terms of Use, this may lead to the temporary or definitive suspension of your Stancer account.

Fraud Procedure

If you suspect that you have been a victim of fraud (e.g., theft of your API keys or the terminal provided to you), please follow the steps below carefully to ensure a fast and secure resolution of the situation.

1. Report the fraudulent payments

Please send us an email at support@stancer.com with the full list of fraudulent payments, including:

  • The transaction IDs involved (e.g., paym_XXXX)

  • Any additional relevant information (date, amount, payer’s name, etc.)

You can use the CSV exports available in your User Area to quickly identify the affected transactions.

2. Do not issue refunds to payers

To avoid generating additional fees, do not process any refunds directly to your payers while the case is under review. Our support team will confirm the next steps once the case has been analyzed.

3. Refund of incurred fees

Any fees incurred as a result of a confirmed fraud attempt — including chargeback-related fees — will be refunded by Stancer and reflected directly on your invoice.

4. Removal of fraudulent transactions from the User Area

To prevent any confusion, the affected operations (payments, disputes, settlements, etc.) will be removed from your User Area once the incident is resolved.

⚠️ Note

Our Support and Sales teams are available throughout the process. Please contact us via support@stancer.com.

Also, make sure to keep your website secure: update it regularly, apply security patches, and follow best security practices.