Security & Compliance ​
Authorisation ​
In addition to being an authorised payment institution, Stancer holds the necessary certifications for providing you with secure services that meet international standards for payments.
Certification ​
Our infrastructure is certified PCI DSS Level 1, which means that we can provide secure hosting for all your customers’ data.
We are PCI 3DS and PCI PIN certified, enabling us to manage card transactions. We are also certified for the following card schemes: CB, VISA, MC.
Hosting ​
All of our data is hosted in France, with our partner(s) Scaleway & OP CORE.
Access to your Client Dashboard ​
Due to the extent of the actions that are possible from your Client Dashboard, our teams have implemented a series of preventive measures to protect access to your data, as well as to prevent hacking attempts. You must therefore change your password on a regular basis. Moreover, if a login under unusual circumstances is detected, strong authentication will be required in order to access your Client Dashboard.
In addition, all attempts to change your login email address or your password will require strong authentication, to prevent all fraudulent alterations.
Please note that we may make checks at any time to ensure the security of your information: you may be asked to re-enter your password, and a verification code may be sent to you by SMS. Furthermore, the Client Dashboard is secured using the XXX protocol, which protects you against attempted data theft.
Security of exchanges ​
We have set up robust protection to ensure the security of your information and that of your customers:
- With our API: in order to exchange with the Stancer API, we use the TLS protocol, which makes it possible to communicate with our services in complete security.
- With the terminal: your terminal secures all of your transactions via the TLS protocol. This protocol provides you and your customer with assurance that the information that transits through it is secure.
Management of data ​
For its payment services, Stancer acts as a processor of your customers’ personal data. In this respect, you are still responsible for your customers’ data and required to comply with the requirements of the GDPR.
In accordance with the requirements of the ACPR (French Prudential Supervision and Resolution Authority) and the GDPR, we store your data for the regulatory time-limits that are imposed on us. All of the measures implemented by Stancer concerning your personal data and that of your customers is mentioned in our Standard Terms of Use.
Illegal activity/ies ​
Stancer is an authorised payment institution. For Stancer, this status means that the utmost vigilance is required in combating fraud and the financing of illegal activities, so that we can provide both you and our partners with assurance of legal compliance and of the security of your activity. We may therefore have to implement various measures with regard to you signing up for our services. All the measures that may be implemented in respect of our regulatory obligations are stated in our Standard Terms of Use.
Moreover, if we determine that our services are being used for purposes that are prohibited by our Standard Terms of Use, this may lead to the temporary or definitive suspension of your Stancer account.