Stancer documentation

English

Français
Italiano

English

Français
Italiano

Appearance

Security & Compliance

Authorisation

In addition to being an authorised payment institution, Stancer holds the necessary certifications for providing you with secure services that meet international standards for payments.

Certification

Our infrastructure is certified PCI DSS Level 1, which means that we can provide secure hosting for all your customers’ data.

We are PCI 3DS and PCI PIN certified, enabling us to manage card transactions. We are also certified for the following card schemes: CB, VISA, MC.

Hosting

All of our data is hosted in France, with our partner(s) Scaleway & OP CORE.

Access to your User Area

Due to the extent of the actions that are possible from your User Area, our teams have implemented a series of preventive measures to protect access to your data, as well as to prevent hacking attempts. You must therefore change your password on a regular basis. Moreover, if a login under unusual circumstances is detected, strong authentication will be required in order to access your User Area.

In addition, all attempts to change your login email address or your password will require strong authentication, to prevent all fraudulent alterations.

Please note that we may make checks at any time to ensure the security of your information: you may be asked to re-enter your password, and a verification code may be sent to you by SMS. Furthermore, the User Area is secured using the XXX protocol, which protects you against attempted data theft.

Security of exchanges

We have set up robust protection to ensure the security of your information and that of your customers:

  • With our API: in order to exchange with the Stancer API, we use the TLS protocol, which makes it possible to communicate with our services in complete security.
  • With the terminal: your terminal secures all of your transactions via the TLS protocol. This protocol provides you and your customer with assurance that the information that transits through it is secure.

Management of data

Depending on the context, Stancer may act as a data controller or a data processor within the meaning of the General Data Protection Regulation (GDPR).

In accordance with the provisions of the ACPR as well as those of the GDPR, we store your data for the regulatory retention periods imposed on us. All measures taken by Stancer regarding your personal data and that of your customers are set out in our General Terms of Use and in our Privacy Policy.

Illegal activity/ies

Stancer is a payment institution authorized by the ACPR under number 11758. This status requires Stancer to exercise the highest vigilance in combating money laundering and terrorist financing, in order to ensure compliance with the applicable regulations for the provision of these payment services for you and our partners.

Accordingly, we may be required to take various measures regarding your subscription. All such measures, which may be carried out under our regulatory obligations, are detailed in our General Terms of Use.

Furthermore, if it is found that our services are being used for purposes prohibited by our General Terms of Use or by applicable law, this may result in the temporary or permanent suspension of your Stancer account without compensation. We may also retain your funds for up to 13 months from the date of termination due to these breaches.

Fraud Procedure

If you suspect that you have been a victim of fraud (e.g., theft of your API keys or the terminal provided to you), please follow the steps below carefully to ensure a fast and secure resolution of the situation.

1. Report the fraudulent payments

Please send us an email at support@stancer.com with the full list of fraudulent payments, including:

  • The transaction IDs involved (e.g., paym_XXXX)

  • Any additional relevant information (date, amount, payer’s name, etc.)

You can use the CSV exports available in your User Area to quickly identify the affected transactions.

2. Do not issue refunds to payers

To avoid generating additional fees, do not process any refunds directly to your payers while the case is under review. Our support team will confirm the next steps once the case has been analyzed.

3. Refund of incurred fees

Any fees incurred as a result of a confirmed fraud attempt — including chargeback-related fees — will be refunded by Stancer and reflected directly on your invoice.

4. Removal of fraudulent transactions from the User Area

To prevent any confusion, the affected operations (payments, disputes, settlements, etc.) will be removed from your User Area once the incident is resolved.

⚠️ Note

Our Support and Sales teams are available throughout the process. Please contact us via support@stancer.com.

Also, make sure to keep your website secure: update it regularly, apply security patches, and follow best security practices.