Compliance & Security

Committed to the highest standards of security, compliance, and data protection.

Last Updated: December 28, 2024

At Pecify, we prioritize security and compliance to ensure the safety of your transactions and data. We adhere to international and Indian regulatory standards to provide a secure and trustworthy payment gateway service.

PCI DSS

Level 1 PCI DSS certified, meeting the highest security standards for payment card processing.

256-bit Encryption

All data transmissions protected with bank-grade SSL/TLS encryption technology.

RBI Compliant

Fully compliant with Reserve Bank of India guidelines for payment aggregators.

ISO Certified

ISO 27001 certified for information security management systems.

1. PCI DSS Compliance

The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that all companies that accept, process, store, or transmit credit card information maintain a secure environment.

Pecify is PCI DSS Level 1 certified, which means:

  • Regular security audits by qualified security assessors
  • Secure network architecture and firewall protection
  • Encrypted storage and transmission of cardholder data
  • Strict access control measures
  • Continuous monitoring and testing of security systems
  • Regular vulnerability scans and penetration testing

2. Reserve Bank of India (RBI) Compliance

As a payment aggregator operating in India, we comply with all RBI guidelines including:

  • KYC (Know Your Customer) and AML (Anti-Money Laundering) regulations
  • Payment and Settlement Systems Act, 2007
  • Guidelines on regulation of payment aggregators and payment gateways
  • Two-factor authentication for card-not-present transactions
  • Settlement and reconciliation requirements
  • Data localization norms - all payment data stored within India

3. Data Protection and Privacy

We are committed to protecting your data in compliance with:

  • Information Technology Act, 2000 and its amendments
  • Reasonable Security Practices and Procedures Rules, 2011
  • GDPR principles for international transactions
  • Industry best practices for data privacy

Data Localization: In compliance with RBI guidelines, all payment data is stored exclusively on servers located within India.

4. Security Measures

We implement multiple layers of security to protect your transactions:

  • Tokenization: Sensitive card data replaced with non-sensitive tokens
  • Encryption: 256-bit AES encryption for data at rest and in transit
  • 3D Secure: Additional authentication layer for card transactions
  • Fraud Detection: AI-powered real-time fraud monitoring and prevention
  • Secure APIs: OAuth 2.0 and JWT-based authentication
  • DDoS Protection: Advanced protection against denial-of-service attacks
  • Web Application Firewall: Protection against common web vulnerabilities

5. KYC and AML Compliance

To prevent fraud and money laundering, we implement strict KYC procedures:

  • Verification of business registration documents
  • Director/owner identity verification with government-issued IDs
  • Address verification through utility bills or bank statements
  • PAN and GST verification
  • Bank account verification
  • Ongoing monitoring of transaction patterns
  • Suspicious transaction reporting to FIU-IND (Financial Intelligence Unit)

6. Audit and Certification

Pecify undergoes regular third-party audits and maintains current certifications:

  • Annual PCI DSS compliance audit by Qualified Security Assessor (QSA)
  • Quarterly vulnerability scans by Approved Scanning Vendor (ASV)
  • ISO 27001:2013 information security management certification
  • SOC 2 Type II audit for service organization controls
  • Regular penetration testing by certified ethical hackers

7. Incident Response

We maintain a comprehensive incident response plan that includes:

  • 24/7 security monitoring and alerting
  • Dedicated security incident response team
  • Documented incident response procedures
  • Notification protocols for affected parties
  • Post-incident analysis and remediation
  • Compliance with data breach notification requirements

8. Merchant Responsibilities

While we provide a secure platform, merchants must also:

  • Maintain PCI DSS compliance for their own systems if storing card data
  • Implement secure authentication for dashboard access
  • Use HTTPS/SSL on payment collection pages
  • Regularly update and patch their applications
  • Train staff on security best practices
  • Report suspicious activities immediately
  • Comply with all applicable regulations in their industry

9. Transparency and Reporting

We believe in transparency regarding our security and compliance:

  • Regular security updates and advisories
  • Annual compliance reports available to merchants
  • Transparent disclosure of security incidents when required
  • Clear documentation of our security practices

10. International Standards

For international transactions, we comply with:

  • GDPR (General Data Protection Regulation) for EU customers
  • PSD2 (Payment Services Directive 2) requirements
  • Strong Customer Authentication (SCA) mandates
  • Local data protection laws in applicable jurisdictions

11. Continuous Improvement

Security and compliance are ongoing commitments. We continuously:

  • Monitor emerging threats and vulnerabilities
  • Update security controls and technologies
  • Train our team on latest security practices
  • Review and update policies and procedures
  • Participate in industry security forums and working groups

12. Contact Our Security Team

For security-related inquiries or to report a security issue:

Email: security@pecify.com
For general compliance questions: compliance@pecify.com
Phone: +91 97588 13335
Address: 7th Floor, Block E-12/8, Vrindavan Tower, Sanjay Palace, Agra, Uttar Pradesh

Security Bug Bounty: We welcome responsible disclosure of security vulnerabilities. Contact our security team for details about our bug bounty program.