Security center
of CentralPay payment institution

CentralPay is committed to maintaining a high level of security to meet industry standards.

Response within 24 hours!

Our commitment

The security of operations, data, and environments

Certified infrastructure

A payment institution regulated and supervised by the ACPR (Bank of France).

  • Electronic Money Institution (EMI) (CIB 17138)
  • Segregated and protected client funds
  • Regular regulatory audits and reporting

Safety standards

Security standards are applied at every stage of the transaction.

  • PCI DSS compliance for card data management
  • Advanced tokenisation services
  • TLS encryption in transit, AES encryption at rest
  • Audits and penetration tests

Fighting fraud

Real-time detection and prevention of fraudulent transactions.

  • Built-in strong authentication protocol (3DS2)
  • Configurable scoring engine and anti-fraud rules
  • 24/7 monitoring of suspicious transactions
  • Chargeback and dispute management

Data protection (GDPR)

Personal data is handled with the utmost care, without compromise.

  • Data retention and minimization policy
  • Hosting in France, in ISO 27001-certified data centers
  • Up-to-date record of processing activities
  • Designated DPO, individual rights guaranteed

Access control

Permissions specific to CentralPay applications and environments.

  • Role-Based access control (RBAC)
  • Access logging and traceability
  • Periodic review of permissions and access rights

Continuity and resilience

An infrastructure designed to keep operations running under any circumstances.

  • Redundant architecture and multi-site hosting
  • Business Continuity and Disaster Recovery Plan
  • 24/7 traffic monitoring and supervision
  • Incident management with escalation and structured communication

Secure payments: a key challenge for businesses

Every payment transaction potentially exposes your organization to risks of fraud, data breaches, or non-compliance.

CentralPay works with you to turn payment security into a real driver of trust and performance.

From configuring your payment flows to managing access rights, our teams advise you and provide you with tools tailored to your level of exposure.

FAQ

Do you have questions about CentralPay's security protocols?

The security of funds is based on several complementary layers of protection. As an Electronic Money Institution authorized by the ACPR (Bank of France), CentralPay is subject to a legal obligation to segregate funds: your clients’ funds are held in dedicated accounts, strictly separated from CentralPay’s own funds. This regulatory protection is reinforced by a secure infrastructure, regular internal controls, and ongoing reporting to regulatory authorities.

Yes. CentralPay is PCI DSS-certified, the international security standard required of any entity that processes, stores, or transmits credit card data. This certification covers the entire processing chain: from card data to the completed transaction. It is audited and renewed regularly by an accredited third-party organization (QSA). For your technical and compliance teams, [documentation is available upon request].

Innovations and new regulations are driving the evolution of online payments. What’s the best approach? To stay up to date on the latest regulatory news and explore glossaries, definitions, and advice from our experts, visit the CentralPay blog.

Do you have a project?

Our teams analyze your architecture and provide you with a compliant, ready-to-deploy solution.