The questions your team asks before signing with any payment processor — answered up front, not buried in a PDF you have to request three times.
The foundational requirements for any organization that touches card data.
Merchantic operates in accordance with PCI DSS requirements as a registered ISO. Attestation of Compliance and SAQ documentation are available to your security or compliance team on request.
All data in transit is encrypted via TLS 1.2 or higher. Sensitive data at rest is encrypted, with access limited to systems and personnel that require it.
Card data is tokenized at the point of entry, so raw card numbers never need to touch your systems. See our tokenization documentation for implementation detail.
Underwriting is the first layer. Ongoing monitoring is the second.
Processing activity is monitored on an ongoing basis for patterns consistent with fraud, testing, or account takeover — not just reviewed once at onboarding.
Every account is underwritten on its own risk profile rather than a blanket template, which means risk controls are actually matched to how your business operates.
Dedicated support for representment and dispute response, plus guidance on the process controls that prevent chargebacks before they happen. More detail in our Resources page.
The operational controls that don’t make headlines but matter during a vendor security review.
Built on redundant processing infrastructure targeting 99.99% platform uptime, with monitoring and failover in place for the systems that handle live transactions.
Internal access to sensitive systems and merchant data is role-based and limited to what a given team member needs to do their job.
Systems are regularly scanned and reviewed for vulnerabilities as part of standard operating procedure, consistent with PCI DSS requirements.
We'd rather answer it directly than make your team dig for a PDF. Reach out and we'll get it back to you promptly.
Contact Our Team