Skip to main content
Compliance

Compliance is the platform, not a marketing checkbox.

Structured merchant review, Acceptable Use Policy enforcement, sanctions screening, partner-approved processing workflows, and dispute operations — documented end to end.

Compliance programs

Merchant verification

Structured identity verification, business-registration validation against authoritative sources, and beneficial-owner attestation aligned with FinCEN customer due-diligence guidance.

Acceptable Use Policy

A documented prohibited-business list reviewed at onboarding and at every material change. Visa BRAM and Mastercard BAU lists, plus partner-specific exclusions, are applied.

Sanctions and adverse-media screening

Continuous screening against OFAC SDN, UN, EU, and HMT consolidated sanctions lists, with adverse-media monitoring on principals and entities. Re-screening runs nightly and on-demand.

Transaction monitoring

Risk monitoring with velocity controls, blocklist coverage, and structured case management. Suspicious-activity escalation paths are documented and audited.

Approved product scope, descriptor, domain, and MCC

Each merchant operates within the approved product scope, statement descriptor, accepted-payment domain, and MCC published at activation. Material changes require partner re-review.

Dispute and chargeback operations

Documented refund, chargeback, and pre-arbitration workflows. Evidence assembly and partner-rule pass-through are tracked per merchant and per transaction.

PCI-reduced checkout

Card data is processed within a PCI-certified token vault operated by approved partners and never traverses Veyra application servers in raw form. Veyra maintains SAQ-A-equivalent obligations aligned to PCI DSS v4.0.

Partner and network compliance

We operate under the rules of Visa, Mastercard, American Express, and Discover and coordinate with acquiring and sponsor-bank partners on category-specific obligations including BRAM, BAU, and supplemental MCC requirements.

Frameworks and references

Operating against published standards.

Our program is structured against PCI DSS v4.0, NIST CSF 2.0, FinCEN customer due-diligence guidance, and the operating rules of Visa, Mastercard, American Express, and Discover. We coordinate with our acquiring partners on category- specific obligations including BRAM, BAU, and supplemental MCC requirements.

Read the security overview
Platform posture

What Veyra does not do.

The platform's compliance posture is defined as much by what we decline as by what we deliver. These boundaries are written into our Acceptable Use Policy and enforced at onboarding and on every material change.

  • We do not process for undisclosed merchants.
  • We do not support transaction laundering or factoring.
  • We do not allow processing outside approved product scope, descriptor, MCC, or domain.
  • We do not onboard prohibited businesses.
  • We do not guarantee approval.
  • We do not hide merchant identity from acquiring, network, regulatory, or processing partners.
  • We do not bypass card-network or partner rules.

Ready to talk?

Tell us about your business. We'll respond with a structured underwriting preview and a path to integration within two business days.

Schedule a demorisk@veyragate.com