Laws and regulations
As a financial service provider, we work in compliance with the applicable laws and regulations. These are laid down in the Financial Supervision Act (Wft), the Money Laundering and Terrorist Financing (Prevention) Act (Wwft), the Telecom Act and the General Data Protection Regulation (AVG), among others. In practice, this means that we, as a financial institution, must conduct our business with integrity and control.
Based on this legislation, CCV is subject to supervision by the following supervisory authorities:
- De Nederlandsche Bank (DNB)
- Netherlands Authority for the Financial Markets (AFM)
- Authority for the Protection of Personal Data (AP)
- Telecom Agency
This means that we provide our customers with comprehensive information: about our services, what they entail and what they mean for them. And, which conditions them must satisfy (permanently) to purchase our services.
Audits and Certifications
CCV regularly performs audits and maintains a few certifications to further strengthen our trust with customers. Because we want to demonstrate that our business operations meet the requirements set for us, we are certified according to the most stringent requirements that apply to financial service providers. The security of our terminals meets the requirements of the Payment Card Industry (PCI). For payment transaction processing, we are certified for:
- ISO 27001: ISO standard for information security.
CCV has been certified against this set of widely recognized and internationally accepted information security standards that specifies security management best practices and comprehensive security controls following ISO 27002.
- PCI DSS: Payment Card Industry - Data Security Standard
- PCI PIN: Payment Card Industry - Personal Identification Numbers
- ISAE 3402 Type II: Framework for Internal Auditing
CCV has been issued an ISAE 3402 type 2 report by an external independent auditor. This report is an independent examination of the IT General controls and controls around availability, confidentiality and security of customer data processed by the CCV infrastructure relevant for the financial reporting of customers.
Availability of transaction processing
When you have payment terminals or want us to process your payment transactions, you are entrusting CCV with critical and sensitive data about your business and your customers. Ensuring the security of your data is our top priority.
Given our critical role in the economic ecosystem, we understand the importance of managing security risks. Our cybersecurity team is aligned to our organization and enables us to reduce the risk of cybersecurity threats. We have an effective holistic cybersecurity approach based on CPMI guidelines on cyber resilience for financial market infrastructures.
It is our responsibility to ensure that we not only have secure payment terminals and a secure payment processing platform but that we secure all of your data. This means implementing and enforcing effective practices and processes. We are also responsible for regularly conducting third-party audits, and maintaining certifications to verify the security of our systems and processes.
Way of working
Our approach towards cybersecurity is based on the CPMI guidelines on cyber resilience for financial market infrastructures. Key aspects of our approach are the following five basic elements of our cyber resilience framework: Identification, Protection, Detection, Recovery and Testing. Implemented practices and processes are derived from this framework.
We understand that you have specific questions on cybersecurity within CCV. We encourage you to examine our “Standardized Information Gathering” questionnaire and contact our Corporate Security department via email@example.com if you need any further information.
Your rights when making payments in Europe
We embrace the regulations of the revised Payment Service Directive 2 (PSD2), the base for the development of a better integrated internal market for electronic payments within the European Union. These EU rules mean that electronic payments are becoming cheaper, easier and safer.
Ready to find out more?
Get in touch with our experts for more information about our APIs.
If you are a developer, business partner or just someone with a curious mind set, you can count on our unconditional support. Go ahead and bring us your ideas, wishes or questions.