Get Started
Security & Trust

Compliance & Certifications

Last Updated: November 11, 2025

1. Our Commitment to Compliance

KATSOFT LIMITED (operating as Katpay) is committed to maintaining the highest standards of regulatory compliance, data security, and operational integrity. We adhere to all applicable Nigerian laws and international best practices to protect our merchants and their customers.

Licensed Banking Partner

Katpay operates in partnership with PalmPay Limited, a Central Bank of Nigeria (CBN) licensed Mobile Money Operator, ensuring all transactions are processed through a regulated financial institution.

2. Regulatory Compliance

CBN Compliance
We comply with Central Bank of Nigeria guidelines for payment service providers, including transaction limits, settlement timelines, and reporting requirements.
Compliant
PCI-DSS Level 1
Our infrastructure meets Payment Card Industry Data Security Standard Level 1, the highest level of certification for payment processors.
Certified
NDPA 2023
Fully compliant with the Nigeria Data Protection Act 2023 and Nigeria Data Protection Regulation (NDPR) 2019.
Compliant
AML/CFT
We implement Anti-Money Laundering and Combating the Financing of Terrorism measures in accordance with MLPPA 2022.
Compliant

3. Data Protection Compliance

3.1 Nigeria Data Protection Act (NDPA) 2023

We comply with all provisions of the NDPA 2023, including:

  • Lawful, fair, and transparent data processing
  • Purpose limitation and data minimization
  • Data accuracy and integrity maintenance
  • Storage limitation and secure retention
  • Accountability and demonstrable compliance

3.2 General Application and Implementation Directive (GAID) 2025

Katpay adheres to the GAID 2025 directives issued by the Nigeria Data Protection Commission (NDPC), including:

  • Data Protection Impact Assessments (DPIA) for high-risk processing
  • Appointment of a Data Protection Officer (DPO)
  • Data breach notification procedures
  • Cross-border data transfer safeguards
  • Annual compliance audits and reporting

4. Anti-Money Laundering (AML) and Counter Financing of Terrorism (CFT)

In compliance with the Money Laundering (Prevention and Prohibition) Act (MLPPA) 2022 and Terrorism (Prevention) Act 2022, Katpay implements:

  • Know Your Customer (KYC): Mandatory identity verification using BVN/NIN for all merchants
  • Transaction Monitoring: Real-time detection of suspicious transaction patterns
  • Sanctions Screening: Automated checks against global watchlists and PEP databases
  • Reporting: Suspicious Transaction Reports (STRs) filed with the Nigerian Financial Intelligence Unit (NFIU)
  • Record Keeping: 10-year retention of KYC documents and transaction records
  • Staff Training: Regular AML/CFT awareness programs for all employees

5. Security Standards and Certifications

5.1 PCI-DSS Level 1 Compliance

Katpay maintains PCI-DSS Level 1 certification, which requires:

  • Firewall protection for cardholder data environments
  • Strong encryption of transmitted cardholder data
  • Regular vulnerability scans and penetration testing
  • Secure development and change management processes
  • Quarterly ASV scans and annual on-site assessments

5.2 ISO 27001 Information Security Management

Our information security management system follows ISO 27001 best practices:

  • Risk assessment and treatment framework
  • Access control and authentication policies
  • Incident response and business continuity plans
  • Employee security awareness training
  • Third-party security assessments

5.3 SOC 2 Type II Audit

We undergo annual SOC 2 Type II audits to verify our controls for:

  • Security: Protection against unauthorized access
  • Availability: System uptime and reliability
  • Confidentiality: Protection of sensitive information
  • Processing Integrity: Accurate and timely transaction processing
  • Privacy: Collection, use, and disclosure of personal data

6. Consumer Protection

Katpay complies with the Federal Competition and Consumer Protection Act (FCCPA) 2018:

  • Transparent pricing with no hidden fees
  • Clear terms and conditions in plain English
  • Fair dispute resolution processes
  • Protection against fraudulent transactions
  • Responsive customer support

7. Cybersecurity Compliance

In accordance with the Cybercrimes (Prohibition, Prevention, etc.) Act 2015, we implement:

  • Advanced threat detection and prevention systems
  • Encryption of data at rest and in transit (AES-256, TLS 1.3)
  • Regular security audits and vulnerability assessments
  • Incident response and cyber insurance coverage
  • Compliance with NITDA cybersecurity frameworks

8. Third-Party Audits and Certifications

Katpay undergoes regular third-party audits to ensure ongoing compliance:

  • Annual PCI-DSS Audit: Conducted by Qualified Security Assessor (QSA)
  • Quarterly Vulnerability Scans: Performed by Approved Scanning Vendor (ASV)
  • Annual Penetration Testing: Independent ethical hacking assessments
  • SOC 2 Type II Audit: 12-month control effectiveness review
  • Data Protection Audit: NDPC compliance verification

9. Merchant Compliance Responsibilities

As a Katpay merchant, you are responsible for:

  • Complying with all applicable laws in your jurisdiction
  • Maintaining valid CAC registration and business licenses
  • Implementing your own data protection measures
  • Reporting suspicious transactions to Katpay
  • Keeping accurate transaction records for 10 years
  • Not engaging in prohibited activities (see Terms of Service)

10. Contact Our Compliance Team

For compliance-related inquiries, audit requests, or regulatory questions:

Compliance Officer
KATSOFT LIMITED
No 3 Behind Nagarta Chemist, Garu Musawa, Katsina State, Nigeria
Email: compliance@katpay.co
General Support: support@katpay.co
Phone: +234 811 391 0395