Information security is a top priority of us and our partners. Therefore, we continue to refine our product and services and risk control measures. Below, we have compiled all the information you need to understand our security policy.

1. Payment security

To ensure the security of your transaction information, we adopt cutting-edge technologies to guarantee that every transaction takes place in a highly secure environment.

• Data Transmission Security

We utilise industry-leading encryption technology, the TLS (Transport Layer Security) protocol, to build a robust barrier for your information transmission. The protocol ensures that your transaction data remains private and intact during transmission, preventing any unauthorised access or tampering.

• PCI DSS Compliance

As a responsible financial institution, we strictly adhere to PCI DSS (Payment Card Industry Data Security Standard). This standard requires us to implement strict security control measures to protect cardholder information. We regularly perform audits by external and independent qualified security assessors to ensure that we always meet the latest PCI DSS requirements.

• PCI PIN Security

For transactions involving PINs (Personal Identification Numbers), we also follow the PCI PIN security standard. This standard applies to all systems and technologies related to PIN handling, storage, and transmission, with the aim of providing an additional layer of security for consumers. Like PCI DSS, our commitment to PCI PIN security is demonstrated through regular third-party audits to ensure continuous compliance and security.

1. Cybersecurity

We fully understand the importance of cybersecurity and are committed to providing you with the most reliable service. Therefore, we have adopted multiple measures to safeguard your information:

• Continuous System Updates：Our professional team constantly monitors the latest security trends to ensure that all systems are promptly updated to combat emerging threats.
• Intrusion Detection System：We have deployed advanced intrusion detection systems to monitor network activity in real-time, enabling us to detect and respond to any potential security incidents immediately.
• Comprehensive Preventive Measures：We have implemented a series of preventive measures to ensure the security of both the systems and customer data from multiple angles, including firewall configurations, data encryption, and strict access control mechanisms.
• Regular Security Testing：Regular system security testing is conducted jointly by internal experts and external independent security assessment teams to ensure that our defense mechanisms can effectively resist various attacks.
• Strict Data Management：We have implemented strict data management policies to ensure that sensitive information is properly protected and only accessible by authorised personnel.
• Internal and External Audits：To further enhance our cybersecurity management, we conduct multiple internal and external audits annually on our IT infrastructure and applications to ensure the effectiveness of all security measures.
• ISO 27001 Certification：We have obtained ISO 27001 certification for our international information security management system, demonstrating that we have reached internationally recognized standards in information security management.

1. Data privacy

Respecting privacy is at the core of our service. We understand the importance of personal information and are dedicated to protecting your data in the following ways:

• High Standards of Protection：We follow high standards of protection for all collected, used, and shared personal information to ensure its safety. These measures not only comply with industry benchmarks and best practices, but also keep pace with the continuously evolving laws and regulations.
• Data Encryption：We encrypt all customer data, including but not limited to sensitive information such as credit card numbers. Encrypted data cannot be used for unauthorised payments, thus maximising the security of your assets.
• Adherence to Data Protection Regulations：We strictly adhere to global data protection regulations and commit to never sharing, selling, or disclosing your personal information without your explicit consent. Your information is used only for purposes necessary to service provision.
• Transparency and Updates: We regularly evaluate and update our privacy policy to ensure it complies with the latest legal requirements while maintaining transparency, so that you understand how we handle your personal information.

1. Responsible data use

We firmly believe that transparency is the foundation of trust. Therefore, when handling your personal information, we adhere to the following principles:

• Transparency and Notification：We uphold the principle of transparency, clearly informing users about the types of data we collect and their specific purposes. You have the right to know how your data is being processed.
• User Control：We understand that consumers are concerned about how their data is collected, used, shared, and protected. To address this, we provide intuitive and user-friendly tools that allow you to easily manage your data preference settings.
• Respecting User Choices: We respect every choice made by users and ensure that you can conveniently and quickly exercise your rights, including accessing, correcting, deleting personal data, and withdrawing consent.

1. Transaction integrity

We are dedicated to maintaining the accuracy and reliability of every transaction:

• Multi-Factor Verification Mechanism：Every transaction will go through multiple verification steps to ensure the identities of both parties are legitimate. This helps prevent identity theft and other forms of fraudulent behaviour.
• Anti-Fraud System：We have established a comprehensive anti-fraud system that continuously monitors transaction patterns, identifying and blocking any suspicious activities to protect your account security.
• Secure Tokenisation Storage: Customer payment information is stored in the form of tokens, which are encrypted and cannot be used for unauthorised payments. This method protects your financial information and ensures the security of the transaction process.
• 3DS Verification：We use the 3DS (Three-Domain Secure) verification mechanism to provide an additional layer of security for high-risk transactions. 3DS verification ensures that only legitimate cardholders can complete transactions, thereby significantly reducing the risk of fraud.