How We Manage Security

Bloc is PCI-certified with PCI Service Provider Level 1 - the highest certification level. We are also ISO-27001 certified and auditor certified, staying compliant with the highest standards of security globally.

Data Security

All customer and account data are kept safe in our database, in compliance with our Nigerian Data Protection Regulation (NDPR) certification.

We collect this data because we are required by law to do so, in line with the CBN regulations of issuing a banking licence.

Important to Note:

Our CBN banking licence is powered by Banc Corp Microfinance Bank, allowing us to power your banking transactions safely. Our banking and payments infrastructure is encrypted with bank-grade security, which means your money is safe with us.

How we Protect you from Fraud

Bloc has developed an internal fraud detection system that uses rules to monitor if suspicious activity is being carried out on our infrastructure. If it is, we automatically freeze the guilty account, preventing it from being able to carry out any transaction until we resolve the issue with your business or organization.

This detection system is built based on our Anti Money Laundering policy and Compliance rules that every account and customer created on our infrastructure must abide by.

Businesses on Bloc can also blacklist and freeze customers, sub-accounts, and virtual cards from the Dashboard if they suspect fraudulent activity. Our Legal & Compliance teams are constantly working to improve our fraud detection rules and how we prevent fraud from happening on our system.

For Technical Teams: API Credential Information


To link your provider account with Bloc, you need to provide the API credentials of the provider to authenticate and secure the connection.

Your API Credentials are encrypted, while the decryption keys are stored on a separate machine and service. This means no one in the team knows what your API keys look like because they are not saved as plain numbers/text.

The only thing we can do is request that it is decrypted and provided to the Payment Provider for authentication.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us