How We Manage Security

Bloc is PCI-certified with PCI Service Provider Level 1 - the highest certification level. We are also ISO-27001 certified and auditor certified, staying compliant with the highest standards of security globally.

Data Security

All customer and account data are kept safe in our database, in compliance with our Nigerian Data Protection Regulation (NDPR) certification.

We collect this data because we are required by law to do so, in line with the CBN regulations of issuing a banking licence.

How we Protect you from Fraud

Bloc has developed an internal fraud detection system that uses rules to monitor if suspicious activity is being carried out on our infrastructure. If it is, we automatically freeze the guilty account, preventing it from being able to carry out any transaction until we resolve the issue with your business or organization.

This detection system is built based on our Anti Money Laundering policy and Compliance rules that every account and customer created on our infrastructure must abide by.

Businesses on Bloc can also blacklist and freeze customers, sub-accounts, and virtual cards from the Dashboard if they suspect fraudulent activity. Our Legal & Compliance teams are constantly working to improve our fraud detection rules and how we prevent fraud from happening on our system.

For Technical Teams: API Credential Information

Your API Credentials are encrypted, while the decryption keys are stored on a separate machine and service. This means no one in the team knows what your API keys look like because they are not saved as plain numbers/text.

The only thing we can do is request that it is decrypted and provided to the Payment Provider for authentication.