Security
Last updated: July 8, 2026
Keeping payment data safe is central to everything we build. This page outlines the technical and organisational measures NerrowPay uses to protect merchants and their customers.
1. Overview
NerrowPay's infrastructure is designed around defence-in-depth: multiple independent layers of protection so that no single control failure exposes sensitive data.
2. Security Pillars
🔒 Encryption Everywhere
256-bit TLS in transit and encrypted storage at rest for sensitive data.
🛡️ PCI DSS Ready
Card data is tokenised; raw card numbers are never stored on merchant servers.
🧠 AI Fraud Detection
Real-time risk scoring flags suspicious transaction patterns before they settle.
🔑 Access Controls
Role-based dashboard permissions and audit logs for every account action.
3. Infrastructure & Encryption
All traffic between your browser, the NerrowPay dashboard, and our API is encrypted using TLS. Sensitive fields, including card and bank details, are tokenised at the point of entry so that raw values never touch merchant infrastructure. Our systems are hosted on infrastructure with redundant, monitored data centres.
4. Compliance
Our platform is built toward PCI DSS Level 1 standards for handling cardholder data, and we align our practices with applicable data protection and financial regulations, including RBI guidelines for payment aggregators in India.
5. Fraud & Risk Monitoring
Every transaction is scored in real time using a combination of rules-based checks and machine learning models trained to detect anomalous behaviour, such as unusual transaction velocity, mismatched geolocation, or known fraud patterns.
6. Account Security Best Practices
We encourage merchants to help keep their own accounts secure by:
- Using a strong, unique password for the NerrowPay dashboard
- Enabling two-factor authentication where available
- Never sharing API secret keys in client-side code, public repositories, or support tickets
- Rotating API keys periodically and immediately after any suspected exposure
- Restricting dashboard user roles to only what each team member needs
7. Responsible Disclosure
If you're a security researcher and believe you've found a vulnerability in NerrowPay's systems, we welcome a responsible disclosure report. Please avoid accessing or modifying data that isn't yours, and give us a reasonable window to investigate and remediate before public disclosure.
8. Contact Our Security Team
To report a security concern or ask about our practices, reach out to:
- Email: contact@nerrowpay.com