STOREHUB Pay
Pricing For F&B For Retail Blog Help About
Get early access
BM

Security & Compliance

Built for the trust your business needs.

Bank-grade infrastructure. Licensed in Malaysia. Compliant with every regulation that matters.

Read our Privacy Policy Get early access

Bank-grade infrastructure

StoreHub Pay runs on Adyen — the same payment infrastructure that powers Grab, Spotify, McDonald’s, and Microsoft globally.

  • PCI-DSS Level 1 certified — the highest security standard in card payments. Audited annually by an independent QSA.
  • Card data never touches our systems — tokenized at the terminal. We never store, transmit, or process raw card numbers.
  • End-to-end encryption — from terminal to issuing bank. P2PE validated.
  • Built-in fraud protection — 3D Secure, velocity checks, behavioral analytics.

Licensed in Malaysia

  • StoreHub Pay operates as a Payment Facilitator under Adyen’s TPA (Third Party Acquirer) license for Malaysia.
  • Compliant with Bank Negara Malaysia (BNM) merchant acquiring rules.
  • Registered with Suruhanjaya Syarikat Malaysia (SSM) — entity is StoreHub Sdn Bhd (1072290-D).

PDPA 2010 (as amended 2024)

We comply with Malaysia’s Personal Data Protection Act 2010, as amended 2024.

  • Explicit consent capture before personal data collection
  • Data Protection Officer appointed
  • Data Protection Impact Assessments (DPIA) completed for all processing activities
  • Cross-border transfer assessments (TIA) completed for international vendors
  • 7-year record retention (exceeds AMLA’s 6-year minimum)
  • 72-hour breach notification commitment

For details on what data we collect, why, how long we keep it, and your rights, see our Privacy Policy.

AML/CFT — anti-money laundering

We comply with the Anti-Money Laundering, Anti-Terrorism Financing and Proceeds of Unlawful Activities Act 2001 (AMLA).

  • Know-Your-Customer (KYC) and Know-Your-Business (KYB) verification at onboarding via Entrust eKYC
  • Transaction monitoring for suspicious activity
  • Suspicious Transaction Report (STR) filing to BNM Financial Intelligence and Enforcement Department within statutory timeframes
  • 7-year record retention (exceeds AMLA’s 6-year minimum)

Card scheme compliance

We screen every merchant against:

  • Visa Merchant Screening Service (VMSS) — terminated merchant database
  • Mastercard MATCH — Member Alert to Control High-Risk Merchants
  • Dillisense — entity-level sanctions and KYB verification

No merchant is onboarded if they fail these checks. We re-screen quarterly.

Data residency

  • Card transaction data is processed by Adyen (EU/Singapore data centers, Tier-IV facilities)
  • Merchant data (your business info, KYC documents) is stored in Malaysia and Singapore (AWS) under appropriate data processing agreements
  • We do not transfer your data to jurisdictions without adequate protection

Your rights

Under PDPA 2010 (as amended 2024) you can:

  • Request access to your personal data
  • Correct inaccurate data
  • Withdraw consent (subject to ongoing regulatory obligations)
  • Lodge a complaint with the Personal Data Protection Department (PDPD)

Email: storehubpay@storehub.com (subject: “Data Subject Request”)

Reporting a security issue

If you discover a security vulnerability in StoreHub Pay, please report it responsibly:

  • Email: security@storehub.com
  • Please don’t publicly disclose the issue until we’ve had a chance to fix it
  • We commit to acknowledging reports within 72 hours

Trust matters when it’s your money.

Read our Privacy Policy