Sandbox / Demo environment — for demonstration only. All data is simulated and no real money is moved.
Security & Compliance

Trust Built on Security

Enterprise-grade security, regulatory compliance, and data protection. Your customers' trust is our highest priority.

These are frameworks Amnen Pay is designing toward as part of its roadmap. They are target standards, not certifications currently held. Amnen Pay is a sandbox demonstration and is not yet a licensed, regulated, or certified payment institution.

NBE Licensing
Payment System Operator (target)
ISO 27001
Information Security (target)
PCI DSS
Card Security via tokenized providers (target)
SOC 2 Type II
Service Organization (target)

Enterprise-Grade Security

Multiple layers of security protect every transaction and data point in our system

End-to-End Encryption

Designed to encrypt data with AES-256 at rest and TLS 1.3 in transit, following bank-grade security principles.

AES-256 encryptionTLS 1.3 protocolKey rotationHSM integration

Multi-Factor Authentication

Secure access with MFA, biometric verification, and hardware security keys.

SMS/Email OTPAuthenticator appsBiometric supportHardware keys

Real-Time Monitoring

24/7 security monitoring with AI-powered threat detection and instant alerts.

24/7 SOCAI threat detectionAnomaly detectionInstant alerts

API Security

Secure API access with hashed keys, IP whitelisting, and granular permissions.

Hashed API keysIP whitelistingRate limitingAudit trails

Regulatory Compliance

Full compliance with NBE regulations, international standards, and industry best practices

Regulatory Alignment

Planned

Architected to align with payment-system-operator regulatory frameworks (such as the National Bank of Ethiopia). Amnen Pay is not yet a licensed or regulated payment institution.

Payment System Operator licensing (planned)
Regulatory reporting design
Capital adequacy framework
Operational risk management

KYC/AML

Implemented

Comprehensive Know Your Customer and Anti-Money Laundering procedures to prevent financial crime.

Customer identification
Document verification
Sanctions screening
Transaction monitoring

Data Protection

Designed

Data protection policies designed to align with international standards and local regulations.

Data minimization
Consent management
Right to erasure
Data portability

Audit & Reporting

Automated

Complete audit trails and regulatory reporting for full transparency and accountability.

Immutable audit logs
Regulatory reports
Compliance dashboards
External audits

Continuous Security

Security is not a one-time effort. We continuously monitor, test, and improve our security posture.

Periodic penetration testing (planned)
Vulnerability assessments (planned)
Security awareness training
Incident response procedures
Business continuity planning
Disaster recovery testing
Third-party security reviews (planned)
Responsible disclosure process

Report a Vulnerability

Help us keep the platform secure

If you discover a security vulnerability, please report it responsibly. We operate a responsible disclosure process and review every qualifying report.

Your Security is Our Priority

Have questions about our security practices or compliance? Our security team is ready to help.