Top Level Security
Safety is a continuous work. You can rest assured that security and compliance is core to everything we do at Smart Refill. We work according to industry best practices and our staff go through regular security training. Our environment is continually tested and audited.
Our safety work include holding licences, following standards and working with security partners as further described below. This way, we ensure Top Level Security for our engaging apps and platform services.
Licenced and Supervised by FI
Smart Refill is a licensed E-money Institution authorised and supervised by the Swedish Financial Supervisory Authority (Finansinspektionen). As an EMI, we can issue E-money and take your payment solutions to the next level. Prepaid cards, e-wallets… Smart Refill is your partner for new, innovative and secure E-money services.
Through our EMI licence, we can act as a Payment Institution, providing account information services (AIS) and payment initiation services (PIS) in accordance with the second European Payment Services Directive (PSD2). In short, it means we can offer secure payment solutions throughout the European market.
Highest security standards
PCI-DSS Level 1
Our environment complies with the highest level of the global Payment Card Industry Data Security Standard developed by the major card brands and go through an annual compliance assessment. PCI DSS Level 1 means top level security in the way we handle cardholder’s data.
Internal Audits and CIS Top 20
Our systems go through an annual internal audit performed by an external partner, providing an extra layer of security. And through the CIS Top 20 self assessment, we make sure we always follow best practices for cyber security.
Reliable services, every day
Integrations with established partners
To provide the best user experience in our apps, we offer integrations with established partners with high security level. For example Bank-ID, Nets, Evry, CGI, Swish, ISEC and Crosskey.
Monitoring and Risk Control
We never let our guard down. Healthy operation of your services is ensured on a day to day basis through regular log monitoring, vulnerability scans and risk controls.