Payment Methods
Secure payment processing with Trilo and Stripe through regulated payment providers
Muliple Payment Provider Integrations
Proofenance uses Trilo and Stripe for payment processing. Both are regulated payment providers.
Payment data is encrypted in transit and at rest. We do not store card numbers or other primary account credentials on our servers.
All payments are processed through PCI DSS compliant systems with end-to-end encryption.
Our payment partners are regulated by the Financial Conduct Authority (FCA). Card payments run through PCI DSS compliant systems with end-to-end encryption.
You don't have to use our Managed Payment service. You can also integrate with an external payment provider of your choice. The sale payment can be recorded with either a secured webhook or simply a button within the sale flow.
Payment Security Features
Our payment processing includes multiple layers of security to protect your financial information
PCI DSS Compliance
Card payments processed through PCI DSS compliant systems
End-to-End Encryption
All payment data encrypted in transit and at rest
Regulated Providers
FCA regulated payment processing partners
Open Banking Payments
Open Banking encompasses both Payments, and Account Information which are authorised in the same manner.
Why is this happening?
The merchant tells Proofenance the amount to charge, and Proofenance asks your bank via our TPP Trilo to prepare a Faster Payment with Proofenance as the recipient. The bank replies with a magic web link which takes a user to this payment. No bank details ever need to be communicated.
Your phone is the only place where this link is shown. When the link is opened, your phone will automatically open your bank app and let you view, and authorise, the payment.
At no point during payment can the merchant, Proofenance, or Trilo, see your account details or access any part of your online banking.
What happens next?
When you authenticate with MFA (face or fingerprint) and your bank app opens, you will be shown the prepared payment with recipient account details, the same as making a normal Faster Payment but without needing to enter any details.
Simply select which account you would like to make the payment from, and authorise as you would normally. Once the Faster Payment has sent, your bank app will exit and your accounts will be secure.
Do I have to use Trilo?
Trilo is part of the Open Banking ecosystem, and is a regulated Third Party Provider (TPP) under the Open Banking scheme. Furthermore, Trilo was built by the same people as Proofenance!
If you would prefer to use another payment method, Proofenance also supports most major payment methods globally via Stripe.
Open Banking Safety
Proofenance understands that the idea of allowing access to personal bank accounts can be scary, especially in the modern age of identity fraud. Rest assured, Proofenance cannot access your bank accounts, and nor can the merchant. Furthermore, nothing about your payment bank account is shared with Proofenance or the merchant.
Secure by design
Every layer is there to keep identity and payment data where it belongs.
Encryption & access controls
Encryption and access controls aligned to financial services expectations, with design reviews as the product evolves.
Data protection by design
We treat ID and source-of-funds material as highly sensitive, with minimisation and clear roles for who can see what, when.
Secure infrastructure
Multi-vendor hosting spreads risk across providers so we are not dependent on a single cloud, with logging and operational hardening for regulated workloads.
Dedicated hardware
Sensitive processing runs on dedicated compute, giving us full control over our environment where identity data is handled.
Strong resilience
Redundancy, failover, and recovery are built in so a single failure does not take compliance workflows offline when a sale is in progress.
Audit trail
Key compliance actions and evidence are tied to the purchase so you can show what happened in a real sale.
Ongoing security work
We monitor, review, and improve controls over time, with materials you can share with your board or bank.
UK & EU data choices
Hosting and retention choices that match your risk profile across the jurisdictions you sell in.
GDPR by design
Privacy principles are built into how we collect, store, and retain identity and payment data.
ISO 27001 aligned
Security management practices aligned to ISO 27001, with controls you can discuss with your MLRO or bank.
24/7 security operations
Monitoring and incident response run around the clock so issues are caught and handled without waiting for office hours.
Security you can read and share
If your MLRO, bank, or client asks how data is held, we want you to have a clear place to point.
Contact us