Security standards

To protect your transactions from unauthorised access by third parties, SumUp operates in accordance with the highest card payment industry security standards:

  • The PCI DSS (Payment Card Industry Data Security Standard) is the highest data security standard used in the credit card industry concerning data transfer and data storage.

  • SSL (Secure Socket Layer) and TLS (Transport Layer Security) are ‘encryption protocols’ that protect data that's transmitted over the internet. We are using 256-bit encryption, the highest possible level at present.

  • PGP (Pretty Good Privacy) is an international standard for secure personal data storage.

Collected information

When creating a SumUp profile we will require the following information:

  • First and last name

  • Address/location

  • Phone number

  • Email address

  • Company details

  • Bank account details

  • Other related information depending on business type

To perform the necessary verification processes, at a later stage we may request additional personal information from you or from third-party verification services we have contractual relations with.

Never share passwords

While we may, if necessary, ask for your email address to identify your profile, SumUp will never ask you for your password. Never, under any circumstance, provide your password over the phone or by email.

When you use SumUp to accept card payments, we collect information on the transaction and its location. We may also collect information related to your communications with our customer service. However, SumUp never distributes this information to third parties, except where it's necessary to process transactions.

SumUp will not sell or rent your personal information to any third party. In order to process payments securely (e.g. fraud prevention) and to provide our service, we need to share some of the payment information with partner companies.

Additional information

Your financial security and that of your customers are always our top priority. Therefore, we may occasionally ask you to provide further information regarding specific card payments you process using SumUp services. These requests are very infrequent, and are performed to protect your profile and the cardholders you do business with. In these cases, SumUp may request additional information regarding the goods and/or services you provide, invoices for specific transactions, and your customers' contact details (if available) to allow us to verify the payment.

Network security and technology

As the SumUp device encrypts all the information as it reads the card, no unencrypted data is ever stored on either the card reader or your smartphone/tablet during the transaction process. Our team works hard for your security, and as such we continually update all systems to ensure we provide the appropriate levels of protection. Furthermore, we take the necessary preventative measures to keep our system secure and our clients' data safe. As such, we have qualified internal and external teams to test our security systems on a regular basis, and sensitive data is strictly controlled at all times.

Mobile devices and secure payments

SumUp payments are processed in accordance with the highest industry security standards. SumUp’s transaction process ensures that all data is encrypted and transferred to our secure payment server.

In addition, SumUp never stores any sensitive data on mobile devices such as your smartphone, tablet, or card reader.