Security standards

To protect your transactions from unauthorised access by third parties, SumUp operates in accordance with the highest card payment industry security standards:

  • PCI-DSS (Payment Card Industry Data Security Standard) is the highest data security standard used in the credit card industry concerning data transfer and data storage.

  • SSL (Secure Socket Layer) and TLS (Transport Layer Security) are ‘encryption protocols’ that protect data that is transmitted over the internet. We are using 256-bit encryption, the highest possible level at present.

  • PGP (Pretty Good Privacy) is an international standard for secure personal data storage.

Collected information

When creating a SumUp profile we will require the following information:

  • First and last name

  • Address/location

  • Phone number

  • Email address

  • Company’s details

  • Bank account details

  • Other related information depending on business type

To perform the necessary verification processes at a later stage we may request additional personal information from you or from third-party verification services we have contractual relations with.

Never share passwords

Important:

While we may, if necessary, ask for your email address to identify your profile, SumUp will never ask you for your password. Never, under any circumstance, provide your password over the phone or by email.

When you use SumUp to accept card payments we collect information on the transaction and its location. We may also collect information related to your communications with our customer service. However, SumUp never distributes this information to third parties, except where it is necessary to process transactions.

SumUp will not sell or rent your personal information to any third party. In order to process payments securely (e.g. prevention of fraud) and to provide our service, it is necessary that we share some of the payment information with partner companies.

Additional information

Your financial security and that of your customers are always our top priority. Therefore, we may occasionally ask you to provide some further information regarding specific card payments you process using the SumUp services. These requests are very infrequent and are performed to protect your profile and the cardholders you do business with. In these cases, SumUp may request some additional information regarding the goods and/or services you provide, invoices for specific transactions, and the contact details (if available) for your customer to allow us to verify the payment.

Network security and technology

Due to the fact that the SumUp device encrypts all the information as it reads the card, no unencrypted data is ever stored on both the card reader and your smartphone/tablet during the transaction process. Our team works hard for your security and as such we constantly update all systems to ensure we provide the appropriate levels of protection. Furthermore, we take preventive measures necessary to keep our system secure and our clients' data safe. A such, we have qualified internal and external teams to test our security systems on a regular basis, and sensitive data is strictly controlled at all times.

Mobile devices and secure payments

SumUp payments are processed in accordance with the highest industry security standards. SumUp’s transaction process ensures that all data is encrypted and transferred to our secure payment server.

In addition, SumUp never stores any sensitive data on mobile devices such as your smartphone, tablet, or card reader.