Legal · PCI compliance

Card payments, handled to standard.

AloraPay is built to PCI DSS Level 1 — the highest level of payment-card security. Here's what that means for your venue and your guests, without the acronym soup.

PCI DSS Level 1Last updated June 4, 2026
What it means for you

Card data is tokenized

Numbers are replaced with secure tokens — they never sit on your devices or ours.

Level 1 — the top tier

The same standard required of the world's largest payment processors.

Less burden on you

Because we carry the heavy compliance load, your scope shrinks dramatically.

01

What PCI DSS is

The Payment Card Industry Data Security Standard (PCI DSS) is a set of security rules created by the major card networks — Visa, Mastercard, and others — that every business handling card payments must follow. It covers how card data is stored, processed, and transmitted.

In short: it's the industry rulebook that keeps card numbers safe. AloraPay handles the hard parts so you don't have to become a security expert.

02

Our compliance level

PCI DSS has four levels, set by transaction volume. Level 1 is the most rigorous — reserved for the highest-volume processors and validated by an independent assessor every year.

AloraPay & PowerTranz
Operate at PCI DSS Level 1, the highest tier.
Validation
Assessed annually by a Qualified Security Assessor (QSA).
Scope
Covers the full payment path — capture, tokenization, and settlement.
03

How we protect cards

Card data is protected end to end. Here's the chain in practice:

  • Tokenization — card numbers are instantly swapped for secure tokens that are useless if intercepted.
  • Encryption in transit — all payment data travels over TLS, encrypted from the guest's phone onward.
  • No card storage — neither your devices nor ours ever hold a full card number.
  • Processed by PowerTranz — a PCI Level 1 gateway purpose-built for Caribbean acquiring.
04

What this means for you

Because guests pay on their own phones and card data is tokenized before it reaches your devices, your venue's PCI scope is dramatically reduced. You don't store card data, so the bulk of compliance obligations sit with us and PowerTranz — not your floor.

No card machines to secure, no card numbers on receipts or back-office systems — a smaller attack surface and a simpler audit for you.

05

Shared responsibility

Compliance is a partnership. We carry the platform-level obligations; a few basics stay with your team.

AloraPay handles

  • Secure payment capture, tokenization, encryption, and settlement.
  • Annual Level 1 validation and infrastructure security.

Your team handles

  • Keeping account passwords secure and access limited to trusted staff.
  • Using up-to-date devices to access the dashboard.
06

Request documentation

Need our Attestation of Compliance (AOC) or have a question from your acquirer? Our team can provide the paperwork.

AloraPay Compliance Team

Email: compliance@alorapay.com

Port of Spain, Trinidad & Tobago