Skip to Content
Security and ComplianceCompliance

PCI DSS Compliance

Ethiopian Regulations

KisPay complies with Ethiopian financial regulations and data protection laws.

Requirements for Merchants:

  • Valid business registration in Ethiopia
  • National Bank of Ethiopia (NBE) compliance
  • Tax Identification Number (TIN)
  • Proper business licenses and permits
  • Adherence to Ethiopian data protection guidelines

Data Privacy

  • Obtain explicit consent before collecting customer data
  • Clearly communicate how data will be used
  • Provide privacy policy on your website
  • Allow customers to access their data

Privacy Policy Requirements

Your privacy policy should include:

  • What data you collect
  • How data is used and stored
  • Third-party services used (including KisPay)
  • Customer rights regarding their data
  • Contact information for privacy concerns

Security Checklist

Before going live, ensure you’ve completed these security measures:

API Security

  • API keys stored in environment variables
  • API keys not committed to version control
  • Separate keys for test and production
  • Server-side API calls only (no client-side exposure)

Network Security

  • HTTPS enabled on all production URLs
  • Valid SSL certificate installed
  • Security headers implemented

Data Protection

  • No sensitive payment data stored
  • Customer data encrypted at rest
  • Data retention policies implemented
  • Secure backup procedures in place
  • Access controls and audit logs enabled

Application Security

  • Input validation on all user inputs
  • SQL injection prevention implemented
  • XSS protection enabled
  • CSRF protection enabled
  • Rate limiting implemented
  • Error messages don’t expose sensitive info
  • Security patches and updates applied

Compliance

  • Privacy policy published
  • Terms of service available
  • Customer consent mechanisms in place
  • Ethiopian business registration valid
  • TIN registered and verified
  • NBE compliance requirements met

Security Best Practices Summary

Top 10 Security Tips

  1. Secure API Keys - Store in environment variables, never in code
  2. Use HTTPS - All production URLs must use HTTPS
  3. Validate Input - Sanitize all user inputs before processing
  4. Don’t Store Credentials - Never store payment passwords or PINs
  5. Update Regularly - Keep dependencies and libraries up to date
  6. Monitor Logs - Review logs regularly for suspicious activity
  7. Implement Rate Limiting - Prevent abuse and brute force attacks
  8. Use Strong Passwords - For merchant dashboard and systems access
  9. Enable 2FA - Use two-factor authentication where available
  10. Regular Backups - Maintain secure, encrypted backups

Need Help? KisPay’s security team is available to assist with security questions and compliance guidance. Contact us at developer@kispay.et

Last updated on
Security Guide