Compliance Center

At QRails we take the security, privacy and welfare of your data incredibly seriously. Our Compliance Center is designed to give you an overview of the controls and measures we have in place to safeguard your data.


PCDI DSS Compliant

PCI compliant means that QRails accepts, transmits, or stores the private data of cardholders is compliant with the various security measures outlined by the PCI Security Standard Council to ensure that the data is kept safe and private. QRails holds a level 1 PCI DSS certification.

SOC 1 Type II Attestation

SOC 1 compliance secures that QRails interaction, transmission, or storage of users' financial statements. A SOC 1 report helps management, investors, auditors, and customers evaluate internal controls over financial reporting within guidelines laid out by the AICPA.

SOC 2 Tyle II Attestation

Our SOC 2 Type II report provides clients, customers, and consumers reasonable assurance that the internal controls maintaining the confidentiality, integrity, and availability of data are designed for purpose and are operating effectively.


Risk Management

Boasting a mature risk management function headed by a cross-departmental Risk Council, QRails completes an annual enterprise risk assessment, maintains departmental risk registers, and regularly communicates to senior management.

Consumer Protections

Complying with Regulation E, QRails compliance department tracks and reviews all customer complaints on a monthly basis. Identified complaint patterns are forwarded to the product team to rectify. QRails injects the principles of the Unfair, Deceptive, and Abuse Acts and Practices (UDAAP) law into product design, service delivery, and marketing activities to ensure that our products benefit our consumers.

Anti-money Laundering & Sanctions

Led by a Certified Anti Money Laundering Specialist (CAMS), QRails’ AML & Sanctions bureau utilizes a purpose-built transaction monitoring system to detect, interdict, and report unusual activity to partnered financial institutions. We scan all customer names against multiple sanctions lists on a periodic basis. 

Internal Audit

Responsible for the technical and security audits, QRails’ internal auditor coordinates auditors and sets the audit schedule. Our internal audit function is led by a Certified Internal Auditor (CIA) and Certified Information Systems Auditor (CISA).

Active Fraud Monitoring

Dispute Management

The QRails Fraud team handles cardholder dispute resolution claims to mediate payment conflicts between cardholders and merchants. QRails will work on the cardholders’ behalf to review, investigate, and validate their dispute claims. All reasonable and valid claims will be submitted through the dispute process to help the cardholder resolve their conflict with the merchant.

Fraud will always be present with card transactions. QRails continuously monitors card activity using dynamic rules-based systems to catch and mitigate fraud. Cardholders are alerted as soon as suspicious transactions are flagged. 

Chargeback Support

A chargeback is initiated when a cardholder escalates a dispute for a transaction error or a fraudulent charge to the QRails Fraud team. Each claim is thoroughly investigated and documented. QRails then promptly communicates with the cardholder throughout the chargeback process. 

REDi Verify

Robust transaction fraud monitoring and alert system that can provide real-time risk scoring and predictive analytics, geolocation services, adaptive and tailored rules creation, compromised card management system, and 2-way transaction verification across multiple communication channels.  

Decline Resolution

Our decline resolution process provides the cardholder information such as billing address disparity, blocked merchant, or incorrect data (i.e. Invalid PIN or CVV). QRails will investigate all cardholder escalations of declined card transactions, and then resolve the issue, so the cardholder can continue to use their card with confidence.