Your reliable technology partner – today and tomorrow

Since epay as a BaFin licensed payment institution is subject to the KRITIS (Critical Infrastructure) regulation, we have already proven regarding with the ISO27001 certification and testing the secure continuation of all solutions, processing and services and have demonstrated that we are able to permanently and smoothly adapt the entire business operation to new requirements.

VISA-PIN Security Audit

Increase PIN security requirements through the Payment Card Industry Security Standards Council and visa review of new standards for PIN security of its members. epay provides this proof every two years.


Certification of the Federal Office of Information Technology (BSI) for “Operators of Critical Infrastructures” (KRITIS) in accordance with the requirements of the IT Security Act (IT-Sig).

ISO/IEC 27001

IT risks are specifically identified, evaluated and actively controlled. Key audit points are: Systematically increasing the level of IT security, preparing for defense against cyber attacks and other IT emergencies, and secure operation of epay’s core business.


Annual certification according to PCI-DSS. The Payment Card Industry Data Security Standard is a set of rules for payment transactions that refers to the processing of credit card transactions and is supported by all major credit card organizations.

SOX Compliance

The Act applies to all companies whose shares are traded or offered on U.S. exchanges and which are subject to the supervision of the Securities and Exchange Commission (SEC). The law calls for significantly increased compliance in financial matters. It places significantly increased requirements for accounting and accounting. The review shall be carried out annually.

Memberships and awards

we drive the payment journey of the future