Security & Compliance
Overview
The Access Bank Wallet-as-a-Service (WaaS) platform is built with enterprise-grade security and adheres to global financial industry standards.
This page outlines the security controls, compliance frameworks, and best practices that both Access Bank and integrating clients must follow.
Data Privacy & Protection
Personally Identifiable Information (PII)
The WaaS API handles sensitive customer data:
- Bank Verification Numbers (BVN)
- National Identification Numbers (NIN)
- Phone numbers and email addresses
- Biometric data (face verification)
- Financial transaction data
Data Handling Requirements
- Minimize Data Collection - Only request data you need
- Encrypt in Transit - Always use HTTPS/TLS
- Secure Storage - Encrypt PII at rest
- Access Controls - Limit who can view sensitive data
Customer Consent
Before collecting or processing customer data:
- ✅ Obtain explicit consent
- ✅ Explain data usage clearly
- ✅ Provide privacy policy
- ✅ Set
dataConsent: truein validation requests
KYC & AML Compliance
Sanctions Screening
All customers are automatically screened against:
- Global sanctions lists
- Politically Exposed Persons (PEP) databases
Customer Due Diligence
You must collect and verify:
| Tier | Requirements |
|---|---|
| Tier 1 | BVN, PEP Status |
| Tier 3 | BVN, NIN, Valid ID Document, Proof of Address |
API Security Best Practices
Request Validation
Always validate:
- ✅ Input data format and type
- ✅ Required fields presence
- ✅ Data length constraints
- ✅ Allowed value ranges
Security Questions?
For security-related questions or to report vulnerabilities, contact the team at AFF@ACCESSBANKPLC.com
