payments platform icon
Payments Platform

Certifications & Licensing

Ensuring the availability, integrity and confidentiality of our infrastructure is one of our top priorities.

Payments Platform hero medium
Payments Platform next icon Certification Licensing

Preventing Security Incidents, Reducing the Potential Impact

Providing an online infrastructure for payments comes with great responsibility. Processing data is an important aspect for this infrastructure. Therefore, ensuring the availability, integrity and confidentiality of our infrastructure is one of our top priorities.


IT Security

Our goal is to be as flexible and fast as possible in terms of delivering services to our -customers, while maintaining the highest standards in security and compliance (Jan Saan, CTO)

The goal of's Information Security is to protect your informational assets against all internal, external, deliberate or accidental threats. We aim to preserve confidentiality, integrity and availability of your data. This means that your data only should be accessed by those with the rights to view it, the data can be relied upon to be accurate and processed correctly and finally, that data can be accessed when needed.

In Order to Ensure Security, Takes Several Measures

In Control has support personnel on-site 24/7. Our analysts are continuously monitoring security, performance and connections to suppliers and customers from our Network Operations Centre (NOC).

Active, Not Reactive actively follows relevant changes in legal and compliance requirements, with extensive focus on, for instance, GDPR regulations. More about this can be read below.

Team Effort

IT security is a high priority within Clear security guidelines are available and all employees are briefed on their responsibilities to continuously contribute to this.

Validate and Improve validates the results of monitoring the data to improve our infrastructure, coding practices, overall security & compliance and the effectivity of our monitoring processes.

General Data Protection Regulation

On May 25th 2018, the General Data Protection Regulation (GDPR) will come into effect, replacing current privacy regulations. By then, all companies handling personal data will need to adhere to the regulation and be able to demonstrate their compliance to the GDPR.

As a responsible processor and a responsible controller, has embraced the principles that lie at the base of the GDPR. Moreover, we regularly revisit them to assure our compliance. We have all necessary tools in place to conform to the principle of accountability. Some examples are: a data controller register, data processor registers, and our specific Data Privacy Impact Assessment (DPIA). We follow data privacy principles in the development of all our services.

In addition, we have set up a GDPR compliance roadmap and took corrective actions where necessary. We updated our terms and conditions in April 2018 to comply with the upcoming GDPR and the processing of personal information by In updating our terms and conditions, ensures that we provide you with a service that is compliant, and takes into account the latest regulations,techniques and functionalities in payments.

Online Payment Processing System

Your customers’ transactions are safe with CM Payments. We, as collecting payment service provider based in the Netherlands, comply with all safety rules and technologies for a secure online payment system. These rules were established by European financial institutions and De Nederlandsche Bank.

Acceptant Payment Service Provider

An APSP (Certified Merchant Payment Service Provider) is an intermediary who mediates between merchants and acquirers with processing debit card payments. Merchants are businessmen and organisations who accept debit card payments (receive). Acquirers are parties that approve and process debit card transactions, such as some banks and transaction processors. is a Certified Merchant Payment Service Provider (APSP) and has full authorisation to process debit and credit card payments.

Collecting Payment Service Provider

CPSP stands for Collecting Payment Service Provider. The certification means that the Payment Service Provider was approved by the Betaalvereniging (Dutch Payments Association) and also has an agreement with the Acquiring Bank for accepting iDEAL which is licensed by the Betaalvereniging (Dutch Payments Association).

payment provider certifications

We Are in Possession of Following Licenses:

• VBIN - Verenigde Betaalinstellingen Nederland (United Payment Institutions of the Netherlands)

• Visa Europe

• Mastercard

• Betaalvereniging Nederland (Dutch Payment Association)

• Thuiswinkel Waarborg (Dutch home shopping guarantee organisation)

• Payment Service Directive (PSD)

• PCI DSS Compliancy (Payment Card Industry Standard)

About CM Payments

More Than a Payment Service Provider

Payments, Identification & Communication

As part of, CM Payments combines the latest in payments solutions with the technical expertise of the CM Platform.

Active in the European Market

CM Payments is an internationally operating provider of payment services, with customers such as Albert Heijn, the Dutch government and ParkMobile.

24/7/365 Monitoring and Support

In order to receive payments, it is important that the system is online and functional. That's why we offer 24/7 monitoring and support from our Network Operations Center.

Is this region a better fit for you?
close icon