Stash Documentation
Integration GuidesAPI ReferenceWork with Us
Stash as your merchant

Compliance, Security and Risk Management

This article explains how Stash addresses compliance, security, and risk management when acting as the Merchant of Record (MoR).

What Compliance Means for a Merchant of Record

In global payments, compliance is a core responsibility of the Merchant of Record.

Because the Merchant of Record is legally responsible for the transaction, it must ensure that purchases are processed in accordance with applicable regulations, tax rules, and security standards across regions.

When Stash acts as the Merchant of Record, it assumes this responsibility on behalf of partners. This allows studios to sell globally without having to directly manage compliance obligations tied to payments, taxes, and regulatory exposure.

Regulatory Frameworks Stash Adheres To

Stash operates within established regulatory and security frameworks relevant to global digital commerce.

At a high level, this includes adherence to:

  • PCI DSS, for secure handling of payment data
  • COPPA, for child online privacy protections in the United States
  • GDPR, for data protection and privacy in the European Union
  • CCPA, for consumer privacy rights in California

Stash also relies on compliant partners and infrastructure to meet broader security and audit expectations, including SOC 2 controls via partner services.

These frameworks are referenced to establish trust and transparency, not to serve as a comprehensive compliance specification.

How Stash Reduces Partner Compliance Burden

By acting as the Merchant of Record, Stash removes the need for partners to manage many ongoing compliance and tax-related activities.

This includes:

  • Registering for taxes in multiple jurisdictions
  • Maintaining and updating tax calculations
  • Filing and remitting taxes
  • Managing tax-related audits associated with transactions

Stash assumes the operational and regulatory responsibility for these areas, reducing partner exposure to compliance risk and audit overhead.

Security and Fraud Protection

Security and fraud prevention are integral to Stash’s role as Merchant of Record.

At a high level, Stash applies standard industry practices to protect transactions and sensitive data, including:

  • Tokenization, to avoid direct handling of sensitive payment information
  • Encryption at rest and in transit, to protect data throughout the transaction lifecycle
  • Anti-fraud measures, designed to identify and mitigate fraudulent activity

While these practices are common across modern payment systems, they are intentionally highlighted to provide reassurance to partners.

Risk Management and Partner Protection

By centralizing payment, compliance, and security responsibilities, Stash helps protect partners from:

  • Regulatory and tax-related risk
  • Operational risk associated with managing disputes and chargebacks
  • Liability exposure tied to global payment processing

In addition, Stash can help guide partners on platform and policy boundaries, such as app store terms, to reduce the risk of unintentional violations.

How is this guide?

On this page

What Compliance Means for a Merchant of RecordRegulatory Frameworks Stash Adheres ToHow Stash Reduces Partner Compliance BurdenSecurity and Fraud ProtectionRisk Management and Partner Protection