Regulatory Information

Who is regulated, by whom, where the licence sits, who issues the cards, and which networks and PCI scope apply.

Last Updated: 2026-05-07  |  Version: 1.0 (draft — pending counsel and BIN-sponsor sign-off)

Draft: the named regulator, licence reference (e.g., FCA FRN), BIN sponsor, issuer of record, payment-network scope, and PCI DSS attestation status below must be confirmed in writing by your sponsor bank, your acquiring partner, and your QSA before this page is treated as a definitive disclosure to users, partners, or merchants.

1. Operating entity

The platform “CardsFlow” is operated by {{ TODO: registered legal entity }} (see Imprint).

2. Regulator and licence

  • Primary regulator: {{ TODO: e.g., Financial Conduct Authority (FCA, United Kingdom) }}
  • Licence / authorisation type: {{ TODO: e.g., EMI / API / agent / unregulated technology provider }}
  • Reference number: {{ TODO: FRN / register entry }}
  • Public register: {{ TODO: link to public regulator register entry }}
  • Permitted activities: {{ TODO: list of permissions }}
  • Permitted regions: {{ TODO: list of countries / regions }}

If CardsFlow itself is not the licensed entity, the card-issuance and money-movement activities described on this site are carried out under the authorisation of the issuer / programme manager named below. CardsFlow then acts as a {{ TODO: technology provider / programme distributor / introducer }}.

3. Card issuer and programme structure

  • Card network(s): Visa{{ TODO: confirm — Visa only, or Visa + Mastercard }}
  • Issuer of record: {{ TODO: legal name and jurisdiction of the issuing bank }}
  • BIN sponsor / sponsor bank: {{ TODO: legal name }}
  • Programme manager: {{ TODO: e.g., PAY2HOUSE / other }}
  • Issuing region(s): {{ TODO: e.g., US BIN 4096xx, EU BIN 5234xx }}
  • Card forms supported: Virtual; Physical {{ TODO: confirm physical issuance is in scope }}

4. Payment-card industry (PCI) scope

CardsFlow uses tokenised card data and does not store, process, or transmit full primary account numbers (PANs) on its own infrastructure. On that basis the CardsFlow front-end is in scope for {{ TODO: PCI DSS SAQ-A / SAQ-A-EP }} and the issuer / programme manager retains the {{ TODO: SAQ-D / RoC }} attestation.

  • CardsFlow attestation type: {{ TODO: SAQ-A / SAQ-A-EP }}
  • Last attestation date: {{ TODO: YYYY-MM-DD }}
  • Issuer / programme manager attestation: available on request to qualifying counterparties under NDA.

5. Funding methods

CardsFlow currently accepts only USDT over the TRC20 network for account funding. Fiat on/off-ramp, sanctions screening, and Travel-Rule compliance for inbound USDT deposits are described on the AML & Travel Rule page.

6. Consumer protection and dispute escalation

  • First-line support: support@cardsflow.net
  • Compliance escalation: compliance@cardsflow.net
  • Regulator complaint route: {{ TODO: e.g., Financial Ombudsman Service (UK) / national equivalent }}
  • Card-network dispute (chargeback): raised through the issuer of record under Visa/Mastercard rules.

7. Changes to this disclosure

Material changes to the regulator, licence reference, BIN sponsor, issuer of record, or PCI scope will be reflected here within 10 business days of the change taking effect. The Last Updated date above tracks revisions to this page.

Related Resources

ImprintAML & Travel RuleAML & Compliance PolicyFees & DisclosuresTrust CenterSecurity & Data Handling