📄 Anti-Money Laundering (AML) & Anti-Fraud Policy

1. Policy Purpose

This document demonstrates our commitment to prevent money laundering, terrorist financing, card fraud, and telecom fraud. We follow AML/CFT laws, FATF recommendations, and our payment partner's requirements (Stripe, PayPal, Adyen, or any acquiring bank). This policy is made to pass payment provider compliance checks.

2. Company & Business Compliance

Legal entity: Our company is a legally registered business (Ltd/LLC) with valid incorporation documents. All settlements go to a business bank account – never a personal account.

Legitimate H5 product: We sell legal digital goods / services (SaaS, e-commerce, content, etc.). We do NOT engage in: crypto exchanges, gambling, binary options, adult content, MLM/pyramid schemes, or any illegal activity.

Transaction authenticity: Every payment corresponds to a real order and delivery proof. We maintain “order = payment = service” consistency.

3. Customer Due Diligence (CDD) – Simple & Effective

Low risk (normal users): Basic identity via email + device fingerprinting.

Medium risk (suspicious behavior): SMS verification + address verification.

High risk (large amounts >$1,000 or disputes): Full KYC – government ID + selfie verification.

We screen all users against global sanctions lists (OFAC, EU, UN).

4. Real-Time Transaction Monitoring & Fraud Prevention

Our H5 product automatically checks for red flags and blocks or holds suspicious payments:

• Velocity limits: Max 10 transactions per hour per user. Daily limit $500 triggers 3D Secure.
• Refund rate alerts: If refund rate exceeds 10% within 1 hour → suspend payment method & investigate.
• Device fingerprinting: Blocks VPN, proxy, emulator, or mismatched geolocation.
• Unusual patterns: Fast-in-fast-out, multiple cards to same user, or high-risk IP addresses → manual review within 24h.

Any confirmed suspicious activity related to money laundering or fraud will be reported to the local Financial Intelligence Unit (SAR/STR filing).

5. Technical Security (H5 Payment Safety)

• Encryption: Full HTTPS (TLS 1.3), HSTS enabled. No storage of CVV or raw card data.
• Tokenization: All card data is tokenized by our PCI-DSS certified payment gateway.
• 3D Secure 2: Required for high-risk and first-time transactions.
• Domain whitelist: Only our registered HTTPS domain can initiate payment calls.

6. Cooperation with Payment Partners & Law Enforcement

We respond to all compliance requests from our payment partner within 48 hours (transaction logs, user details, delivery proof). If we receive a valid court order or emergency fraud notice, we will freeze the relevant funds/account within 2 hours and fully cooperate.

7. Record Keeping (Data Retention)

We keep customer identification records and transaction logs (IP, device, amount, timestamp) for at least 5 years after the transaction or account closure, as required by law.

8. Employee Training & Internal Accountability

All finance, support, and compliance staff receive annual AML/fraud training. An external audit is performed every 24 months. The company director signs an annual compliance certification.

9. Breach Response

• Payment partner warning: Suspend transactions & investigate within 24h.
• Confirmed AML violation: Block user, file SAR, preserve funds (within 48h).
• Data breach: Notify partner, users, and authority within 72h.