Compliance is the foundation, not an add-on
PointsStation is engineered for licensed, compliant operators — with a verifiable ledger, immutable audit trail and layered access controls protecting every transaction.
Controls on every layer
From the ledger to the login, protection is built into the core of the platform.
Double-entry ledger
Every balance-changing action writes paired ledger rows inside a single database transaction, capturing previous and new balances. Funds are always reconcilable and can never silently drift.
Immutable audit logs
Loads, reversals, role changes and configuration edits are recorded to an append-only audit trail with actor, timestamp and context — a complete, tamper-evident history.
Role-based access control
Granular permissions per role — master vendor, vendor, agent, sub-agent and admin. Users only see and do what their role allows, enforced on every request.
Transaction PINs
Sensitive money movements require a per-user transaction PIN, adding a deliberate confirmation step that protects against accidental or unauthorized loads.
2FA-ready accounts
Account security is designed for two-factor authentication, so high-value vendor and admin logins can be protected with an additional verification factor.
Rate limiting
Sensitive endpoints are rate-limited and abuse-aware, defending the platform against credential stuffing, scripted abuse and runaway request loops.
KYC status tracking
Operator verification status is tracked across the network so you always know who is verified, helping you meet your obligations under applicable regulations.
Idempotent, atomic loads
Loads are processed with idempotency keys and database transactions, so a retried request can never double-charge and a failed step never leaves a partial state.
Admin review of unknowns
Ambiguous or unknown provider responses are routed to admin review rather than assumed successful — money is never moved on a guess.
Responsible gaming notice
PointsStation is a points-management and vendor-operations platform for licensed, compliant businesses. Operators are responsible for promoting responsible play, honoring self-exclusion and player-protection requirements, and complying with all applicable laws, provider terms and local regulations. The platform provides tooling — limits, audit logs and KYC-status tracking — to support those obligations, but it does not replace your own legal and regulatory duties.
Operate with confidence
Bring your operation onto a platform where every cent is ledgered, every action is logged and every login is protected.