Anti Fraud Policy

Anti-Fraud Policy: Booking & Payment Orchestration1. Governance & Scope2. Shared Responsibility Model3. Prevention & Control Framework4. Fraud Risk Mitigation5. Incident Response & Evidence6. Data & Compliance

Anti-Fraud Policy: Booking & Payment Orchestration

1. Governance & Scope

This policy governs the KuulSeats booking platform. Our role is a technical orchestration layer; we facilitate bookings and transmit payment instructions to PCI-compliant Payment Service Providers (PSPs). We do not collect, settle, or hold funds.

2. Shared Responsibility Model

  • PSP Responsibility: Handling cardholder data (PCI DSS), financial clearing, and banking-level fraud (e.g., stolen cards).
  • Platform Responsibility: Mitigating behavioural fraud, booking abuse, and ensuring the "intent to dine" is verified before a payment instruction is sent.

3. Prevention & Control Framework

To protect payment integrity, we employ:

  • Technical Hand-off: All payment data is handled via secure tokens; no raw card data (PAN/CVV) touches our servers.
  • Authentication: Enforcement of 3D Secure (3DS) and AVS/CVC checks via the PSP to reduce "Unauthorised Transaction" disputes.

4. Fraud Risk Mitigation

We actively monitor for and reserve the right to block:

  • Inventory Sabotage: Multiple bookings by a single actor intended to block restaurant availability.
  • Friendly Fraud: Misuse of the platform to circumvent restaurant cancellation and no-show policies.
  • Account Takeover: Unauthorised access to restaurant admin panels for the purpose of issuing fraudulent refunds.

5. Incident Response & Evidence

In the event of a payment dispute (chargeback):

  • Evidence Provision: We provide Restaurants with technical "Proof of Intent" (IP logs, timestamps, and acceptance of terms) to defend against "Friendly Fraud."
  • Mitigation: We may temporarily suspend accounts or blacklist hardware IDs suspected of coordinated abuse.

6. Data & Compliance

  • Retention: Booking metadata is retained for 12–24 months (UK GDPR compliant) specifically to support fraud investigations and chargeback defense.
  • Audit: Internal access to refund tools is logged and restricted via Role-Based Access Control (RBAC).

Disclaimer: This document is a technical framework and does not constitute legal advice. Users are governed by the Terms of Service of their respective Payment Service Providers.