Aller au contenu
Vérifié indépendamment · Ré-audit trimestriel
EU VETTED

Trustly

VéRIFIé
Paiements · Sweden
Fondé en 2008 · trustly.com ↗

Swedish open-banking A2A payment innovator (Trustly Group AB, 2008), $10B annual volume, 33+ markets; Nordic Capital + BlackRock PE owned.

En bref

Trustly, dans la catégorie Paiements, propose un hébergement dans l’UE avec Sweden comme lieu d’hébergement, mais une maison mère ou un sous-traitant américain laisse une exposition matérielle au CLOUD Act.

Notes d’évaluation

Trustly Group AB (Stockholm, founded 2008) is the leading European open-banking 'Pay by Bank' / account-to-account payments specialist (Swedish-Finansinspektionen-supervised payment institution + UK FCA authorised + EU PSD2, ISO 27001 + SOC 2 + TÜV Saarland + GDPR certifications, ~US$10B annual processed across 275M transactions and 9,000+ merchants) but ownership is a US/Nordic PE consortium (Nordic Capital majority since 2018, BlackRock Private Equity Partners US co-investor), an IPO at ~US$10B is being explored, and the 2022 Finansinspektionen €11M AML-deficiency fine remains a flag; ownership_signal: eu_hq_us_funded, cloud_act_exposure: material; no public DPA or sub-processors list accessible at audit.

CLOUD ACT
OWNERSHIP
SUB-PROCS
non divulgué
Signaux vérifiés
Juridiction
  • Hébergement UE / adéquation
  • Opérateur UE / adéquation
  • Aucune exposition au CLOUD Act
Transparence
  • DPA public
  • Sous-traitants divulgués
  • Clients open source
  • Certification tierce
JUMP TO
OVERVIEW

À propos de Trustly

Trustly is a Swedish open-banking payments innovator operated by Trustly Group AB in Stockholm, founded in 2008 and the leading European specialist in account-to-account (A2A) "Pay by Bank" transactions: the alternative payment rail that bypasses card schemes entirely by initiating direct bank transfers from consumer accounts. The company processes approximately US$10B annually across 275M transactions, connects 9,000+ merchants to 650M consumer bank accounts globally, and operates in 33+ markets across Europe and North America. Offices span Stockholm (HQ), Örebro, Gzira (Malta), London, Helsinki, Barcelona, Lausanne, Luxembourg, Lisbon, Izmir (Turkey), Ottawa, San Carlos (California), and Vitória (Brazil).

Regulatory and compliance posture is strong: Trustly holds a Swedish payment-institution licence supervised by Finansinspektionen plus a UK Authorised Payment Institution licence from the FCA, and provides cross-border services under PSD2. Certifications confirmed on the public site include ISO 27001, SOC 2, TÜV Saarland accreditation, and GDPR alignment. Open-banking expertise predates the regulatory codification: Trustly was building bank-account-to-merchant rails for 13 years before PSD2 made A2A a regulated category.

The ownership and history side complicate a procurement-grade audit. Nordic Capital (a Stockholm-based Nordic PE firm) acquired Trustly from Bridgepoint in 2018; BlackRock Private Equity Partners (US, the private-equity arm of the world's largest asset manager) joined as a co-investor. An IPO was actively explored in 2021 at a rumoured €9B valuation but was put on hold in 2022 after the Swedish Finansinspektionen imposed a SEK 130M (~€11M) fine for serious anti-money-laundering deficiencies. As of late 2024 / 2026 Nordic Capital is again exploring options including sale or IPO at approximately US$10B. The BlackRock co-investment plus the AML fine history plus non-EU offices (Ottawa, San Carlos, Izmir, Vitória) result in ownership_signal: eu_hq_us_funded and cloud_act_exposure: material despite the strong Swedish regulatory anchoring.

Pricing is enterprise / volume-negotiated; no public per-transaction tier. Best fit: Swedish, Nordic, and broader EU retailers, gambling operators (Trustly is dominant in regulated gaming), and B2B platforms wanting open-banking-native A2A rails as a Stripe / PayPal alternative.

SUB-PROCESSORS

Carte des sous-traitants · non divulgué

L'éditeur ne publie pas de liste de sous-traitants. La conformité Schrems II et l'exposition au CLOUD Act ne peuvent pas être vérifiées indépendamment sans elle.
CERTIFICATIONS

Référentiels & certifications

ISO/IEC 27001
ACTIVE
SOC 2
ACTIVE
Information · cadre US
FEATURES

Matrice de fonctionnalités

Paiement par carte Non
Prélèvement SEPA Non
Paiement fractionné (BNPL) Non
Open banking (A2A) Oui
Récurrent / abonnements Oui
Liens de paiement Non
En personne / TPE Non
Marketplace / split Non
INTéGRATION & ACCèS
REST API Yes
SSO (SAML / OIDC) Yes
CONFORMITé & GOUVERNANCE
Audit log Yes
Self-host / on-prem option No
PRICING

Tarifs & paliers

PAYANT
Tarifs sur mesure

Contactez l’éditeur pour les tarifs par palier ou volume.

Voir la page tarifs ↗
PUBLIC DOCUMENTS

Documents publics

L'éditeur ne publie pas de DPA public. Sans contrat de sous-traitance accessible publiquement, les petits clients européens ne peuvent pas signer eux-mêmes l'accord : cela est consigné comme absence de DPA publique (voir Notre méthode).
L'éditeur ne publie pas de liste de sous-traitants. La conformité Schrems II et l'exposition au CLOUD Act ne peuvent pas être vérifiées indépendamment sans elle.
  • Contrat de sous-traitance (DPA)
    — manquant
    manquant
  • Liste des sous-traitants
    — manquant
    manquant
  • Conditions d'utilisation
    trustly.com/legal…
    Ouvrir ↗
ALTERNATIVES

Alternatives dans cette catégorie

Adyen
Netherlands · Fondé en 2006
BASé UE

Dutch publicly-listed payments giant (Euronext Amsterdam), DNB-licensed credit institution + EU/UK/US banking licences; €1.4T processed/yr.

DPA public Sous-traitants Open source
FROM
CLOUD ACT
MINOR
Alma
France · Fondé en 2019
HéBERGé UE

Paris-area French BNPL for merchants: 2/3/4/10/12 installments + Pay Later; 21,800+ merchants across 8 EU countries; Alma SAS, EU-owned.

DPA public Sous-traitants Open source
FROM
CLOUD ACT
MATERIAL
Dintero
Norway · Fondé en 2017
BASé UE

Oslo fintech (Dintero AS): Finanstilsynet-authorised PI and, since 2025, the only Norwegian-owned direct Visa/Mastercard acquirer; checkout for e-com, marketplaces and physical retail.

DPA public Sous-traitants Open source
FROM
CLOUD ACT
MINOR