Security

Kharisma uses secure payment infrastructure so supporters can give and receivers can get paid without exchanging personal payment details.

Payments and bank connections are handled through Stripe.

Security overview

Kharisma public messaging emphasizes:

• supporters can give without downloading an app
• bank account information is not stored by Kharisma
• Stripe handles payment processing, bank verification, and payouts
• Stripe is PCI-DSS Level 1 compliant
• supporters can use trusted payment methods such as cards and digital wallets

Fraud protection basics

Receivers should protect their profiles and QR codes.

Recommended practices:

• use official Kharisma QR codes and links
• test printed QR codes before placing them in public
• replace damaged or suspicious QR labels
• do not share dashboard access with people who do not need it
• review Stripe account alerts and payout status
• keep onboarding and password reset emails private

Safe QR usage

A QR code should clearly identify the receiver or campaign.

Supporters should confirm the page name before paying.

Receivers should remove outdated QR codes when a campaign ends or a destination changes.

Payment privacy

Kharisma avoids username searching and personal payment detail exchanges in real-world support moments.

Supporters use the Kharisma flow instead of asking for a personal phone number, payment username, or bank detail.

FAQ

Is Kharisma secure?

Kharisma uses Stripe for payment processing and payout onboarding. Stripe manages the financial onboarding process and is PCI-DSS Level 1 compliant.

Does Kharisma store bank account information?

No. Kharisma public messaging states that bank account information is handled by Stripe, not stored by Kharisma.

What should I do if a QR code looks altered?

Do not use it. Ask for the official link or scan a QR code from a trusted location.

Can supporters confirm who they are paying?

Yes. Supporters should review the profile or campaign name before confirming payment.