Security & Payment Card Industry Data Security Standard (PCI DSS)
PCI DSS is a set of comprehensive standards designed to protect and secure cardholder data. The standards are governed by an independent organisation known as the PCI Security Standards Council, which is made up of representatives from the world’s major credit card companies such as Visa and Mastercard, and leading information security experts.
As part of our commitment to security, we also require our Merchant customers to adhere to the PCI DSS.
If you accept credit card payments from customers, or use a third party service provider to do so, you are responsible for ensuring that customers’ credit card details are secure and/or that your third party service providers are compliant with PCI DSS.
Why is PCI DSS important?
The benefits of PCI DSS include:
Reducing the risk of credit card fraud
Avoiding fines, penalties and costs related to credit card security breaches and non-compliance
Increasing consumer confidence in credit card payments
Reducing your business’ exposure to potential lost revenue as a result of fraud.
What you need to do
To comply with PCI DSS and reduce the risk of credit card fraud you should:
Only use EFTPOS terminals certified by Payments New Zealand and the EFTPOS New Zealand and/or Paymark network
Only use approved third party service providers for internet sales
Protect computers from intrusion by using robust security tools:
Install a Firewall to protect against unauthorised access from the internet
Use up-to-date anti-virus software that is capable of detecting and removing all known threats
Do not share the same username and password amongst staff
Use strong passwords that are regularly changed
Secure and disable programs used for Remote Assistance.
If you use wireless to connect to the internet, ensure router settings are enabled for strong security
Monitor the premises and ensure access to payment systems is restricted to prevent tampering and/or misuse
Ensure full credit card information is never stored anywhere. Only retain the last 4 digits of the card number, and ensure that the leading digits are not recorded
Ensure all employees are aware of their responsibilities in relation to information security, and reflect these in strong written policies.
For the latest PCI DSS standards, plus guides and information about getting started with PCI DSS and the compliance process, please refer to the PCI Security Standards website.
The ANZ Merchant Business Solutions Team will let you know what you need to do to comply with PCI DSS when applicable to your business.
Talk to our Merchant Business Solutions team
Our dedicated experts can answer your questions and design a solution to meet the unique needs of your business.
Any supplier specified above (including EFTPOS New Zealand Limited ("ENZ") is not a related company of ANZ Bank New Zealand Limited ("ANZ"). ANZ does not warrant the quality of goods and/or services provided by them or their suitability for your particular circumstances.