Card security and PCI DSS

Our merchant customers are expected to adhere to the Payment Card Industry Data Security Standard (PCI DSS). Doing that, and using our fraud minimisation guide, is how you can reduce the risk of card fraud.

Our commitment to financial security

At ANZ we take financial security very seriously. 

We have developed a comprehensive fraud minimisation guide to help protect you and your customers from card fraud:



As part of our commitment to security, we also require our merchant customers to adhere to PCI DSS.

If you accept card payments from customers, or use a third party service provider to do so, you are responsible for ensuring that customers’ card details are secure and that your third party service providers are compliant with PCI DSS.

Payment Card Industry Data Security Standard (PCI DSS)

The PCI DSS is a set of comprehensive standards designed to protect and secure cardholder data. 

The standards are governed by an independent organisation known as the PCI Security Standards Council, which is made up of representatives from the world’s major credit card companies, such as Visa and Mastercard, and leading information security experts.

The PCI DSS:

  • Reduces the risk of credit card fraud.
  • Helps you to avoid fines, penalties and costs related to credit card security breaches and non-compliance.
  • Increases consumer confidence in credit card payments.
  • Reduces your business’ exposure to potential lost revenue as a result of fraud.

What you need to do

The ANZ Merchant Business Solutions team will let you know what you need to do to comply with PCI DSS and when it is applicable to your business.

Our guidance will always include these points.


Card security

  • Only use EFTPOS terminals certified by Payments New Zealand and the EFTPOS New Zealand and/or Paymark network.
  • Only use approved third party service providers for internet sales.
  • Ensure full credit card information is never stored anywhere. Only retain truncated card data in the form of  ‘1234 56xx xxxx 7890’.
  • Never collect or store sensitive authorisation data such as PIN and card security code.

Premises, computers and staff

  • Ensure all employees are aware of their responsibilities in relation to information security, and reflect these in strong written policies.
  • If you use wireless to connect to the internet, ensure router settings are enabled for strong security.
  • Monitor the premises and ensure access to payment systems is restricted to prevent tampering and/or misuse.
  • Protect computers from intrusion by using robust security tools:
    • Install a Firewall to protect against unauthorised access from the internet.
    • Use up-to-date anti-virus software that is capable of detecting and removing all known threats.
    • Do not share the same username and password amongst staff.
    • Use strong passwords that are regularly changed.
    • Secure and disable programs used for Remote Assistance.

More information about PCI DSS

For the latest PCI DSS standards, plus guides and information about getting started with PCI DSS and the compliance process, visit the PCI Security Standards website.

Contact our Merchant Business Solutions team

Related products

Important information

Any supplier specified above (including EFTPOS New Zealand Limited ("ENZ") is not a related company of ANZ Bank New Zealand Limited ("ANZ"). ANZ does not warrant the quality of goods and/or services provided by them or their suitability for your particular circumstances.