Security – PCI and 3DS

PCI DSS

PCI-DSS (Payment Card Industry Data Security Standard) is a set of rules created by the Payment Card Industry Security Standards Council to encourage the broad adoption of consistent data security measures around the world.

These rules apply to anyone who is storing, processing or transmitting credit card data. We are externally audited every year to ensure the highest level of data protection available for our merchants.

View our PCI-DSS compliance certificate

PCI Compliance for merchant hosted integrations

If you wish to host a payments page on your own website then you'll need to obtain bank approval and have PCI DSS compliance before we can get you accepting live payments. You'll need to have a chat with your bank to see if they're happy for you to do that, but you can find all the information you need in regards to compliance requirements here.

3DS card security schemes

Your bank will enroll you automatically in relevant 3DS schemes (MasterCard SecureCode and Verified by Visa), ensuring payments processed though our hosted page will be protected against charge backs. There are two schemes in New Zealand; Verified by Visa and MasterCards SecureCode. In New Zealand, most merchants who take payments online, and all card holders, are enrolled in 3DS schemes.

Verified by Visa

As a merchant accepting credit card payments, your bank will enroll you in a Verified by Visa scheme. If a customer purchases an item off your site using a Visa credit card, the transaction will pass through another URL which will check the card details against the transaction. The transaction will then either pass through a token automatically, or if something triggers it, a page will pop up asking for a password or security question known only to the card holder. 

MasterCard SecureCode

As a merchant accepting credit card payments, your bank will enrol you in a MasterCard SecureCode scheme. If a customer purchases an item on your site using a MasterCard credit card, the transaction will pass through another URL which will check the card details against the transaction. The transaction will then either pass through a token automatically, or if something triggers it, a page will pop up asking for a password or security question known only to the card holder. 

Back to Top