|
Visa has distinguished eWAY as a Registered PCI DSS compliant service provider.
This registry serves as a benchmark of providers that are secure and trusted by
Visa. For the complete listing and more information on this registry you may visit
the
Visa
Registry. Note eWAY is listed under its registered name, Web Active
Corporation Pty Ltd.
As an online credit card processor, eWAY is subject to standards imposed on the
industry by major card issuers such as Visa and MasterCard. The Payment Card Industry
(PCI) Data Security Standard (DSS) is a set of guidelines developed to help organisations
that process card payments prevent credit card fraud, hacking and various other
security issues. A company processing, storing, or transmitting credit card numbers
must be PCI DSS compliant or they risk losing the ability to process credit card
payments.
|
The PCI DSS, a set of comprehensive requirements for enhancing payment data security,
was developed by the founding payment brands of the Payment Card Industry Security Standards Council, including
American Express, JCB, MasterCard and Visa, to encourage the broad adoption of consistent
data security measures around the world.
|
|
The PCI DSS is a security standard that includes requirements for security management,
policies, procedures, network architecture, software design and other critical protective
measures. This comprehensive standard is intended to assist organisations proactively
protect their customer's information.
The core of the PCI DSS is a set of principles and accompanying requirements, around
which the specific elements of the DSS are organised:
Build and Maintain a Secure Network
Requirement 1: Install and maintain a firewall configuration to protect cardholder
data
Requirement 2: Do not use vendor-supplied defaults for system passwords and other
security parameters
Protect Cardholder Data
Requirement 3: Protect stored cardholder data
Requirement 4: Encrypt transmission of cardholder data across open, public networks
Maintain a Vulnerability Management Program
Requirement 5: Use and regularly update anti-virus software
Requirement 6: Develop and maintain secure systems and applications
Implement Strong Access Control Measures
Requirement 7: Restrict access to cardholder data by business need-to-know
Requirement 8: Assign a unique ID to each person with computer access
Requirement 9: Restrict physical access to cardholder data
Regularly Monitor and Test Networks
Requirement 10: Track and monitor all access to network resources and cardholder
data
Requirement 11: Regularly test security systems and processes
Maintain an Information Security Policy
Requirement 12: Maintain a policy that addresses information security
Service Providers such as eWAY must validate compliance with an audit by a PCI DSS
Qualified Security Assessor (QSA) Company each year. eWAY’s PCI DSS Audit is conducted
by a third party certified QSA and Qualified Payment Application
Security Company (QPASC) under the Payment Card Industry Data Security Standard
Program.
View eWAY’s PCI DSS Compliance Certificate
|