PCI DSS is a set of security rules that businesses must follow to protect customer payment data. This guide explains how Verifone Online Payment solutions simplify compliance, helping merchants meet PCI requirements
What is PCI DSS?
PCI DSS (Payment Card Industry Data Security Standard) is a set of rules created by major card providers (Visa, Mastercard, American Express, Discover, and JCB) to help businesses keep customers' payment information safe. These rules apply to any business that accepts, stores, or processes card payments, including merchants, payment service providers (e.g. Eftpos NZ), and banks.
If your business accepts online payments, you need to follow PCI DSS guidelines. However, using our secure Verifone hosted payment page, virtual terminal, Pay by Link, or API solutions reduces the amount of work you need to do to stay compliant.
How Our Solutions Make PCI DSS Compliance Easier
Our solutions help keep your business compliant by:
-
Ensuring you don’t need to store, process, or handle sensitive card details directly
-
Encrypting all transactions to protect customer payment details
-
Using security systems to prevent fraud and safeguard your business
-
Keeping up with the latest security standards so you don’t have to worry about updates
Our Verifone eCommerce solutions are accepted by all major banks in New Zealand (ANZ, ASB, BNZ, Kiwibank, and Westpac), ensuring they meet your bank’s security requirements.
Our Secure eCommerce Payment Solutions
Each of our eCommerce payment options is designed to make online payments safe and simple.
Hosted Payment Page – Verifone Checkout
-
Customers are redirected to a secure, bank-approved payment page
-
Payment details are never stored on your website, reducing risk
-
Data is encrypted to keep transactions safe
- Learn more here
Virtual Terminal
-
A secure web page where you can enter card details for phone or mail orders
-
Meets PCI DSS security requirements to protect customer information
-
Transactions are encrypted to keep payments safe
- Learn more here
Pay by Link
-
Generates a secure payment link for customers to pay online
-
Payments are processed through a PCI DSS-compliant system
-
No need to store or handle sensitive card details
- Learn more here
Payment over API (Server-to-Server Integration)
-
Connects directly to a secure payment gateway for automated transactions
-
Uses VerifoneJS for end-to-end encryption of payment data.
-
Fully PCI DSS Level 1 certified for the highest level of protection
PCI DSS compliance requirements for merchants
Merchants may need to complete a self-assessment questionnaire (SAQ) to show they meet PCI DSS requirements. The type of questionnaire depends on how your business accepts payments.
PCI DSS Self-Assessment Questionnaires (SAQs)
| Payment Method | Setup Type | Required SAQ |
|---|---|---|
| Hosted Payment Page | Payments handled externally | SAQ-A |
| Virtual Terminal | Manually entered transactions | SAQ C-VT |
| Pay by Link | Payments handled externally | SAQ-A |
| Verifone.JS solution | Payments handed externally | SAQ A-EP |
| Payment over API | Direct integration | SAQ-D |
Visa and Mastercard compliance validation levels for merchants
Visa and Mastercard have different security requirements based on how many transactions your business processes each year. You must report your compliance status to your bank.
| Level | Transactions Per Year | Compliance Requirement |
| Level 4 | Up to 20K | SAQ recommended, but not required |
| Level 3 | 20K - 1M | SAQ required |
| Level 2 | 1M - 6M | SAQ required, signed by a PCI security expert |
| Level 1 | 6M+ | Full PCI DSS certification required |
If you’re unsure about your compliance level, contact your bank (ANZ, ASB, BNZ, Kiwibank, or Westpac) for guidance.
Get Started with Secure eCommerce Payments
Eftpos New Zealand makes it easy to accept online payments securely. Learn more about our eCommerce solutions here.