To give your Magento site a leg up...

PCI Compliance

Many businesses in New Zealand use a payment processor  that is PCI DSS compliant such as Payment Express. However, this does not mean that you can forget about meeting the twelve points below to be PCI Compliant. Credit card details can still be stolen as part of the transaction before they are passed to the payment processor part of the website.

Criminals can change the code on an insecure website so that it calls a similar domain (paymentiexpress.com for example), takes the credit card details, stores them to be sold at a later date, and then passes the credit card details to the correct site (paymentexpress.com) for processing.

If criminals do manage to steal the credit card details of your clients, the penalties from your bank can include:

  • Fines of up to USD 500,000
  • A mandatory review of your security (at your cost)
  • Removal of your ability to take credit card payments

And your reputation with your clients will obviously suffer.


To be PCI Compliant there are twelve obligations that we must meet:

Build and maintain a secure network

  1. Install and maintain a firewall configuration to protect cardholder data
  2. Do not use vendor-supplied defaults for system passwords and other security parameters

Protect cardholder data

  1. Protect stored cardholder data
  2. Encrypt transmission of cardholder data across open, public networks

Maintain a vulnerability management program

  1. Use and regularly update anti-virus software or programs
  2. Develop and maintain secure systems and applications

Implement strong access control measures

  1. Restrict access to cardholder data by business need to know
  2. Assign a unique ID to each person with computer access
  3. Restrict physical access to cardholder data

Regularly monitor and test networks

  1. Track and monitor all access to network resources and cardholder data.
  2. Regularly test security systems and processes

Maintain an Information Security policy

  1. Maintain a policy that addresses information security for all personnel

To ensure we are PCI compliant we are independently scanned every month by Security Experts…Secure Strategy.