Merchant Trust Initiative 

A program designed to help you understand cybersecurity and meet your obligations and responsibilities when handling sensitive customer information. 

Learn how to protect your business from cyber-attacks and data breaches

Did you know that it is compulsory for all businesses that take payments to meet Payment Card Industry Data Security Standards (PCI DSS) requirements? Often, there is a misconception that if your payment provider is compliant, then your business is automatically, too.

Sadly, this means that many businesses are left unprotected and open to cyber-attacks which have the potential to cripple business operations. According to The Australian Small Business and Family Enterprise Ombudsman, over 60% of Australian small and medium enterprise businesses (SMEs) don’t survive a cyber-attack or data breach. 

Whilst Ezidebit is compliant at the highest level and we have strict practices in place to ensure your customers’ data is secure, there are systems that your business is responsible for too - for example, your phone, email and computer networks, to name a few. 

Check out the infographic below to better understand the shared approach and what you need to monitor for your business.

An easy step-by-step approach to cybersecurity



reliable
reliable

User-friendly merchant portal

Our intuitive merchant portal offers a seamless, step-by-step process designed to simplify your security obligations. Receive prompt email notifications with clear instructions and valuable compliance tips when tasks are due. Plus, gain access to our PCI DSS compliance experts for any additional support you may need.

complete
complete

Annual PCI DSS Self-Assessment Questionnaire (SAQ)

Navigate through our user-friendly questionnaire wizard, ensuring you’re guided to the most suitable pathway and compliance requirements for your business. With pre-populated compliance data, completing the questionnaire is efficient and straightforward.

transparency
transparency

Quarterly network scanning

Safeguard your business’ IT infrastructure with regular network scans to identify vulnerabilities. Upon completion, we’ll provide you with easy-to-understand reports and comprehensive patching instructions for each vulnerability, ensuring your network remains secure. 

_ PCI DSS Compliance is a combined approach. Is your business secure?
Frequently Asked Questions

What is the Merchant Trust Initiative?

What is the Merchant Trust Initiative?

The Merchant Trust Initiative (MTI) is a supportive hands-on program that helps business owners navigate the complex, ever-changing world of online security.

The MTI was launched in 2018 to protect our customers’ business and their livelihoods. We offer you ongoing training and support to make sure you’re PCI compliant and meeting all your data security obligations.

 

 

Who is the MTI for?

Who is the MTI for?

If you run a business and take payments from customers, then you need to be PCI DSS compliant. If you want to protect your livelihood, but lack the time, budget or know-how to monitor, implement and train your staff to do it effectively, MTI can take the burden off your shoulders. The program offers hands-on training and support for making sure your business is PCI DSS compliant and stays that way.

 

Why do I need the MTI?

Why do I need the MTI?

Running a business can be very rewarding but also very demanding on your time. In talking to our customers, we’ve discovered being proactive about PCI compliance and educating staff on data protection and security is not often high on their to-do list. 

Data protection and PCI compliance is often an afterthought, after a breach has occurred. Our product focuses on helping our customers be proactive, and making business security simpler and straightforward.

We give you the tools and support to be ahead of the curve in protecting your customers and the business you’ve worked so hard to build. 

What does the MTI cost?

What does the MTI cost?

This comprehensive toolkit to handle and improve your business cybersecurity is a low annual subscription of $142.

New subscribers:

$178 program establishment fee including 12 months’ access. 

Ongoing subscription:

$142 per year thereafter, billed annually. 

All prices include GST.

When looking at the costs of MTI, remember to balance this against the cost of getting your own endpoint protection and vulnerability scanning software. This can run to hundreds of dollars, depending on the size of your business and the number of endpoint devices you need to protect. 

Add in the savings to your business in terms of reputational damage and loss of revenue should your business experience a data breach. Fines for PCI DSS non-compliance can range from $5,000 to $1,000,000 per data breach, depending on how many cards are compromised. 

Furthermore, the fines for not reporting a breach means that sadly 93% of businesses who don’t have a disaster recovery plan or adequate protection and experience a serious breach are often forced to shut their doors within 12 months.


What is PCI DSS Compliance?

What is PCI DSS Compliance?

The Payment Card Industry - Data Security Standard (PCI DSS) was created to ensure a consistent set of standards for the processing, handling and storing of sensitive credit card information. We ensure our payment methods are secure and our processing, storage and transmission of payment data is Level 1 PCI DSS compliant, the highest PCI DSS standard possible. Your business needs to demonstrate it meets all other requirements in regards to managing your customers’ sensitive payment data.


It is mandatory for all merchants who accept credit cards to be compliant with the PCI Data Security Standard. This is not just limited to completing a Self-Assessment Questionnaire (SAQ), but requires a number of steps and regular scans to ensure obligations are met. This is where the Merchant Trust Initiative helps you simplify the steps within the process. 

What are my PCI DSS obligations?

What are my PCI DSS obligations?

Merchants have 12 PCI DSS obligations to secure and protect sensitive data:


Build and maintain a secure network

1. Install and maintain a firewall configuration to protect cardholder data

2. Do not use vendor-supplied defaults for system passwords and other security parameters


Protect cardholder data

3. Protect stored cardholder data

4. Encrypt transmission of cardholder data across open, public networks


Maintain a vulnerability management program

5. Use and regularly update anti-virus software or programs

6. Develop and maintain secure systems and applications


Implement strong access control measures

7. Restrict access to cardholder data by business need-to-know

8. Assign a unique ID to each person with computer access

9. Restrict physical access to cardholder data


Regularly monitor and test networks

10. Track and monitor all access to network resources and cardholder data

11. Regularly test security systems and processes


Maintain an information security policy

12. Maintain a policy that addresses information security for employees and contractors


How do I know if I’m already PCI DSS compliant?

How do I know if I’m already PCI DSS compliant?

If you complete the annual PCI DSS Self-Assessment Questionnaire (SAQ) accurately, and your assessment shows you have no outstanding actions, you are PCI DSS compliant! 


If you have a portal or e-commerce website, this will include providing evidence of quarterly vulnerability scans from an PCI-DSS approved scanning vendor.


What are the penalties for PCI DSS non-compliance?

What are the penalties for PCI DSS non-compliance?

Fines for PCI DSS non-compliance can range from $5,000 to $1,000,000 per data breach, depending on how many cards are compromised. 


Furthermore, the astronomical fines for not reporting a breach means that sadly 93% of businesses who don’t have a disaster recovery plan or adequate protection and experience a serious breach are often forced to shut their doors within 12 months.


What happens if I choose not to be part of the Merchant Trust Initiative?

What happens if I choose not to be part of the Merchant Trust Initiative?

Regardless of whether you are in the program or not, you still have obligations to manage your customers’ data and credit card information securely. 


Unfortunately, some payment and software companies don’t see it as their obligation to educate their customers about its importance, or worse, intentionally mislead them into thinking they are safe. That is, until something happens and business owners are hit with fines. 


So, if you decide not to be part of the Merchant Trust Initiative, you’ll need to organise your PCI compliance separately and be able to prove your business meets your PCI DSS obligations.


Related content

Get payments done in one. Join us today. Enquire now