Simplifying your
payments compliance

Confidently manage your responsibilities and protect sensitive customer data with support from our cybersecurity program for Australian businesses, designed to guide you through your obligations.

Enquire now

Protect your business from cyberattacks and data breaches

Your customers trust you with more than just their business— they trust you with their sensitive payment data. Protecting that information is one of your most critical responsibilities. A single data breach can not only lead to significant financial penalties but can also cause irreversible damage to your reputation. According to IBM’s “Cost of Data Breach Report 2025,” the average total cost of a data breach for an Australian company reached $4.4 million USD.

The Ezidebit Merchant Trust Initiative (MTI) is designed to help you navigate the complexities of data security and meet your obligations under the global Payment Card Industry Data Security Standard (PCI DSS). We give you the tools and guidance to protect your customers, so you can focus on what you do best.

A growing threat to Australian businesses


Cyberattacks and data breaches

Australian small and medium-sized businesses are now a primary target for cybercriminals because they often lack dedicated security resources. Cybercriminals use sophisticated malicious software and ransomware to steal sensitive data, which can then be used for widespread identity theft. The outcome is not just financial loss but also severe and often irreversible reputational damage.



Enquire now
Customise invoices
Customise invoices

The soaring cost of a breach

The average cost of a data breach for an Australian business is now over $4.4 million, a figure that can be catastrophic for a small enterprise.

virtual
virtual

Email compromises

Scams targeting business email payments are rampant. In 2023, Australian businesses reported tens of millions of dollars in losses from invoice and payment redirection scams.

reliable
reliable

Mandatory compliance

All Australian businesses, regardless of size, that accept, process or store credit card information are required by the major card schemes (Visa®, Mastercard®) to be PCI DSS compliant.

Potential customer loss

A breach can impact customer confidence, drive clients to competitors and take years to rebuild. Our MTI helps protect you from this type of loss.

Your guided path to security and compliance


The Merchant Trust Initiative provides a streamlined toolkit and expert support to help you build a secure payment environment and achieve and maintain your mandatory PCI DSS compliance.

Step-by-step support

We provide access to an intuitive online portal that walks you through the compliance journey step by step. We don’t just give you the tools — we help you use them. You’ll receive timely reminders when compliance tasks are due and have access to our security experts when you need them.

complete
complete

Simplified self-assessment questionnaire (SAQ)

The annual PCI DSS SAQ is a mandatory requirement. Our portal includes a wizard that helps you complete questionnaires for your business quickly and accurately, pre-populating data where possible to save you time.

transparency
transparency

Quarterly network scanning

Our program includes regular, automated network vulnerability scans. These scans check your systems for security weaknesses that could be exploited by hackers and provide you with easy-to-understand reports and clear instructions for fixing any issues found.

PCI DSS compliance — a combined approach

Is your business secure? Our cybersecurity compliance program guides your business through PCI DSS compliance responsibilities.

  • Your areas of PCI DSS compliance
  • Our areas of PCI DSS compliance
Person working on a laptop

Your areas of PCI DSS compliance

Person working on a laptop

Phones
Make sure phone systems don’t  capture card data (i.e., no voice recording).
Physical records
Shred or destroy physical records when they are no longer needed.
Emails
Delete all emails containing payment details and provide more secure methods for customers to send payments.
Computers and websites
Protect your computers and your websites by a firewall and antivirus and updated software.

Business woman stands and shakes her colleague’s hand

Our areas of PCI DSS compliance

Business woman stands and shakes her colleague’s hand

EziOnline portal
We look after the EziOnline portal, where you manage your card payments and process mail order/telephone order transactions.
Hosted payment solution
We manage your hosted payment solutions that capture all payment card details. These include the hosted payment page, embeddable widget and electronic direct debit request form (eDDR).
Tokenisation
We capture your customers’ card data, store it securely and return a token to be used for recurring/card on-file payments.
Ezidebit API
We manage the Ezidebit API, which provides the ability to process card payments via a range of payment types (Direct Debit, Real Time and BPAY). EFTPOS payments are covered by our third party provider, SmartPay.

PCI DSS compliance — a shared responsibility

Business man frets over compliance issues

It’s a common misconception that simply using a compliant payment provider like Ezidebit makes your business fully compliant. While we secure every transaction we process to the highest Level 1 PCI DSS standard, compliance is a shared responsibility. Your business is still responsible for the security of the environment where you handle customer data — whether it's on your website, in your office or on your computer systems. The MTI is designed to help you manage your part of that responsibility with confidence.

Enquire nowPricing
Business man frets over compliance issues

Partner with us to secure your business

Don't leave your business exposed. The Ezidebit Merchant Trust Initiative provides the clarity and tools you need to protect your customers, your reputation and your bottom line.

Contact our team
Merchant Trust Initiative Frequently Asked Questions

What is PCI DSS?

I'm a small business. Does PCI DSS still apply to me?

I thought using Ezidebit made me compliant?

What are the consequences of not being compliant?

What is PCI DSS?

The Payment Card Industry Data Security Standard (PCI DSS) is a global set of security standards designed to ensure that all companies that accept, process, store or transmit credit card information maintain a secure environment.

I'm a small business. Does PCI DSS still apply to me?

Yes. PCI DSS applies to every organisation that handles cardholder data, regardless of size or transaction volume.

I thought using Ezidebit made me compliant?

This is a common point of confusion. While Ezidebit is a Level 1 PCI DSS compliant provider, securing the transaction from end to end, your business is still responsible for securing the environment where you operate and handle customer data. Our Merchant Trust Initiative is designed to help you meet those specific obligations.

What are the consequences of not being compliant?

Consequences can include monthly penalties from acquiring banks, forensic audit costs in the event of a breach and potential suspension of your merchant account, preventing you from accepting card payments.

Related content

View All 
Get payments done in one. Join us today. Enquire now
Our solutions
Our integrations