Merchant Trust Initiative (MTI)

Our commitment to our merchants to reduce cybercrime and keep payment information secure.

Peace of mind cybersecurity and privacy protection for your business and your customers.

Our Merchant Trust Initiative (MTI) is designed to help you meet your responsibilities and obligations when handling and managing cardholder data. It gives you the tools you need to improve security within your business and enables you to meet compulsory Payment Card Industry Data Security Standard (PCI DSS) requirements. Maintaining PCI DSS compliance is the best way to assure customers that your business will keep their sensitive information safe.

Your cybersecurity partner

Are you PCI DSS compliant?

Cybercrime is growing exponentially each year and so are the risks to business, organisations, and consumers. PCI DSS compliance and making the most of the advanced cyber security tools available to you can help mitigate the risks. As well as meeting our own PCI DSS obligations, we’ve partnered with Viking Cloud (formerly named SecureTrust) to help our clients improve their cybersecurity and maintain compliance in regard to card payment data they collect, transmit and store. The MTI gives you a range of enterprise-level online tools including anti-virus, remote access security, point-of-sale device monitoring, mobile security, and more to improve security within your business. It also enables you to become PCI DSS compliant. The risk of non-compliance is too big to ignore.

Are you PCI DSS compliant?

Here's what you get with the  MTI program



transparency
transparency

SecureTrust PCI Manager

SecureTrust is an all-in-one solution that helps you meet your PCI DSS compliance requirements, simplifying certification with a step-by-step guide.

complete
complete

Step-by-step Guide

This easy to follow guide takes you through the Self-Assessment Questionnaire (SAQ), which is required to assess if you're processing payments securely.

reliable
reliable

Endpoint protection

Protect your computers against unknown threats such as viruses, adware, Trojan horses and worms with our downloadable endpoint protection which is included in your MTI subscription.

complete
complete

Vulnerability Scanning

Protect your computers against cyber risks with automated vulnerability scanning. We’ll help you keep an eye on things when you don’t have the time to.

support
support

Dedicated 24/7 Support

If you need help with the SecureTrust portal, completing your SAQ, and the included security tools (endpoint protection, vulnerability scanning), simply call 1800 370 782 and select Option 1, or email support.

_ PCI DSS Compliance is a combined approach. Is your business secure?
Frequently Asked Questions

What is the Merchant Trust Initiative?

What is the Merchant Trust Initiative?

The Merchant Trust Initiative (MTI) is a supportive hands-on program that helps business owners navigate the complex, ever-changing world of online security.

The MTI was launched in 2018 to protect our customers’ business and their livelihoods. We offer you ongoing training and support to make sure you’re PCI compliant and meeting all your data security obligations.

  • Dedicated 24/7 support: To get the help you need any time, any day! 
  • A built-in wizard: Designed to guide you through the Self-Assessment Questionnaire (SAQ), which will help determine if you’re processing payments securely. 
  • Downloadable endpoint protection: To protect your computers against unknown threats such as viruses, adware, Trojan horses and worms.
  • Automated vulnerability scanning of websites: We’ll help you keep an eye on things when you don’t have the time to.
  • Security alerts tailored to SMEs: It’s important to be aware of new scams or security glitches that can impact your business. We’ll send you security alerts so you know what to look out for.

 

 

Who is the MTI for?

Who is the MTI for?

If you run a business and take payments from customers, then you need to be PCI DSS compliant. If you want to protect your livelihood, but lack the time, budget or know-how to monitor, implement and train your staff to do it effectively, MTI can take the burden off your shoulders. The program offers hands-on training and support for making sure your business is PCI DSS compliant and stays that way.

 

Why do I need the MTI?

Why do I need the MTI?

Running a business can be very rewarding but also very demanding on your time. In talking to our customers, we’ve discovered being proactive about PCI compliance and educating staff on data protection and security is not often high on their to-do list. 

Data protection and PCI compliance is often an afterthought, after a breach has occurred. Our product focuses on helping our customers be proactive, and making business security simpler and straightforward.

We give you the tools and support to be ahead of the curve in protecting your customers and the business you’ve worked so hard to build. 

What does the MTI cost?

What does the MTI cost?

This comprehensive toolkit to handle and improve your business cybersecurity can be yours for a low annual subscription of $142. 

New subscribers:

$178 program establishment fee including 12 months’ access. 

Ongoing subscription:

$142 per year thereafter, billed annually. 

All prices include GST.

When looking at the costs of MTI, remember to balance this against the cost of getting your own endpoint protection and vulnerability scanning software. This can run to hundreds of dollars, depending on the size of your business and the number of endpoint devices you need to protect. 

Add in the savings to your business in terms of reputational damage and loss of revenue should your business experience a data breach. Fines for PCI DSS non-compliance can range from $5,000 to $1,000,000 per data breach, depending on how many cards are compromised. 

Furthermore, the fines for not reporting a breach (up to $360,000 for individuals and $1.8M for businesses) means that sadly 93% of businesses who don’t have a disaster recovery plan or adequate protection and experience a serious breach are often forced to shut their doors within 12 months.


What is PCI DSS Compliance?

What is PCI DSS Compliance?

The Payment Card Industry - Data Security Standard (PCI DSS) was created to ensure a consistent set of standards for the processing, handling and storing of sensitive credit card information. We ensure our payment methods are secure and our processing, storage and transmission of payment data is Level 1 PCI DSS compliant, the highest PCI DSS standard possible. Your business needs to demonstrate it meets all other requirements in regards to managing your customers’ sensitive payment data.


It is mandatory for all merchants who accept credit cards to be compliant with the PCI Data Security Standard. This is not just limited to completing a Self-Assessment Questionnaire (SAQ), but requires a number of steps and regular scans to ensure obligations are met. This is where the Merchant Trust Initiative helps you simplify the steps within the process. 

What are my PCI DSS obligations?

What are my PCI DSS obligations?

Merchants have 12 PCI DSS obligations to secure and protect sensitive data:


Build and maintain a secure network

1. Install and maintain a firewall configuration to protect cardholder data

2. Do not use vendor-supplied defaults for system passwords and other security parameters


Protect cardholder data

3. Protect stored cardholder data

4. Encrypt transmission of cardholder data across open, public networks


Maintain a vulnerability management program

5. Use and regularly update anti-virus software or programs

6. Develop and maintain secure systems and applications


Implement strong access control measures

7. Restrict access to cardholder data by business need-to-know

8. Assign a unique ID to each person with computer access

9. Restrict physical access to cardholder data


Regularly monitor and test networks

10. Track and monitor all access to network resources and cardholder data

11. Regularly test security systems and processes


Maintain an information security policy

12. Maintain a policy that addresses information security for employees and contractors


Seems like a lot? Don’t worry, we can help. The MTI provides round-the-clock support to ensure you meet the 12 obligations.


How do I know if I’m already PCI DSS compliant?

How do I know if I’m already PCI DSS compliant?

If you complete the annual PCI DSS Self-Assessment Questionnaire (SAQ) accurately, and your assessment shows you have no outstanding actions, you are PCI DSS compliant! 


If you have a portal or e-commerce website, this will include providing evidence of quarterly vulnerability scans from an PCI-DSS approved scanning vendor.


What are the penalties for PCI DSS non-compliance?

What are the penalties for PCI DSS non-compliance?

Fines for PCI DSS non-compliance can range from $5,000 to $1,000,000 per data breach, depending on how many cards are compromised. 


Furthermore, the astronomical fines for not reporting a breach (up to $360,000 for individuals and $1.8M for businesses) means that sadly 93% of businesses who don’t have a disaster recovery plan or adequate protection and experience a serious breach are often forced to shut their doors within 12 months.


It's too hard! Can anyone help me walk through the process?

It's too hard! Can anyone help me walk through the process?

Absolutely! To give you all the help you need we have a dedicated 24/7 human support number and a built-in wizard which is designed to guide you through the Self-Assessment Questionnaire (SAQ), which is required to ensure you are processing payments securely.


What happens if I choose not to be part of the Merchant Trust Initiative?

What happens if I choose not to be part of the Merchant Trust Initiative?

Regardless of whether you are in the program or not, you still have obligations to manage your customers’ data and credit card information securely. 


Unfortunately, some payment and software companies don’t see it as their obligation to educate their customers about its importance, or worse, intentionally mislead them into thinking they are safe. That is, until something happens and business owners are hit with fines. 


So, if you decide not to be part of the Merchant Trust Initiative, you’ll need to organise your PCI compliance separately and be able to prove your business meets your PCI DSS obligations.


I want to opt out of the MTI. What does this mean for me?

I want to opt out of the MTI. What does this mean for me?

Remember, it’s mandatory for all merchants who accept credit cards to comply with the PCI Data Security Standard. This is not just limited to completing a Self-Assessment Questionnaire (SAQ), but requires a number of steps and regular scans to ensure obligations are met. This is where the Merchant Trust Initiative helps you simplify the steps within the process. 

If you are already able to show your compliance from another provider you can choose to opt out of the MTI. Please ensure you understand and meet all these requirements prior to opting out. After you opt out you may be asked to provide evidence to support your compliance. 

To opt out - CLICK HERE

Related content

Get payments done in one. Join us today. Enquire now