SITEMAP HOME SEARCH
CARD ACCEPTANCESERVICEFINANCIAL INSTITUTIONSNEWSABOUT USCONTACTLINKS
Your advantages
Service packages
Payments at the Point Of Sale (POS)
E-commerce / Distance payments
Mail/Phone order
Secure PayGate
Secure E-commerce
Secure shopping
Credit cards
Debit cards
Value cards
EFT/POS terminals
Facts and figures
Merchants
Foreign currency commission
Security guidelines for credit and debit card data

For merchants and assigned third parties

As a merchant or service provider, please observe the rules for security in the distance business applicable to you:

  1. Merchants in the distance business must generally adhere to the “Instructions Regarding the Security of Credit and Debit Card Data” issued by SIX Multipay.
  2. Merchants that save or store card data on paper should adhere to the following guidelines, among others:
    – Limit this to only what is absolutely necessary.
    – Do not retain the data longer than 24 months.
    – Store the data in a secure location.
  3. Merchants who do not transmit, process or save card data in their IT systems, and who exclusively assign this to service providers (PSP´s and others) who are SDP and AIS-certified, thereby meet the requirements.
  4. 4. Merchants that conduct more than 20,000 e-commerce transactions annually in one of the two card systems (MasterCard/Maestro or VISA), who transmit, process or store card data, must meet the following criteria:
    >> Annual completion of a security questionnaire:
    >>Quarterly security review by a company accredited by VISA and MasterCard
  5. Merchants who conduct less that 20,000 e-commerce transactions annually in one of the two card systems (MasterCard/Maestro or VISA) are also required to adhere to the SDP and AIS regulations. While the certification of such merchants is not mandatory, it is, however, recommended.*
  6. Service providers who transmit, process or save card data in assignment by a merchant must be certified for SDP and AIS.

The saving of certain card data, such as CVC2/CVV2, passwords, data on the magnetic track, chips, etc. is not permitted in any form.

The detailed rules for the handling of card data can be obtained from SIX Multipay and from specialized security firms.

Reporting obligation
Should a merchant or service provider notice that unauthorized access to card data has occurred, they are obligated to immediately inform SIX Multipay and to provide active support in any subsequent investigation.

Payment Card Industry Data Security Standard
The relevant documents for SDP and AIS for VISA and MasterCard can be downloaded here.
DIRECT LINKS

Instructions regarding the security of credit card data
     

Copyright SIX Group. All rights reserved.
Please read the disclaimer before proceeding.
SIX Multipay AG, Hardturmstrasse 201, CH-8021 Zürich
Online form