PCI Data Security Statement

PCI Data Security Statement

Openpay Pty Ltd is a PCI DSS Level 1 certified compliant Service Provider organisation. PCI DSS is a comprehensive set of requirements created by the Payment Card Industry Security Standards Council to enhance cardholder data security and to ensure the safe handling and storage of sensitive customer credit card information and data. Maintaining security of cardholder data is very important to Openpay.

Openpay’s PCI DSS responsibilities as a Service Provider are outlined in the Attestation of Compliance (AOC) as independently audited by Openpay’s Qualified Security Assessor (QSA). Openpay’s Attestation of Compliance (AOC) is submitted to Openpay’s acquiring bank(s).

To learn more about PCI visit the following website www.pcisecuritystandards.org.

Security Note to Consumers

Openpay is responsible for protecting the security of Card Data (defined as a cardholder’s account number, expiration date and CVV2) in our possession and will maintain commercially reasonable administrative, technical and physical procedures to protect all the personal information regarding you that is stored in our servers from unauthorised access and accidental loss or modification. However, we cannot guarantee that unauthorised third parties will never be able to defeat those measures or use such personal information for improper purposes. You acknowledge that you provide this personal information at your own risk.

Note to Retailers

You are fully responsible for the security of data on your website or otherwise in your possession. You agree to comply with all applicable state and federal laws and rules in connection with your collection, security and dissemination of any personal, financial, card, or transaction information (defined as “Data”) on your website. You agree that at all times you shall be compliant with the Payment Card Industry Data Security Standards (PCI-DSS) and the Payment Application Data Security Standards (PA-DSS), as applicable. The steps you will need to take to comply with PCI-DSS and PA-DSS when using Openpay will vary based on your implementation. For more information about implementing Openpay please contact us to request a copy of our documentation. If we believe it is necessary based on your implementation and request it of you, you will promptly provide us with documentation evidencing your compliance with PCI DSS and/or PA DSS if requested by us. You also agree that you will use only PCI compliant service providers in connection with the storage, or transmission of Card Data. You must not store CVV2 data at any time. Information on the PCI DSS can be found on the PCI Council’s website. It is your responsibility to comply with these standards.