Keeping payment data secure

Merchant Trust Initiative

Get practical tools and knowledge to professionally manage your customers’ card details and enhance data security.

A step-by-step simple approach to cybersecurity

Understanding your obligations and responsibilities to manage cardholder data can be complex. Our Merchant Trust Initiative (MTI) program is designed to simplify the process with a toolkit to enhance how you handle data security and meet the Payment Card Industry Data Security Standards (PCI DSS) compliance requirements.


PCI DSS Compliance

Your own security portal

Our MTI program gives you the tools you need to improve security within your business, and helps you meet your compulsory PCI DSS obligations. Non-compliance leaves your business vulnerable to fraudulent activity and cyber attacks, causing financial and reputational damage.

Intuitive user portal

Intuitive user portal

Our special PCI portal provides an easy step-by-step approach and is designed to simplify and streamline the tasks required to meet your security obligations. You will receive timely emails with simple instructions and helpful compliance tips when tasks are due, and access to our PCI DSS compliance experts if you need extra assistance.

Annual PCI DSS Self-Assessment Questionnaire (SAQ)

Annual PCI DSS Self-Assessment Questionnaire (SAQ)

The easy-to-follow questionnaire wizard ensures you will always be placed in the most appropriate pathway for your business. Compliance data is also populated to help you complete this as quickly as possible.

Quarterly network scanning

Quarterly network scanning

Protect your business’ information technology architecture with regular network scanning to check for vulnerabilities. Once a scan is complete, you will be provided with easy-to-understand reports and detailed patching instructions for each vulnerability discovered.

Merchant Trust Initiative


Cyber Liability Insuance

Your MTI membership provides you with exclusive discount pricing on Cyber Liability insurance with Bizcover.

SecureTrust’s Platform

SecureTrust’s cybersecurity and PCI compliance platform includes access to vulnerability and network security tools, security awareness training and endpoint monitoring.

Get Started Video

Watch this video to get started with SecureTrust PCI Manager.

PCI DSS compliance is a shared responsibility

Whilst Eway is Level 1 compliant and we have stringent practices in place to ensure your customers’ data is secure, there are factors outside of our ecosystem that your business is responsible for – for example, your phone, email and computer systems, to name a few. View our infographic here to understand the combined approach.

Frequently Asked Questions

Read our most asked questions about our Merchant Trust Initative program.

The Payment Card Industry Data Security Standard (PCI-DSS) was created to ensure a consistent set of standards for the processing, handling and storing of sensitive credit card information.

If you complete a yearly assessment of your PCI DSS status using a Self-Assessment Questionnaire (SAQ) accurately, and your assessment shows you have no outstanding actions, then you are PCI-DSS compliant. If you have a portal or e-commerce website, this will include providing evidence of quarterly vulnerability scans from a PCI-SSC approved scanning vendor.

Eway is a Level 1 PCI DSS compliant business. However, prior to any data being entered into our systems, merchants have an obligation to protect card information. This is part of the reason we have launched the Merchant Trust Initiative – to educate and increase knowledge around these obligations to ensure better cybersecurity and data protection practices.

Fines for PCI DSS non-compliance can range from $5,000 to $100,000 per month per violation.

Every business that handles cards, from major enterprises to the smallest businesses, regardless of their size or transaction volume, must ensure they are compliant with the requirements in the PCI DSS. Not doing so may result in suspension from processing cards from certain providers. By staying compliant with PCI DSS requirements, you can be confident that you are doing the right thing by your customers.

It is mandatory for all merchants who accept credit cards to be compliant with the PCI Data Security Standard, and this applies regardless of size or how they accept payments. This is not just limited to completing a Self-Assessment Questionnaire (SAQ), but requires a number of steps and regular scans to ensure obligations are met. This is where the Merchant Trust Initiative helps you simplify the steps within the process. If you are already able to show your compliance from another provider, or choose to opt out, click here. The form will outline your obligations as a customer of Eway, so please ensure you understand and meet all these requirements prior to opting out.

Each of the card schemes have rules that apply to different members of the supply chain within the payment card industry. The following list from each of the card scheme members outlines their specific rules.

  • Visa MasterCard
  • American Express
  • Discover Financial Services
  • JCB International

More about cybersecurity

Discover more about how we’re safeguarding data for you and your customers.

All In One Payment

All In One Payment

Everything you need to transact online.

Gateway Services

Gateway Services

Use your existing merchant bank account.

Enterprise Solutions

Enterprise Solutions

High volume pricing to suit your needs.