Please note if the country where your business is registered is not listed, you will require a third party merchant account with one of our acquiring bank partners.

A merchant account is separate from your business account, set up with an acquiring bank, which enables you to accept payments by credit and debit card.

See a full list of our acquiring bank partners here

Close

PCI-DSS v3.1

Security and compliance as a shared responsibility

Realex Payments is fully PCI DSS compliant and is responsible for the security of cardholder data that it possesses or otherwise stores, processes or transmits on behalf of its merchants. It is also responsible to the extent that it could impact the security of the merchant’s cardholder data environment. Realex Payments can alleviate your PCI overheads, but the degree to which it does so depends on the solution that you use for your payment processing. However, regardless of which solution you use, you are ultimately responsible for your PCI compliance. You must ensure that you are using Realex Payments’ services in a compliant manner, and if you handle, store or transmit cardholder data in any way outside of its systems, you must ensure that this is done in accordance with PCI DSS regulations.

The following table describes how the responsibility for PCI compliance is shared between merchant and Realex Payments for each service type.

PCI DSS Requirement Realex Hosted Realex API Realex Front End App
1. Install and maintain a firewall configuration to protect cardholder data Realex Realex Realex
2. Do not use vendor-supplied defaults for system passwords and other security parameters Realex Realex Realex
3. Protect stored cardholder data Realex Realex Realex
4. Encrypt transmission of cardholder data across open, public networks Realex Realex Realex
5. Protect all systems against malware and regularly update anti-virus software or programs Realex Realex Realex
6. Develop and maintain secure systems and applications Realex Realex Realex and Clients Realex
7. Restrict access to cardholder data by business need-to-know Realex and Clients Realex and Clients Realex and Clients
8. Identify and authenticate access to system components Realex and Clients Realex and Clients Realex and Clients
9. Restrict physical access to cardholder data Realex Realex Realex
10. Track and monitor all access to network resources and cardholder data Realex Realex Realex
11. Regularly test security systems and processes Realex and Clients Realex and Clients Realex
12. Maintain a policy that addresses information security Realex and Clients Realex and Clients Realex and Clients