My Profile_

Compliance

Application Security

The safeguarding of cardholder information and Card Account Data in particular is everybody’s responsibility and Moneris has gone to great lengths to provide certified solutions that remove much of the security burden for merchants and integrators. Our solutions are certified against Payment Application Data Security Standards (PA-DSS) as mandated by the PCI Security Standards Council on an annual basis and these standards are priority in any and all development and design projects we undertake. Similarly, Moneris as an Acquirer/Processor is mandated to maintain Payment Card Industry Data Security Standards (PCI-DSS) across our entire business and processing infrastructure.

We strongly recommend that you consider implementing one of several variations of our Hosted Payment Solutions as a means of reducing the impacts of the aforementioned compliance programs as well as the practical benefits described on the dedicated solution pages available and often referenced on this portal. That being said, an API integration is a very valid integration method as long as the following is considered:

  • All merchants are required to be PCI compliant but only some are required to provide third-party validation of compliance.
  • Solution providers that develop solutions, software, payment cartridges or middleware for sale and installation in the merchant environment or that of a contracted merchant service provider are required to have their solution certified as being PA DSS compliant.
  • Merchants that develop their own custom payment applications should consider PA DSS standards in their designs but their compliance requirements would be covered in their annual PCI DSS compliance review and therefore would not be required to seek PA DSS certification of the custom and proprietary payment application.
  • Merchants that outsource their eCommerce provisioning to a third party are obligated to identify all parties in the payment value chain and ensure the relevant PCI certifications have been achieved and maintained by all.

Aside from mandatory certification requirements, there are practical security precautions and best practices that every organization should consider when implementing card payments and/or granting access to payment solutions that collect, transmit or store credit card data. This includes internal networks and systems as well as external solutions such as Moneris' own e-Select Plus solution. Please refer to Moneris’ Security Standards for further guidance.