PCI Regulations & Card Scheme Compliance

FEXCO Merchant Services is committed to maintaining the highest level of professional and ethical standards in the conduct of it’s business. The directors and employees of FEXCO Merchant Services strictly observe all laws and regulations applicable to it’s business activities. Senior Management play a crucial role in ensuring compliance culture is maintained in FEXCO Merchant Services, and are committed to leading by example, and by managing employees so that they may also strive to maintain such standards following policy and procedures in line with internal and regulatory requirements.

PCI Data Security

FEXCO Merchant Services is certified as a “Third Party Processor-Level 1” in compliance with the Payment Card Industry Data Security Standard (PCI DSS) endorsed by VISA, MasterCard and other leading cardschemes. PCI DSS certification was first achieved in July 2006 by FEXCO Merchant Services, and the company has successfully maintained certification since then. This is obtained through extensive annual audits performed by O-C Group, a third party qualified security assessor from the PCI Security Standards Council.

“The PCI Certification strengthens our commitment to protect our customers ‘sensitive data’, and gives our clients the added assurance that payment card information processed and held by FEXCO Merchant Services is fully protected, using the highest data security controls in line with the PCI DSS 12-point framework”

You can view our PCI Certificate of Compliance here.

About PCI DSS

PCI DSS was created by the founding payment brands of the PCI Security Standards Council (VISA, MasterCard and other leading card schemes) to develop a set of comprehensive requirements for enhancing payment account data security and to facilitate the broad adoption of consistent data security measures on a global basis. PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. The core of PCI DSS is a group of principles and accompanying requirements, around which specific elements of the DSS are organised. These are:

  • Build and maintain a Secure Network
  • Protect Cardholder data
  • Maintain a Vulnerability Management Program
  • Implement strong Access Control Measures
  • Regularly monitor and Test Networks
  • Maintain an Information Security Policy

Card Scheme Compliance

As Global leader and originator of the Dynamic Currency Conversion (DCC) service, with in excess of 30,000 merchants and 27 Multi-Currency Acquiring Banks globally, FEXCO Merchant Services is acutely aware of the importance of ensuring compliance across our merchant base with Card Scheme regulations.

FEXCO Merchant Services has take appropriate steps to provide our valued merchants with the necessary information, training and links to assist in assessing the actions that Merchants should take to ensure they are compliant. The fundamental principles of card scheme compliance as applied to DCC are that the cardholder has a choice on whether to accept or decline DCC, and that the terms and conditions associated with the service are disclosed to the customer at the point of sale. VISA and MasterCard have separate rules and regulations governing the provision of DCC in the card present and card not present environments, however the principles of choice and disclosure are common to both card schemes.