PCI compliance is universal. Whether you’re doing business in Australia, where we find ourselves in this episode, or anywhere else in the world, protecting your data, your customers’ data, and their customers’ data is essential for making Embedded Payments a success.

Despite the importance of the Payment Card Industry Data Security Standard (PCI DSS), it’s often a confusing topic for many businesses. So our host Bob Butler recently sat down with our expert down under, Zac Lutton, Head of Fraud and Risk for Payrix Australia, to help dispel some of the misconceptions and answer some common questions.

According to Zac, the key to PCI compliance is understanding your obligation in the payment chain to create a safe environment for data. Protecting payments is a joint effort between a payment provider and a software company. “Any payment provider can only protect data and information once it is passed on to them, and you, as the software partner, need to have provisions in your environment to protect yourself on the journey in passing that information.”

That’s why he urges companies who want to add payments to their software offering, to educate themselves about PCI requirements and hire experts internally or work with trusted partners. “What PCI does is give you best practices on how to protect yourself and help identify areas of weaknesses. PCI gives you the ability to create internal policies that help you through the importance of taking payments and identifying best-practice mechanisms to safeguard your whole entire environment.”

He says PCI is not an insurance policy, but it has to be a priority for companies to build a strong security foundation and ensure safe and secure payment processing. “Don't think you are exempt from fraudsters wanting your data or you won't be a target. Everyone is a target today.”

With that in mind, the safe thing to do is have a listen.