There’s no doubt today’s regulatory environment is becoming increasingly complex – and there’s no denying the importance of compliance in such an environment.

Debitsuccess, part of the Transaction Services Group and Australasia’s leading payment solutions provider, has been accredited with the highest PCI DSS compliance rating (Level 1) for the third year running, maintaining its standard as a New Zealand industry leader in data security for financial transactions.

What is PCI DSS?

The Payment Card Industry Data Security Standard (PCI DSS) is a globally recognised commercial compliance standard for organisations that store, process or transmit credit cardholder information. Established in 2004 by five major international credit card companies, it represents a common set of industry tools and measurements to help ensure the safe handling of sensitive information.

Levels, controls and measures

PCI DSS compliance is validated at four different levels, dependent on transaction volumes – Companies at Levels 3 and 4 can self-assess, Level 2 can self-assess or be externally audited, and Level 1 must be externally assessed, with approximately 250 mandatory controls. These include building and maintaining a secure network, protecting cardholder data, regularly monitoring and testing networks, and maintaining an Information Security Policy.

Essentially, Level 1 compliant companies must have the policies, procedures, physical structures and technologies to ensure credit card information is protected. This process involves assessor visits to validate compliance and extensive external and internal penetration testing.

Roger Greyling, lead Qualified Security Assessor (QSA) for conducted the assessment for Debitsuccess and says the direct debit billing provider demonstrated a rarely seen level of maturity with regards to financial information security.

“Sometimes organisations achieve compliance by satisfying a checklist, but are unable to maintain this as the structures and processes required to continually adapt have not been adequately implemented. So, for Debitsuccess to attain Level 1 PCI DSS compliance for three years in a row is clearly an immense achievement.”


PCI DSS compliance provides various advantages from helping businesses respond to and mitigate potential data security breaches and cyber security attacks, to assisting customers to become more efficient which leads to an improved bottom line.

Customer confidence is also key. For customers to transact with an organisation either online or via a contact centre, they need to be confident their payment details are secure and will not be compromised. PCI DSS allows this, building a culture of security, boosting the reputations of those businesses employing it and providing them with a competitive advantage.

Brian Garrity, Debitsuccess Head of Group Compliance, says the company’s efforts to achieve Level 1 PCI DSS compliance are a clear demonstration of its ongoing commitment to the security of cardholder data.

“This achievement underscores the significance we place on security measures and also the level of security maturity and awareness within our organisation. This illustrates to our customers that we take our responsibility as a trusted credit card and direct debit billing provider seriously.”

For more information visit and