In our last newsletter we included an article entitled “Eftpos and PCI-DSS”.  This article stated that New Zealand Eftpos providers are working towards a 31 May 2010 deadline.  This deadline should in fact have read 31 May 2011 not 2010.  We apologise for this error.  
Eftpos and PCI-DSS 

Big changes are looming for any client’s who accept credit card or Eftpos payment from customers. 

New Zealand Eftpos providers are working towards a 31 May 2011 deadline to upgrade any old version 5.1 Eftpos machines to the new version 6.0 standards.  After this date, any old Eftpos machines will no longer work and will not be able to accept cards.  It has been reported that 400 retailers had been cut off from the Paymark Eftpos network that day for ignoring requests to update their Eftpos terminals ( Business Day 14 March 2011).  This could have a significant impact on their business, especially if there is a delay in sourcing a new Eftpos terminal.

If you have an older style terminal we recommend you contact your Eftpos provider immediately.  The two major New Zealand providers can be found at and  Alternatively you may be with another provider that we have not shown.

For client’s that also accept credit cards, whether just through an Eftpos terminal, or by taking credit card numbers over the phone, you need to be aware of the Payment Card Industry – Data Security Standard, or PCI-DSS for short. You should find references to these standards in your current Bank and/or Merchant agreements.

The PCI-DSS standard was developed by the major credit card companies (Visa, Mastercard, Amex, Diners etc) almost 4 years ago, and has recently been updated to version 2.0.  Application of the standard varies depending on your individual circumstances, centring around the level of involvement you have with credit cards.  The standard mandates various internal controls into your systems, up to 250 controls in the case of a large major multi-site business.

The due dates for implementing PCI-DSS have passed for most credit card companies.  Failure to comply with PCI-DSS, which leads to a breach in security (ie credit card fraud), can result in the credit card companies imposing fines on your bank, who can then turn and impose those fines on you.  There are examples of these fines from overseas ranging from $300,000 to $300 Million!  Industry analysts report that most New Zealand businesses are not PCI-DSS compliant and are unlikely to meet the due dates, exposing themselves to potential fines in the future.

If you are a retailer with an Eftpos machine that accepts credit cards, we recommend you discuss PCI-DSS with your Eftpos provider.  Both Paymark and Smartpay have indicated they have products that are PCI-DSS compliant.  If you accept credit card payment by other means, say taking the card number over the phone, then please contact us to discuss your individual situation.    

 Back to top


Click here to login
To register please click here.
Copyright Stewart & Co Ltd © | Disclaimer | Site Map | Websites for accountants by Wolters Kluwer