Skip to main content

What is PCI DSS? As a merchant accepting cards for payment, what are my obligations?

Security - Advice

Updated this week

Viva Bank makes every effort to provide merchants with a highly-secure solution, which follows strong security standards and best practices, and complies with PCI requirements. Our applications are regularly updated for features and security and merchants should follow recommended best practices to ensure payment acceptance security and comply with PCI DSS.

Build and Maintain a Secure Network and System

  • Install and maintain a firewall configuration to protect cardholder data

  • Do not use vendor-supplied defaults for system passwords and other security parameters.

  • A new device should be chosen or one that has been reset to factory settings to install the viva.com Terminal app.

  • Other applications or software installed on this device should be restricted to the minimum necessary for business. If you need to install other software, please only use the official Google Play Store or the designated device management solution of your company for your software installations.

  • Maintain your device and application up-to-date with the latest Operating System and viva.com Terminal app updates.

Protect Cardholder Data

  • Protect stored cardholder data

  • Encrypt transmission of cardholder data across open, public networks.

  • Verify that there are no obstacles or “skimmer” devices close to or on top of the NFC reader as this may hinder the card reading – the position of the NFC reader differs across devices, please consult the manufacturer’s manual to locate yours.

  • Instruct your cardholders to cover the PIN pad when entering their PIN.

  • Make sure that there are no cameras or other recording devices pointed in the direction of the cardholder when they enter their PIN.

Maintain a Vulnerability Management Program

  • Use and regularly update anti-virus software

  • Develop and maintain secure systems and applications.

Implement Strong Access Control Measures

  • Restrict access to cardholder data by business need-to-know

  • Identify and authenticate access to system components

  • Restrict physical access to cardholder data.

Regularly Monitor and Test Networks

  • Track and monitor all access to network resources and cardholder data

  • Regularly test security systems and processes.

  • Regularly inspect the status of your mobile device; make sure the device is in good condition, remove any affixed devices, plastic covers, cases, dockers, screen protectors that are mounted to the device.

Maintain an Information Security Policy

  • Maintain a policy that addresses information security for all personnel.

  • Finally, in case you notice anything unusual in the application’s behaviour, please get in touch with your store manager, your company's IT support or, if necessary, escalate to our customer support.

Did this answer your question?