Payment Card Industry Data Security Standards (PCI DSS).

What is PCI DSS? 

Protection of card data is critical for all businesses. The PCI DSS is a set of comprehensive requirements to ensure increased cardholder data protection and forms industry best practice for those who process, transmit, store, or can impact the security of cardholder data. 

What is cardholder data?  

Any data held about a cardholder. For example: cardholder PIN, CVV (the three digit code on the back of a card), card number, expiry date, or the cardholder name. 

What are the benefits of being PCI DSS compliant?  

Compliance with PCI DSS is an obligation under your Westpac merchant agreement, however there are other benefits to being compliant: 

  • Provides a security standard
  • Decreased risk of data compromise 
  • Increased consumer confidence and improved brand reputation
  • Peace of mind for you and your customers. 

How does this affect my business? 

PCI DSS compliance is required for all businesses and service providers that store, process, transmit or have access to cardholder data - or have systems that offer public internet access to the company - and extends across all payment channels 

Becoming PCI DSS compliant

For more information, download our full PCI DSS guide for Westpac merchants, Meeting Payment Card Industry Data Security Standardsto use in your business. We recommend keeping this handy in your business to help you continue to meet your PCI DSS obligations. As a merchant, we also recommend familiarising yourself with the full guide to the Payment Card Industry Security Standardsavailable on the PCI Council website. 

What to do in the event of an Account Data Compromise (ADC)

If you suspect your business may have suffered an account data compromise, you must immediately notify Westpac via your Relationship Manager, Westpac Merchant Assist team on 0800 888 066, or by emailing 

If you've been compromised, please access our document, Account Data Compromise: Your obligations and next steps as a Westpac merchant for more information on your next steps. We recommend familiarising yourself with the contents of this document and keeping a copy handy in your business to access quickly in the event of an ADC. We also recommend having our ADC next steps quick reference somewhere visible, as it's important to act as quickly as possible in an ADC, to prevent further harm to your business.

Guides & standards.

Quick reference guides and tips for Westpac merchants

Check out the following resources for more information about protecting your business and your customers. We recommend keeping these handy in your business to prevent any guesswork with customer data. 

Prepare your business for eight-digit BINs.

The International Organisation of Standards (ISO) is expanding the length of the issuing Bank Identification Number (BIN) from six to eight digits. This comes into effect from April 2022, so it's important to get your systems ready for the change.

Things you should know.

The information on this page and in the following documents is intended as a guide only. It is not intended as a comprehensive list of all obligations you may have with respect to PCI DSS or an Account Data Compromise.

We make no warranty or representation, express or implied, regarding the accuracy of any information, statement or advice contained in this document. We recommend you seek independent advice before acting or relying on any of the information in this document. All opinions, statements and analysis expressed are based on information current at the time of writing from sources which Westpac believes to be authentic and reliable. Westpac issues no invitation to anyone to rely on this material.  

Mastercard® is a registered trade mark and the circles design is a trade mark of Mastercard International Incorporated.

Links to other sites are provided for convenience only and Westpac accepts no responsibility for the availability or content of such websites.