PCI DSS v2.0


Each year we have an onsite audit completed by our registered QSA (Securus Global) in order to ensure that all components of our payment platform including our business processes are PCI DSS compliant.

Tier 1 PCI DSS v2.0 – Certified!

In August 2010 the PCI SSC announced that the PCI DSS v2.0 would be published in October of 2010. A list of changes that have been made between PCI DSS v1.2 and PCI DSS v2.0 can be found here.

Thanks to the efforts of all staff we have been certified by Securus Global as a Tier 1 PCI DSS v2.0 payment gateway.

Merchants that take advantage of the Merchant Warrior payment platform can rest assured that all products have been thoroughly assessed and will continue to maintain the highest level of compliance.

The introduction of our Token Payments solution (including Tokenized Batch Payments), Transparent Redirect and Hosted Payments has aided a number of organizations in maintaining the highest level of compliance and reducing the costs that are associated with the PCI DSS.

We owe a great deal of thanks to the support that we have received from our acquiring partners (National Australia Bank, Westpac Banking Group, Australia & New Zealand Banking Group Limited, Commonwealth Bank of Australia), our merchants and of course our QSA – Securus Global.

MW & Magento… Finally!

We know that it has been a long time coming but we have finally got there. Our merchants have been asking us for an integration module into the one of the world’s most popular open source eCommerce stores – Magento and finally they have it.

What is Magento?

“Magento is a feature-rich, professional open-source eCommerce solution that offers merchants complete flexibility and control over the look, content, and functionality of their online store. Magento’s intuitive administration interface contains powerful marketing, merchandising and content management tools to give merchants the power to create sites that are tailored to their unique business needs. Completely scalable and backed by an extensive support network, Magento offers companies the ultimate eCommerce solution.”Magento

Magento & MW – How?

As those of you who have integrated with Merchant Warrior in the past will already know – we like to keep it simple. The Merchant Warrior Developer Zone has been updated to include a Magento 1.5+ module that includes instructions on how to install the module and enable your Magento shopping cart to accept online payments via the Merchant Warrior Payment Gateway.

Merchant Warrior & Magento are a powerful combination that merchants should consider, whether they be searching the market for the right shopping cart or looking to take their current eCommerce platform to the next level.

MW Batch Payments!

Batch Payments REVAMPED

Merchant Warrior - Batch Payments

What are Batch Payments?

Merchant Warrior’s Batch Payments offers merchants a simple way to process a large number of offline or periodic transactions. If your business is processing large volumes of subscriptions, membership fees or installment fees then you will already be using a Batch Payments solution or you should be.

Batch Payments are processed by a merchant compiling a file which contains a list of the transactions which need to be processed for a specific period. This file is then submitted to a Payment Gateway for processing. A solution such as Merchant Warrior’s Batch Payments is a much more efficient method of processing transactions when you are dealing with a high volume of transactions.

Why Merchant Warrior Batch Payments?

Merchant Warrior offers its merchants two methods of processing Batch Payments:

  • Manual upload via the Merchant Warrior administration panel
  • Merchant Warrior’s advanced Direct API platform

Both of these batch processing methods support .csv (comma separated value), .xls (microsoft excel 94-2004) and .xlsx (microsoft excel 2007) file formats.

In the past Batch Payments often meant that merchants were dealing with complex file formats, slow transmission methods and the requirement to poll a service to identify whether the batch file had been processed or not. Have no fear – we will not put you through that pain again.

Merchant Warrior’s Batch Payments enables merchants to work with simple file formats which can be integrated into any periodic billing system whether it be for a small business or corporate.

Merchants have the ability to request and receive automatic notifications when a batch file has completed processing and have the resulting batch file compressed (if required). Reports can be emailed upon batch processing completion, are archived indefinitely and can be easily accessed via the Merchant Warrior administration panel or Direct API.

Batch Payments & PCI DSS?

Yes, we do our math. Our team works hard to ensure that we supply our merchants with the best solutions in the industry.

The Merchant Warrior Batch Payments solution supports our extremely popular Token Payments service. Rather than be required to store your customer’s credit card information locally you can simply submit a batch file to the Merchant Warrior Direct API or merchant administration panel filled with Tokens (see Merchant Warrior Token Payments for more information).

What’s next?

There are a lot of new features and updates that we are performing to our processing platform. Our aim has always and will always be to offer our clients the best payment solutions in the industry that ease their integrations, ensure their PCI DSS Compliance and increase their processing security.

We believe our Batch Payments revamp is a step forward for our processing platform and one that will encourage merchants to take advantage of our advanced Payment Gateway and customer focused services. In short – our merchants love it, we hope you do too!

For further information visit Merchant Warrior Batch Payments. Sample batch files and integration documentation can be found at the Merchant Warrior Developer Zone.

Dremus Supports MW

“Dremus is a hosted e-commerce platform used to build online shopping websites.  We take care of everything from hosting, security, and software updates so you can concentrate on managing a successful online business.” – Dremus

MW & Dremus = e-Commerce for Everyone!

Preparing your business to go online is never an easy task and one of the biggest decisions is working out which shopping cart solution to implement. Business owners often have to make a decision as to whether they will be hosting a shopping cart themselves or whether to implement a hosted shopping cart solution.

Dremus is a powerful hosted shopping cart that allows merchants to get up and running with an online store in minutes. The beauty of Dremus is in the elegant design and powerful features which allow merchants to operate a secure online shopping store in a simple manner.

Dremus Features

  • Free Themes
  • Free Trial Available
  • Custom Designs
  • Built in Analytics
  • Free Search Engine Optimization (SEO)
  • Create Coupons & Discount Codes Easily
  • Inbuilt Customer Relationship Management
  • Multiple Language Translations
  • Multiple Currencies (20 Currencies)
  • Country Specific Application of Taxes (GST, VAT etc.)

Dremus now supports the Merchant Warrior Payment Gateway out of the box. That means that if you are currently searching for an online shopping cart solution that you should be looking at Dremus.

Sign up for the Free Trial and give it a test run! You might also want to ask us about the discounts that are available when you combine Dremus & Merchant Warrior 😉

Shopp Plugin & MW

WordPress + Shopp + MW = Perfect.

Merchant Warrior is now supported by the beautiful Shopp Plugin for WordPress. Have you ever wondered if it’s possible to turn your wordpress blog into an online store? If so the Shopp Plugin is the solution that you’ll be wanting to get the job done seamlessly.

Shopp is an e-commerce plugin that adds a feature-rich online store to your WordPress-powered website or blog. Get your store up and running in minutes. Then, take it to the next level with the flexibility of Shopp’s customization tools that allow production studios and power users to tailor every aspect of the shopping experience. Shopp Plugin

Simple, Effective, Instant.

Features that are supported by Shopp Plugin that we like are:

  • Bolt-on e-commerce functionality, just install and activate
  • Search engine optimized shopping pages
  • Works out-of-the-box with any theme
  • Focused development to be fast, efficient and play nicely with other plugins
  • Shortcode support for placing products and categories in blog posts or pages
  • Basic inventory management and low-stock e-mail alerts
  • Support for selling digital & physical products and donations
  • Export orders and customers into Tab, CSV and Excel formats
  • Export orders for import as transactions into Intuit Quickbooks (As Australians we can only hope this functionality is added to MYOB in the future!

The tutorial video below displays just how easy it is to integrate your online business with the WordPress Shopp Plugin.

If you’re currently looking for a payment solution to tie into your WordPress blog don’t look past Shopp Plugin. To our beloved merchants who have requested that we work with Shopp Plugin to get integrated we’re happy to say that your wish has been our command!

WP-eCommerce ONLINE!


We’re here today to announce that the Merchant Warrior Payment Gateway now supports WP-eCommerce. We’ve had numerous merchants ask that this product be supported and we can successfully say that you now have a module to play with!

What is WP-eCommerce?

This wordpress extension is the handy work of Dan Milward, Tom Howard and Jeffry Ghazally.

“The WP e-Commerce shopping cart plugin for WordPress is an elegant easy to use fully featured shopping cart application suitable for selling your products, services, and or fees online.

WP e-Commerce is a Web 2.0 application designed with usability, aesthetics, and presentation in mind.

Perfect for:

  • Bands & Record Labels
  • Clothing Companies
  • Crafters & Artists
  • Books, DVDs & MP3 files” WordPress.org

How can I integrate with it?

We’ve made it as simple as possible. If you head to our Developer Zone you will be able to download the module directly to your WP-eCommerce shopping cart and begin processing payments through the Merchant Warrior Payment Gateway! Happy Integrating!

PCI Compliant Yet Again

YOUR Security is OUR Duty

It may not be the most exciting news but it’s definitely worth a mention – last week we were approved as a Tier 1 PCI DSS Compliant Payment Provider again. It’s important for us to mention this to our clients and to the public as we take PCI DSS seriously. Each year we undergo an on-site audit by our professional QSA – Securus Global. Each of our products, services and environments are audited to ensure that our practices are PCI DSS Compliant and that we protect our merchant information in every way possible.

We undergo this on-site audit for three major reasons:

  1. Obviously, it’s a requirement.
  2. We like to ensure that each product and service that we develop meets the requirements of the PCI DSS.
  3. It’s important to us that we provide our merchants with the most secure platform to process transactions under.

It’s no secret that Merchant Warrior is working behind the scenes to produce new technologies to enhance the Payment Industry. However, we do have a few secrets in regards to the products and features which we will be releasing later this year. Our merchants are in for a pleasant surprise! Now that our new features and services have been given the tick of approval all that’s left is intense Quality Assurance and Software Testing before we release these exciting features to the public.

In the meantime I would like to thank Securus Global for completing yet another successful on-site audit with our team. The audit was handled in an extremely professional manner and no disruptions to important schedules took place – and for that we are extremely grateful. Also, to the team – I’d like to thank you for being well prepared and having all in order, making it a simple task for Securus Global to complete the audit. Well done!

For all merchants that would like to view our new certificate of compliance click here.

Now, I mentioned earlier that we take the PCI DSS seriously, and in all honesty we do. But the next comment is directed to the PCI Council – “Why?” and it relates the following video which is available on their website.

Just a warning – you may not take the PCI DSS seriously after you view this video.

PCI Compliance In A Nutshell

What is PCI DSS Compliance?

At some point during the running of your online store you will most definitely be asked some of the following questions: “Are you PCI Compliant?”, “What level of compliance do you adhere to?”, “Have you filled out your Self Assessment Questionnaire?”. The list can go on but in order to answer these questions correctly it’s best to know exactly what is being asked and to understand what PCI DSS Compliance is all about and the importance that this has upon you as a merchant.

Let’s get some of the common questions out of the way in bullet form and then we’ll move onto explanations:

Q: What does PCI DSS Compliance stand for?

A: PCI DSS stands for “Payment Card Industry Data Security Standard” which is governed by the Payment Card Industry Security Standards Council. The PCI DSS is supported by VISA, MasterCard, American Express, Discover & JCB.

Q: Why is PCI DSS Compliance so important?

A: The PCI DSS was created to prevent credit card fraud and to secure sensitive credit card information that merchants deal with. The idea of the standard is to ensure that merchants are doing their best to protect their customer credit card information. The penalties for noncompliance can be deadly to a small business. Noncompliance results in the payment brands (VISA, MasterCard, American Express, Discover & JCB) issuing a fine between $5,000 to $100,000 per month to the acquiring bank. In most cases the acquiring bank will then pass these fines onto the merchant, terminate the merchant or increase the merchant’s transaction fees significantly.

Q: Do I need to be PCI DSS Compliant to run an online store?

A: If you process, transmit or store credit card information then you will be required to be PCI DSS Compliant.

Q: I’ve never heard of this and have been running an online business for years with no problems. Is this all just jargon?

A: The payment brands as well as your acquiring bank can choose to audit your online business at their discretion. The PCI DSS has been in motion since 2004 and even though Banks are often slow movers they are beginning to understand the importance of PCI DSS Compliance. Banks are issued with heavy fines for boarding non compliant merchants and it’s in there best interest to protect themselves. It’s always better to protect your customer information as much as possible and also protect yourself from the penalties that are imposed for noncompliance.

With the common questions out of the way let’s move onto some explanations.

Do I need to be PCI DSS Compliant?

The Payment Card Industry Security Standards Council states that:

“PCI DSS requirements are applicable if a Primary Account Number (PAN) is stored, processed, or transmitted. If PAN is not stored, processed or transmitted, PCI DSS requirements do not apply.”PCI Security Standards Council (Article #5378)

The PAN specifically refers to your customer’s credit card number. If your shopping cart or billing software requires you to store the credit card information locally on your own servers then you will be required to follow the PCI DSS requirements. If you are processing or transmitting your customer’s credit card numbers across your network, over the phone or even to a third party provider then you will once again be required to follow the PCI DSS requirements.

A lot of merchants will feel that they do not need to follow the PCI DSS requirements because they do not store any credit card numbers locally on their systems. This is a common misconception and it’s important to understand exactly what “processing” and “transmitting” credit card numbers actually means. A primary example is that of a company that accepts credit card numbers from their customers over the phone. The company may not be storing the customer’s credit card number locally but they are still receiving the credit card number from the customer in an unencrypted form. After the representative receives the customer’s credit card number over the phone they will then (in most cases) enter the credit card number and customer details into a payment application which will send the credit card number directly to a Payment Gateway (such as Merchant Warrior). It is at this point that the merchant is “transmitting” the PAN (credit card number) and as such is still required to follow the PCI DSS requirements.

There are levels of compliance and it’s important to know where you factor into these levels. The following table is an extract from the PCI Security Standards Council FAQ:

Level/Tier Merchant Criteria Validation Requirements
1 Merchants processing over 6 million Visa transactions annually (all channels) or Global merchants identified as Level 1 by any Visa region.
  • Annual Report on Compliance (“ROC”) by Qualified Security Assessor (“QSA”)
  • Quarterly network scan by Approved Scan Vendor (“ASV”)
  • Attestation of Compliance Form
2 Merchants processing 1 million to 6 million Visa transactions annually (all channels)
  • Annual Self-Assessment Questionnaire (“SAQ”)
  • Quarterly network scan by ASV
  • Attestation of Compliance Form
3 Merchants processing 20,000 to 1 million Visa e-commerce transactions annually
  • Annual SAQ
  • Quarterly network scan by ASV
  • Attestation of Compliance Form
4 Merchants processing less than 20,000 Visa e-commerce transactions annually and all other merchants processing up to 1 million Visa transactions annually
  • Annual SAQ recommended
  • Quarterly network scan by ASV if applicable
  • Compliance validation requirements set by acquirer


Slow down! What’s a QSA? What’s this SAQ? What’s an ASV?

A QSA is simply a bunch of people who are not very nice. That’s what you’d expect anyway considering they are auditors. Merchant Warrior were lucky enough to work with Securus Global who seem to have a bit of life to them and were readily available to assist us in achieving our Tier 1 PCI DSS Compliance. QSA’s carry out on-site audits or consultation to help merchants or providers achieve PCI DSS Compliance.

SAQ refers to a Self Assessment Questionnaire. This is a document which has a list of requirements that merchants should be following. The SAQ must be filled in and submitted to either your bank or your QSA for verification. It’s best to check with your bank for exactly what your PCI DSS requirements are as they change from bank to bank.

ASV – it’s all in the name. An approved scanning vendor – they simply provide merchants with network scans to make sure that your basic external security is in tact. We choose to use McAfee Secure but there are many other ASV’s available and a list can be found here.

There are ways to reduce the risk of credit card fraud and even exclude your online business from being subject to the PCI DSS requirements. We’ll discuss this in the next section but before proceeding it’s important to note that although PCI DSS requirements may not apply to you, you should still secure your network and payment applications to the best of your ability. There is a major difference between being secure and being PCI DSS Compliant.

How can I achieve PCI DSS Compliance?

Merchant Warrior provides merchants with a number of products to help them achieve and maintain the highest level of PCI DSS Compliance. In case you’re wondering what allows us to develop and market PCI DSS Compliant products – it’s the fact that we are a certified level 1 PCI DSS Compliant payment provider. A certificate that verifies this can be found here.

The first step in achieving PCI DSS Compliance is working out exactly what personal customer information your business is required to keep on file. Do you really need to store credit card details of your customers? If not – then don’t do it. Business owners often like to have as much information on customers as possible and this is completely understandable but storing the first and last 4 digits of a credit card number instead of the entire number for verification purposes is more than enough. Where possible keep your storage of ANY credit card information to an absolute minimal if any. Some business models or payment applications may require that the credit card number be accessible. Merchant Warrior provides storage facilities such as Token Payments to help merchants access credit card data without the requirement to store the data themselves. Please read the Token Payments page for further details.

So you’ve managed to get storage out of the way. Here’s a quick question to make sure you’re still paying attention – Now that you’re no longer “storing” any credit card information are you PCI DSS Compliant? NO! (highlight to the left of the brackets to see the answer).

It’s time to find how to avoid “processing” and “transmitting” credit card details. Merchant Warrior has two products which help merchants completely avoid processing or transmitting credit card details. The first of the two products is Hosted Payments. Put simply Merchant Warrior hosts a payment page on behalf of the merchant and when customers click the “checkout” or “process” button on the merchants website, they are redirected to the payment page that we host for the merchant. In this scenario the merchant never accepts or transmits any credit card information as all of this is handled by Merchant Warrior due to the payment page being hosted on our servers.

Right now there will be some merchants saying “Yes. I know about a hosted payment page. I hate it – I want the hosted payment page to be completely re-branded so that it looks like my website and doesn’t cause any confusion or generate any fear for my customers.” We heard you. That’s why with our Custom Development merchants are able to request a completely custom hosted payment page. We’ll design the page exactly as specified to us by the merchant.

Whoops. We’ve forgotten something. Some merchants right now are upset and are saying “I’m not paying for you to design my hosted payment page. I have my own development team and they’re damn good at what they do. Why on earth should I use you? Give me another option.” – Sure. We heard you too. For merchants that aren’t worried about diving into easy development we have a Transparent Redirect product which gives merchants all the benefits of a Hosted Payment Page except that they are able to host the page themselves and have it completely designed as they like. We won’t get into the technical aspects of this product and how it achieves PCI DSS Compliance and avoids merchants having to store, process or transmit any credit card data we’ll just leave it to you to check out the Transparent Redirect page because it explains how this is achieved.

It’s that easy! By choosing Merchant Warrior you can achieve PCI DSS Compliance in a number of ways and keep it simple. We have off the shelf products that can help as well as completely custom designed solutions that can be catered to your exact specifications. If you’re curious about PCI DSS Compliance and require some consultation we’re happy to put you in touch with our amazing QSA – Securus Global.

Please be honest. What do I get from this?

Honesty IS the best policy so here’s your answer: Achieving PCI DSS Compliance for your business should not be a question, it should be a necessity. Customers that deal with PCI Compliant online stores often feel a sense of safety as they know the merchant is doing what is required to ensure that their credit card information is stored, processed and/or transmitted securely at all times. Your bank will move quicker in establishing your merchant account once they recognize your level of compliance and willingness to protect your customers and you avoid heavy fines that could potentially put you out of business should a breach occur and noncompliance be the reason. All in all PCI DSS Compliance is not the devil – it’s here to help us as everyday online shoppers continue to do what we do freely in a secure environment.

Choosing Merchant Warrior as your PCI DSS companion will ease the process of establishing your business as a PCI DSS Compliant provider.