PCI DSS Policy
Clearpay (as a subsidiary of Afterpay Touch Group) is a PCI DSS Level 1 certified compliant organisation. PCI DSS is a comprehensive set of requirements created by the Payment Card Industry Security Standards Council to enhance cardholder data security and to ensure the safe handling and transmission of sensitive customer credit card information and data. Maintaining security of cardholder data is very important to Clearpay. Clearpay’s PCI DSS responsibilities are outlined in the Attestation of Compliance (AOC) as independently audited by an external, Qualified Security Assessor (QSA).
For further information please visit the official PCI org website www.pcisecuritystandards.org.
Upon Consumer agreement to Clearpay Terms, Clearpay secures and protects the cardholder data according to the current applicable PCI standard for the life of the data needing to be retained. Clearpay acknowledge these responsibilities as being the organisation responsible for ensuring the safe handling and transmission of sensitive customer credit card information and data for the Clearpay services.
Clearpay merchants must implement Clearpay technologies according to Clearpay’s approved configuration. Merchants may have other PCI DSS responsibilities that are independent of the Clearpay Merchant Agreement process. It is the Merchant’s sole responsibility to remain informed of their PCI obligations and compliance status. Merchants should always consult their own Information Security professionals to review the security of the merchants business where required.