Advanced Cybersecurity
Protecting your business, your customers and your reputation
For any business that sells online, a security breach can be catastrophic, leading to financial loss, reputational damage, and a loss of customer trust. For Australian businesses, cybersecurity isn't just a technical requirement; it's the foundation of a successful online operation. You need a payment partner who treats your security as their highest priority.
Eway's advanced cybersecurity infrastructure is built on a multi-layered defence strategy, combining bank-level security with proactive tools designed to protect you from evolving threats. We provide a secure foundation, and we give you the tools and knowledge to protect your own environment.
Bank-level Protection
We secure your customer and business information with the same levels of data security trusted by the biggest banks in the world. Our entire infrastructure is built to protect sensitive data from fraud and cyber attacks.
Highest PCI Compliance Levels
Eway is certified with Level 1 Payment Card Industry Data Security Standard (PCI DSS) compliance - the highest and most stringent security standard available in the payments industry.
Secure Payment Methods and Tools
Give your customers peace of mind with our advanced online security tools. Every Eway account includes our powerful Fraud Lite plan for free, which actively screens transactions to help protect you from fraudulent activity and reduce business losses.
Engineered for uninterrupted security and 99.98% uptime
Our core infrastructure is engineered for maximum resilience, delivering 99.98% uptime to ensure your data is protected and your payments processed 24/7 without interruption. We achieve this through a multi-layered, industry-leading architecture.
Akami assured routing
Our partnership with Akami, the global leader in DNS assurance, guarantees that all payment traffic is securely and accurately routed through our gateway to the correct destination, protecting against misdirection and interception.
Clustered web architecture
Our mission critical systems are supported by multiple backups and duplicates of every device. This industry leading design means our data centre teams can instantly divert traffic if any component fails, ensuring seamless service continuity.
True infrastructure redundancy
Eway operates redundant data centres across multiple cities. This allows us to process payments around the clock, even during local blackouts or network distributions. With data replicated across all sites, your customer and transaction information is never lost.
A multi-layered defence for your business
Our commitment to your security extends far beyond compliance, providing a multi-layered defence for every transaction. Our robust architecture is engineered to protect card data from evolving cyber threats, while our secure integration methods ensure sensitive information is sent directly to our vault, never touching your servers. This approach dramatically simplifies your PCI compliance obligations. Working in tandem with this secure foundation, our advanced fraud protection tools use machine learning and real-time screening to intelligently monitor for suspicious activity, helping to reduce losses without blocking legitimate customers.
What is PCI DSS compliance?
The Payment Card Industry Data Security Standard (PCI DSS) is the global benchmark for securing credit and debit card data. Created by the world’s major card brands, it provides a consistent set of rules for how businesses must handle, process, and store sensitive data. This helps to prevent fraud, financial penalties and data breaches. Eway is certified as Level 1 PCI DSS compliant, the highest and most stringent level of security available.
Your PCI Obligations: A Shared Responsibility
Security is a shared responsibility. While Eway provides a Level 1 compliant gateway, you must also secure your own business environment, including your website and internal networks.
Self-assess Your Business
Validate your compliance by completing a Self-Assessment Questionnaire (SAQ). These tools help you meet your security obligations, and Eway simplifies the process with secure integration methods and resources to help you achieve compliance.
Protect Your Business & Customers
Compliance is your security foundation. Build upon it with Eway’s advanced data security and fraud prevention tools. This creates a proactive, multi-layered defence against evolving cyberthreats to your revenue, reputation and your customers.
Simplify your compliance with the Merchant Trust Initiative
The Merchant Trust Initiative is a comprehensive program designed to give you the tools and resources you need to understand and meet your compulsory PCI DSS obligations simply and effectively. Non-compliance can leave your business vulnerable, but getting compliant doesn’t have to be complex. As well as access to our portal, an easy-to-use platform that guides you through the compliance process, the MTI also provides you with:
Guided questionnaires (SAQs)
An easy-to-follow wizard helps you complete the correct Self-Assessment Questionnaire (SAQ) for your business, with data pre-populated to save you time.
Quarterly network scanning
Protect your IT systems with regular network scans that check for vulnerabilities, providing easy-to-understand reports and clear instructions to fix any issues discovered.
Cybersecurity resources
Gain access to security awareness training, endpoint monitoring tools and a wealth of knowledge to help you protect your business from phishing, malware and other threats.
Learn more about our advanced cybersecurity
FAQs
I use Eway, doesn't that mean I'm automatically PCI DSS compliant?
While Eway is a Level 1 PCI DSS compliant provider, compliance is a shared responsibility. Our systems that process and store the data are secure, but every business must also ensure their own environment (e.g., website hosting, computers, internal networks) meets the standard. Our Merchant Trust Initiative is designed to help you easily achieve this.
Is PCI DSS compliance mandatory for my business?
Yes. It is mandatory for all merchants that accept credit card payments to be compliant with the PCI Data Security Standard, regardless of your business size or transaction volume. Failure to comply can result in penalties or suspension from processing card payments.
What are the penalties for non-compliance?
Non-compliance can leave your business vulnerable to cyber attacks, leading to significant financial and reputational damage. Card schemes may also impose penalties or suspend your ability to accept card payments.
How does the Merchant Trust Initiative (MTI) help me?
The MTI simplifies the entire compliance process. It provides you with a user-friendly portal, guided questionnaires, network scanning, and educational resources to help you easily meet your security obligations and protect your business.
