Security

Suspect a transaction is fraudulent?

Call Tyro’s Fraud Analysis Team immediately on (02) 8907 1610.

Learn more about fraud prevention

Security is our number one priority

At Tyro, it’s our responsibility to ensure payment security. Therefore:

  • All Tyro terminals are PCI-PTS compliant and are included in the APCA (Australian Payment Networks) approved devices list
  • Tyro terminal PIN pads are protected with a unique key entry shield to increase privacy
  • Tyro’s unique proposition of Integrated Transactions ensures that
    • no cardholder data is processed/presented on the Point of Sale (POS) or Practice Management Software (PMS), so the POS/PMS is out of scope for PCI DSS
    • the above point reduces the PCI DSS compliance effort for our merchants
    • all cardholder data is encrypted between the terminals and Tyro
    • card information is elided on all printed terminal receipts
    • Tyro’s terminal can only successfully verify a connection to Tyro for carrying out transactions

Tyro adopts a risk based approach and while currently working on its PCI DSS 3.2 compliance, Tyro has ensured an effective implementation of all critical security controls relating to cardholder data, such as

  • not storing any PIN information
  • ensuring robust protection around stored cardholder data
  • never sharing any cardholder data with the merchant
  • developing and maintaining secure systems and applications
  • ensuring periodic vulnerability scans

We are the security experts so it’s our responsibility – not our customers’ – to keep payments safe and data encrypted. Tyro was the first and only Australian EFTPOS provider who was successfully validated against the Payment Card Industry Data Security Standard (PCI-DSS). These standards define security practices to enhance payment card security. The PCI Council also manage two other major security standards.

PIN Transaction Security Standards

These standards ensure the security of a cardholder’s PIN entered via an EFTPOS terminal.

Payment Application Data Security Standards

These standards define how software vendors write secure applications that handle card data.

How we keep payments secure

At Tyro, we believe it’s our responsibility to ensure payment security. Therefore:

  • All Tyro terminals are PCI-PTS compliant.
  • We never share any cardholder data with the Point of Sale (POS), so the POS is also out of scope for PCI PA-DSS.
  • We never share any cardholder data with the merchant.
  • All cardholder data is encrypted on the Tyro terminal and the merchant has no way of decrypting this data.
  • Tyro terminal PIN pads are protected with a unique key entry shield to increase privacy.

You should also use the current self-assessment form to see how you compare against the PCI-DSS recommendations.

How to protect yourself

In addition to compliance, these are additional precautions to protect your business from security threats.

Data theft prevention

Data theft prevention

Protecting cardholder data is vital. If fraudsters get their hands on the PIN and other authentication data, they can impersonate the cardholder, use the card, and steal the cardholder’s identity.

Use firewalls

Put a wall between you and online hackers with an effective firewall.
Make sure your operations are in line with security best practices by visiting Stay Smart Online.

Antivirus software

Use anti-virus software

Your POS system and any mobile devices that connect to the same network as your EFTPOS terminals should have anti-virus and anti-malware software installed.

Useful security links

Stay Smart Online

SCAMwatch

PCI Quick Guide

PCI for Merchants

PCI for Small Merchants

PCI Data Storage

Want to know more?

Get in touch

Disclaimer: Tyro makes no representations and gives no assurances whatsoever in relation to the credit worthiness of any person presenting a charge card or the performance of any agreement or arrangement between the merchant and any person, body corporate or association conducting a charge card scheme.