Mercury Processing Services International fully recognizes the reality of security related risks in the payment card industry. Therefore, it is our top priority to continuously provide secure services to our clients and customers.

In order to validate established processes and infrastructure, and to demonstrate our security status and competency to our clients and business partners, we have engaged in certification of our values.

Today, we are proud to say that Mercury Processing Services International is a certified MasterCard Global Vendor and holds a PCI DSS Certificate, both in Croatia and Slovenia.

We are a proud owner of the MasterCard Global Vendor Certification Program Certificate.

The Global Vendor Certification Program (GVCP) is a MasterCard security compliance program for vendors providing card issuing services (embossing, encoding, card personalization, PIN mailing, chip personalization etc.) to MasterCard Members.

The Program defines strict requirements for the physical security of vendors' sites, as well as the logical security of the data environment. Mercury Processing Services International`s successful implementation and adoption of the program has been confirmed by an independent approved Audit.

undefined
 MasterCard GVCP Certificate

Mercury Processing Services International has successfully implemented all of the Payment Card Industry Data Security Standard requirements, in both Croatia and Slovenia.

The Payment Card Industry Data Security Standard (PCI DSS) is a widely accepted set of policies and procedures intended to optimize the security of credit, debit and cash card transactions and protect cardholders against any misuse of their personal information.

PCI DSS specifies and elaborates six major objectives:

  • A secure network must be maintained in which transactions can be conducted. In addition, authentication data must not involve defaults supplied by the vendors. Customers should be able to conveniently and frequently change such data.
  • Cardholder information must be protected wherever it is stored and their repositories should be secure against hacking.
  • When such data is transmitted through public networks, it must be encrypted in an effective way.
  • Systems should be regularly patched and protected by using frequently updated anti-virus, anti-spyware, and other anti-malware solutions. All applications should be free of bugs and vulnerabilities that may create situations where cardholder data could be stolen or altered.
  • Access to system information and operations should be restricted and controlled. Cardholder data should be protected physically as well as electronically.
  • Networks must be constantly monitored and regularly tested to ensure that all security measures and processes are in place, functioning properly, and kept up-do-date.
  • A formal information security policy must be defined, maintained, and complied with at all times and by all participating entities.
undefined
  PCI DSS Croatia
undefined
  PCI DSS Slovenia