Skip to content

PCI Compliance Guide

What is PCI Compliance?

Payment Card Industry Data Security Standard (PCI DSS) is a set of security requirements designed to ensure that all companies that process, store, or transmit credit card information maintain a secure environment. Compliance with these standards helps protect your customers' sensitive payment information and reduces the risk of data breaches.

Agend Systems and PCI Compliance

As your technology partner, Agend Systems takes security seriously. Our Agend solution is designed to minimise your PCI compliance burden by:

  1. Outsourcing payment processing: We use PCI DSS validated third-party service providers to handle all cardholder data processing.
  2. Zero cardholder data storage: Agend systems do not electronically store, process, or transmit cardholder data on our systems or premises.
  3. Simplified compliance path: By using Agend, your organisation qualifies for SAQ A (Self-Assessment Questionnaire A), which is the simplest form of PCI compliance assessment.

What is SAQ A?

SAQ A is designed for merchants who have fully outsourced all cardholder data functions to PCI DSS compliant third-party service providers. This applies to your organisation if:

  • You accept only card-not-present transactions (e.g., online payments via your Agend website)
  • All processing of cardholder data is handled by PCI DSS validated third-party providers
  • Your staff never has access to complete credit card numbers
  • Any cardholder data you retain is only on paper documents

2025 PCI DSS 4.0 Updates and Our Readiness

The PCI Security Standards Council has introduced new requirements coming into effect on March 31, 2025. Here's how Agend is positioned to help you maintain compliance:

Requirement Description Agend Status
6.4.2 Web application firewall for internet-facing applications In place
8.3.6 Minimum password length increased to 12 characters In place
8.4.2 Multi-factor authentication for all access to cardholder data environment In place where applicable

Your Responsibilities

We work with you to meet your PCI Compliance Requirements, however much of the compliance responsibility resides with the client and as such, below are just some of the items required to perform:

  1. Complete the appropriate SAQ A form annually
  2. Create and maintain policies that deal directly with PCI Compliance
  3. Ensure staff handling any paper records with cardholder data follow secure procedures
  4. Arrange regular security scans through an Approved Scanning Vendor (ASV)

How We Can Help

Agend Systems offers support packages to assist with:

  • Understanding your specific compliance requirements
  • Working with ASV vendors during assessments
  • Implementing any technical changes needed to maintain compliance

Next Steps

If you have questions about PCI compliance or need assistance, please contact your Agend account manager. We're committed to helping your organisation maintain a secure payment environment while delivering an exceptional member experience.