E-xact Transactions (Canada) Ltd. is fully compliant with the Payment Card Industry Data Security Standard (PCI DSS). E-xact’s continued PCI Compliance assures that merchant and cardholder data is protected by the industry’s highest security standards.
E-xact is explicitly defined as a Level 1 Service Provider by the Payment Card Industry Data Security Standard (PCI DSS) through the DSS definition of a Service Provider, "a business entity that is not a payment brand, and directly involved in the processing, storage, or transmission of cardholder data."
If your merchant bank is inquiring about your (you, the Merchant) handling of payment data within the context PA-DSS, please note that this does NOT apply to your E-xact account. For the purposes of PA-DSS, a "payment application" is defined as one that stores, processes, or transmits cardholder data as part of authorization or settlement, where the payment application is sold, distributed, or licensed to third parties”. E-xact does not currently author Payment Applications that are sold, distributed, or licensed to third parties. Specifically, E-xact's payment solutions are offered as a payment service.
For more details about E-xact's status, please visit the PCI section of the Visa website and view our entry on the official list of providers.
Find out more about by visiting the PCI Compliance Site or reading the PA-DSS Program Guide.