Security – who is doing what?

A perfectly orchestrated symphony of security. We explain who does what to make sure that cashless payments are secure.

When cardholders swipe their debit or credit cards at the cash register, this sets in motion a chain of lightning-fast authorization and processing procedures. And the interplay via the complex network infrastructure between card issuers, card organizations, acquirers such as SIX, merchants and customers begins. But who plays what part in making cashless payments secure?


Customers should be careful not to lose their cards. If this happens, however, they report the loss to their card issuer. They know how important it is to keep individual passwords protected. When making online purchases, they avoid webshops without SSL encryption and try only to use sites that employ 3D Secure technology for their payment processes and require additional authentication steps from cardholders. Customers also know, for example, that e-mails sent from suspicious support centers asking for their passwords to unlock purportedly blocked accounts are targeted solely at getting their hands on such passwords. Therefore, if in any doubt about an e-mail's authenticity, they do not click on any links or open any attachments.


Companies set up, maintain and monitor their networks in line with the international security requirements laid down in the PCI DSS. They use payment terminals equipped with cutting-edge technology and work with payment service providers in the Internet business which are themselves PCI DSS-certified and offer 3D Secure technology. Merchants can therefore rest safe in the knowledge that they are complying with security requirements at all times, thereby protecting themselves and their customers against any unpleasant surprises.

Card organizations

Card organizations such as Visa and MasterCard require not only merchants to implement their security standards – but acquirers as well. They were also responsible for introducing the PCI DSS security standards to improve security when making card payments and protect merchants and cardholders against card data theft.

Card issuers

Card issuers (banks) have a vested interest in ensuring that their infrastructure meets the high PCI DSS security standards, since card management from start to finish has to be processed via secure applications. During card production, banks also respect the PCI Card Production standards. The production environment and materials used must satisfy all stipulated requirements.

Card acceptance (acquirers)

The transaction routing must comply with the strictest security requirements. Acquirers such as SIX use the most secure systems available to authorize cards and process the ensuing transactions. Acquirers monitor the entire transaction flow and are equipped with fraud detection software and surveillance systems that detect even the slightest discrepancies. The payment terminals and infrastructure are certified in accordance with the highest standards, and all transactions are based on the latest encryption technologies.