PCI Compliance

PCI Compliance

We are a licensed mercantile agency and a quality assured company.

We maintain full compliance with all applicable State and Federal legislation covering the collection of debts and Privacy, including, but not limited to, ACCC and ASIC Debt collection guideline: for collectors and creditors. We maintain established security standards that ensure the integrity and privacy of data and communications.

We are a PCI DSS compliant company, having been certified by an external PCI assessor.


Quick links: 
The ACCC / ASIC Debt Collection Guidelines - Learn More
The Privacy Act 1988 - National Privacy Principles - Learn More
Competition and Consumer Act 2010 Schedule 2 Sec 50 - Learn More


PCI DSS compliance

CCC understands your data is sensitive

As CCC works with corporations that transmit sensitive data across the internet, we are always at the forefront of internet security. CCC regularly undertakes internet security exercises including external penetration testing, to ensure we have the highest level of security.

All data is held in the strictest confidence. CCC is PCI DSS Certified (Classed as a Service Provider Level 2)

What is PCI DSS compliance?

PCI DSS stands for Payment Card Industry Data Security Standard and is a set of requirements which aim to safeguard sensitive data against electronic attacks. Specifically, any company that processes, stores or transmits credit card information should be PCI DSS compliant.

While this level of data security far exceeds the needs of most day-to-day business, our aim is to provide data security for our clients.

What PCI DSS compliance means for you

In order to achieve compliance, many steps must be taken to prove that our systems are secure. As a result you can be sure that your data is secure .

Examples of security steps taken:

  • Password protected access to machines and servers
  • Firewalls – both software and hardware on each device.
  • Log files upon entry, confirming username of person who accessed data
  • Alerts in case of breach
  • Regular external vulnerability and penetration scans are performed by an independent third party hosted scanner (StickSecure)