Information Security Management
Nexi Payments S.p.A. aims to create a corporate culture increasingly oriented towards the protection of personal data and commercial information in order to safeguard corporate information assets in terms of confidentiality, integrity and availability.
Hereof, Nexi Payments S.p.A. has adopted and Information Security Managed System (ISMS) according to the security measures defined by Standard ISO/IEC 27001:2017, which internationally is recognized as a reference framework for protection of information resources.
Annually, Nexi Payments S.p.A. sustain design and implementation activities mandatory for ISO/IEC 27001 certification renewal in order to preserve continuous improvement on effectiveness of adopted security measures.
Payment Card Industry – Data Security Standard PCI-DSS
Cardholder data security management
As an Issuing and Acquiring institution, Nexi Payments S.p.A. must assure Cardholder Data Security for managed payment cards (credit, debit and prepaid cards) respecting the measures defined by PCI-DSS Standard promoted by International Circuits (e.g. VISA, MasterCard, Amex, JCB, Diners).
International Circuits demand complete adherence to security requirements to all entities that process, transmit or store cardholder data in order to operate on payments market.
It is essential to review, update and constantly improve safety requirements. Nexi Payments, on an annual basis, undertakes the activities necessary for obtaining Group certification.
Since 2014 Mercury is officially certified PCI-DSS and complies with the requirements established by International Schemes in terms of security and data protection; Mercury also obtained, in 2018, PCI CPP / CPL certification for card personalization activities.
UNI EN ISO 22301
Business Continuity Management System
ISO 22301 is the International Standard developed to support organizations in identifying and establishing the requirements for the implementation of an effective and efficient Business Continuity Management System (BCMS) essential to guarantee, at a minimum acceptable level, the supply of products and services in case of a disastrous event that could compromise normal flow of operations.
Nexi Payments S.p.A has obtained UNI EN ISO 22301: 2014 certification for its Business Continuity Management System with a particular focus on Systemic Processes such as the provision of cash via the ATM terminal and the Transaction, Application Center and ACH services (Autometed Clearing House).
Continuously seeking improvements, Nexi Payments S.p.A. carries out the necessary project activities, both, for the renewal and for the extension of the perimeter of the ISO 22301 certification.
UNI EN ISO 9001
Quality System Certification
Nexi Payments S.p.A. aims to create an excellence-oriented corporate culture and to develop management methods aimed at the continuous improvement of the services offered in terms of efficiency and effectiveness, through the constant and periodic monitoring of Customer feedback and satisfaction. For this purpose, Nexi Payments S.p.A. has an ISO 9001:2015 certified quality management system for the following field of application (IAF 33, 35).
Creating, developing and managing digital payments solutions dedicated to Individual Customers, Merchants, SMEs and Banks, at the side of our Bank Partners. Design, development and management of s/w solutions, technological and application outsourcing, information services and related customer services, with a special attention to the Payment Systems used for the banking and Financial Institutions, Public Administration and Corporates, such as, for example, Applications, services, e-banking solutions and services, (Web and mobile), solutions and services of Interbank Corporate Banking, and Electronic Invoicing. Services for the payment of pensions and tax collection.
Quality objectives are outlined in the Principles for Quality, which are issued and updated in accordance with the development of business strategies.
The main principle behind these objectives: everything that can be measured can be improved.
Mercury is ISO 9001: 2015 certified; the certification attests the conformity of the Quality Management System, adopted by the company, with reference to the activities of:
- financial services related to collection of payments performed with payment cards, through the supply, the management, the telephone assistance and the use of both physical and virtual POS terminals, and the development of customized software applications (Acquiring Operations – since 2014);
- customization of plastics (Issuing Operations - since 2017).
Mastercard Card Quality Management
Quality System Certification
Since July 2020 Mercury is certified Mastercard Card Quality Management (CQM); the CQM program is part of Mastercard's Vendor approval process for companies operating in the field of management and personalization of payment cards.
The approval is based on the Quality Management System of the company, certified according to the UNI EN ISO 9001: 2015 standard, and is released by the International Schemes only to Vendors able to complete, successfully, the procedures set out in the CQM program as part of the process of personalization and issue of payment cards.