Security

Security Controls Statement

OZPlug uses industry-standard security controls and payment-processing safeguards to help protect customer information.

Last updated: July 3, 2025

Payment processing is routed through Clover by Fiserv, with PCI DSS controls, encryption, tokenisation, and secure transmission safeguards.

1

Secure Payment Processing

OZPlug does not store or process full credit-card data on our servers. All transactions are routed through Clover, a trusted, PCI DSS–compliant payment platform owned by Fiserv.

  • Point-to-Point Encryption (P2PE): Clover encrypts card data the moment it is entered, ensuring sensitive information remains protected in transit and at rest.
  • Clover replaces card numbers with secure, non-reversible tokens, reducing risk exposure and further minimising PCI scope.
  • PCI DSS Compliance: Clover maintains ongoing compliance with PCI DSS, allowing OZPlug to leverage Clover’s validated controls and reduce merchant liability.

2

Encryption & Data Protection

  • All payment traffic travels over TLS 1.2 or higher, securing data exchanges between your browser, OZPlug’s servers, and Clover’s endpoints.
  • Because Clover tokenises sensitive data, OZPlug’s systems never retain full cardholder data—only the token reference required for order fulfilment and support.

3

Continuous Security Oversight

  • Clover provides real-time security monitoring, antivirus scanning, and intrusion-detection capabilities.
  • Merchants receive a Security Score dashboard along with fraud-protection and incident-response support via Clover Security Plus.

4

Scope Reduction & Liability Protection

  • By relying on Clover’s P2PE and tokenisation, OZPlug significantly reduces its PCI compliance burden.
  • Clover includes a breach-liability waiver of up to USD $100,000 per covered incident (per location), providing an additional layer of protection.

5

Operational Integrity

  • Clover’s infrastructure meets all current PCI DSS 4.0 requirements and supports the merchant self-assessment questionnaire (SAQ) process.
  • Payment endpoints utilise PCI-approved TLS cipher suites to ensure strong communications security.

Conclusion

Conclusion

Your payment data is processed exclusively by Clover, a fully PCI DSS-compliant platform that employs P2PE encryption, tokenisation, secure transmission protocols, and continuous fraud monitoring. OZPlug never retains full card data, helping ensure your transactions remain secure.

For questions about our security implementation or Clover’s compliance, please contact us via our Contact Page.

© 2026 OZPLUG. All rights reserved.

Questions about security controls?

Contact OZPlug support for questions about our security implementation or Clover’s compliance.

Contact support