We are a registered BACSbureau


For payment processing, we are a Bacs approved bureau and as a registered Data Controller* and Processor we have the highest standards of data security and control. Being a Bacs bureau means we are permitted to make payments to customers from a client’s own bank account using our Bacs bureau facility; this is particularly beneficial when we’re reimbursing large sums to customers.

* Registered Data Controller. The Data Protection Act 1998 requires that every organisation that processes personal information to register with the Information Commissioner’s Office (ICO).

PC DSS Compliant

MRM is compliant with Payment Card Industry Data Security Standard (PCI DSS) with stringent processes in place to protect personal data:

  • No cardholder data held by MRM
  • Credit/debit card details are held by a PCI-compliant Level 1 Service Provider - referenced using tokens for all card transactions
  • No cardholder data accepted via email
  • Any cardholder data sent via post order forms are redacted immediately the data has been entered onto the system