Payment Terminals | Page 52 of 54
18. Security
18.1 PCI PTS Compliance
The Payment Card Industry PIN Transaction Security (PCI PTS) is a security standard that applies to all PIN entry-based
payment terminals and other hardware that manage PIN codes. Nets will always deliver PCI PTS-approved payment termi-
nals at the time of delivery.
18.2 Guidance for PIN Entry
The PCI Security Standards Council species International Standard ISO9564 for protection against fraudulent observa-
tion of the PIN during PIN entry. To comply with this standard, the terminal may be supplied with either a factory-tted
privacy shield or as a privacy shield accessory (to be tted by the merchant prior to use). If you require a privacy shield
and one has not been supplied, please contact Nets Customer Service (refer to Section 20) for assistance.
Newer portable terminals will be PCI-PTS compliant without a PIN shield when used in a handheld environment. For
example, Move/3500 and ISMP4 do not have PIN shields. However, they must not be placed on a stack.
If the payment terminal from Nets is delivered without a factory-tted privacy shield or as a privacy shield accessory in
the box, the terminal must be operated as a handheld device. This means that the customer must be advised by the mer-
chant to carry out the following:
› Hold the device in hand during PIN entry.
› Keep a distance from others during PIN entry.
› Use their body/hand to block the view of the keypad during PIN entry.
› Ensure that no video cameras/surveillance equipment is directed towards the keypad during PIN entry.
Additionally, the merchant shall advise the customer of any suspicious behavior exhibited by others before or during PIN
entry.
18.3 Periodical Inspection of Terminals
Within a merchant’s equipment, the ultimate responsibility for the protection of customer data lies with the merchant.
We advise merchants to focus on the implementation of the core PCI DSS 9.9 requirements that came into eect from
June 30th 2015, where the intention is to ensure that merchants are better prepared against skimming attacks.
18.3.1 Prevention of Skimming
In line with PCI best practices on skimming prevention, Nets highly recommends that the merchant performs the follow-
ing:
› Upon receipt of a new terminal, and on a regular basis, checks the terminal(s) for any signs of obvious tampering (e.g. bro-
ken seals over access cover plates or screws, odd/re-arranged cabling, or unknown/suspicious features)
› Keeps a detailed list of the terminal(s) on a regular basis, with photos taken for comparison
› Keeps the terminal(s) out of the customer’s reach - both during opening and closing hours
› Never accept delivery or installation of a new terminal from any unauthorized Nets personnel
› Only allows privileged access to the terminal(s) to independently-veried and trustworthy personnel
› Call Nets Customer Service (refer to Section 20) immediately if in doubt of the terminal(s) integrity
Refer to the following website for further information on skimming prevention -
https://www.pcisecuritystandards.org/documents/ Skimming_Prevention_At-a-Glance_Sept2014.pdf
To Next Page
Loading...
