Security Requirements
Meeting PCI standards to prevent theft of cardholder data and improve the security in payment card transactions.

Major credit card companies, like Visa and MasterCard, have made it a common cause to prevent card fraud and misuse of cardholder data.

This website provides an easy and effective guide for vendors to develop secure solutions that meet the needs of the merchants’ business and help fulfilling the Visa and MasterCard security requirements. Products that meet the security requirements are listed under validated products. The requirements that these products have met are found under registration.

On this page you can find out more about the mandatory security requirements for merchants who are accepting payment cards in their stores, restaurants, hotels and vendors who deliver products for card payments to merchants.

For more information visit the PCI Security Standards Council:

PCI SSC homepage

Mandatory Requirements
These requirements apply to all entities that store, process or transmit cardholder data.

Chip and PIN
The terminal must support chip and PIN.

PCI requirements
The easiest way to comply with the PCI requirements is to use validated products (card readers, terminals, electronic cash registers, etc.) that do not handle or cannot release cardholder data, for example card number, name of the cardholder, expiry date, and security codes (CVV/CVC), to the merchant. You can find all approved products on the page validated products.

Easy Checklist for Different Payment Solutions

For terminals and Electronic Cash Registers (ECR)

For e-commerce and online payments

  • Use a hosted solution, i.e. a solution where the cardholder is redirected to a certified payment service provider and the merchant does not handle any cardholder data.

For unattended solutions

  • Use terminal components that cannot release cardholder data
  • Use UPT software that does not handle any cardholder data
  • Use a secure exterior/shield

For self-service solutions

  • For self-service or self-checkout points where customers scan their goods under the surveillance of a cashier, there are special requirements listed in the Self Checkout Point document

For terminals, encrypting card readers and encrypting PIN pads

  • Use terminals, encrypting card readers and encrypting PIN pads that have been validated to fulfil the Security Design requirements

Best Practices
Additional best practice documents

Card in the Cloud and Mobile

Requirements checklist for card in the cloud, i.e. cloud services, that is ap- plicable to the PNC acquirers.

 

Self Checkout Point

PNC SAC Best Practices for fulfilling the brand requirements for Self- Checkout Points.

 

Secure Cards in Hotels

Guidance for secure card acceptance at hotels and similar businesses

 

Mobile Solutions

  • PCI Security Standards Council Documents Library.
  • Mastercard best practices for mobile point of sale acceptance
  • Visa Europe: Implementing mobile point-of-sale

PNA Card Service AB
Stortorget 13 B
S-211 22 Malmö

+46 40 250778
mail@pan-nordic.org