• PCI DSS requirements
• PNC PCI DSS Programme
• Supporting Documents
• Security Specifications
• Swedish Specifications

Supporting Documents

Self Assessment - No cardholder data handling
Self Assessment - No cardholder data handling - Ver A Final.docx is a simplified method for Electronic Cash Register vendors, Unattended Payment Terminal vendors and Card Interface vendors who are integrating their product with E2EE- or P2PEE-terminals to self-assess no cardholder data handling. The method is paper-based and the number of questions is five.

How does it work?

1. The Payment Service Provider, PSP, sends the document above to the vendor with their parts of the form completed.
2. The vendor electronically completes the rest of the form on page two, signs it, scans page 2 and sends the scanned page as a .pdf file to PSP.
3. Pan-Nordic Card Association, PNC, lists the validated applications on the PNC website.

E2E Encryption validation of EMV POS Terminals
The terminal vendor, who wants to validate product compliance with (VISA BEST PRACTICES - Data Field Encryption, Version 1.0 2009), is to make sure that the POI terminal solution fulfils the best practice requirements, is both self assessed and third party validated and that the signed reports of the two assessments are provided to PNC.

The process is described in the document below:

E2EE Evaluation - Ver E Final.pdf

The forms for POS POI terminals and UPT Components are found below.

E2EE Evaluation Form - POI - Ver E Final.docx
E2EE Evaluation Form - UPT - Ver E Final.docx

Terminal vendors are recommended to use version E to validate product compliance with (VISA BEST PRACTICES - Data Field Encryption, Version 1.0, 2009).

Validations based on the previous version of the E2EE-validation document, SAQ AOC VBP DFE Ver D Final.docx, is not recommended but can be submitted to PNC until 30 November 2011. No approval is made according to SAQ AOC VBP DFE Ver D Final.docx after 21 December 2011.

PCI DSS Status
The PSPs are requested to report the PCI DSS status of their merchant customers and to make sure that all the current milestones are met. Before new installations or re-installations are made the applicable form has to be completed.

• PCI DSS Status POS Environment (English)
• PCI DSS Status E-Commerce Environment (English)

The PCI DSS Status POS Environment is also available in Excel format (English)

PAN-Nordic Card Association är en organisation för banker verksamma i den nordiska kortindustrin. PAN-Nordic Card Association är verksam i Sverige, Danmark, Norge, Finland och i de baltiska länderna. Organisationen bistår med information som stöder ambitionen att utveckla kortmarknaden. Medlemmarna är Nordea Bank, SWEDBANK, Danske Bank, Svenska Handelsbanken, Skandinaviska Enskilda Banken, Visa Sweden Förening, Föreningen Europay Sweden, PBS AS.