Nets One PA user guide | 44
Submitting terminal for service or termination
Check that the terminal has been reconciled before sending it to the Nets repair service. Pack the terminals
securely and separately. Remember to include associated cables. The package must be traceable; keep the
tracking number.
Do not return the ADSL modem to the Nets repair service. When sending terminals for service, please include a
return schedule. Please print the BAX number on the outside of the box.
Terminals should not be sent for repair/service until the error has been reported to Nets customer service. Ter-
minals received by the Nets repair service which have not been reported to Nets customer service will be
stored until a service report has been received from Nets.
When terminating the lease of a terminal, the terminal should not be returned until the merchant has termi-
nated the existing lease agreement. Merchants that buy a new terminal from a different supplier must terminate
their lease agreements with the bank before they return the old terminal. The lease agreement will run and the
merchant will be invoiced until notice of termination has been received by the merchant’s bank.
Please contact Nets customer service about return enquiries.
Terminal security
PCI-PTS compliance
The Payment Card Industry PIN Transaction Security (PCI PTS) is a security standard that applies to all PIN
entry based payment terminals and other hardware that manage PIN codes. Nets will always deliver PCI PTS
approved payment terminals at the time of delivery.
Guidance for PIN entry
The PCI Security Standards Council specifies International Standard ISO9564 for protection against fraudulent
observation of the PIN during PIN entry. To comply with this standard, the terminal may be supplied with either
a factory fitted privacy shield, or as a privacy shield accessory (to be fitted by merchant before use). If you
require a privacy shield and one has not been supplied, please contact your Nets helpdesk for assistance.
If the payment terminal from Nets is delivered without a factory fitted privacy shield or as privacy shield acces-
sory in the box, then the terminal must be operated as a handheld device, meaning that cardholder must be
advised by merchant to:
• hold the device in hand during PIN entry
• keep at distance from others during PIN entry
• use his/her body or hand to block the view of the keypad during PIN entry
• ensure that no video cameras or other surveillance are directed towards the keypad during PIN entry
Additionally, the merchant shall advise the cardholder of any suspicious behaviour exhibited from others before
or during PIN entry.
Periodical inspection of terminals
The ultimate responsibility for the protection of cardholder data, within a merchant’s equipment, lies with the
merchant. We advise merchants to focus on proper implementation of the core PCI DSS 9.9 requirement that
came into effect from June 30, 2015 where the intention is to ensure that merchants are better prepared for
skimming attacks.
In line with PCI ‘best practice’ for skimming prevention (https://www.pcisecuritystandards.org/documents/
Skimming_Prevention_At-a-Glance_Sept2014.pdf), Nets highly recommends that the merchant:
• upon receipt of a new terminal, and on a regular basis, checks the terminal(s) for any signs of obvious
tampering (e.g. broken seals over access cover plates or screws, odd/different cabling, or unknown/sus-
picious features
• keeps a detailed list of all terminal(s) on location with pictures for comparison on a regular basis
• keeps the terminal(s) out of customer’s reach - both during opening- and closing hours
• never accept delivery or installation of a new terminal from any unauthorized Nets personnel
• only allows privileged access to the terminal(s) to independently verified and trustworthy personnel
• calls Nets helpdesk immediately if in doubt of the terminal(s) integrity!
