Payment Security and PCI Compliance

支付安全与PCI合规性

HAHA VENDING consistently maintains cardholder data security as a core compliance priority. Our digital systems and integrated smart vending machine architectures are engineered, deployed, and managed to adhere to the Payment Card Industry Data Security Standard (PCI-DSS) and applicable hardware security specifications, helping support payment security across the data lifecycle.

HAHA VENDING 始终将持卡人数据安全置于核心合规优先级。本平台的数字化系统及无人零售智能柜机架构在设计、部署与数据流转全生命周期中遵循支付卡行业数据安全标准（PCI-DSS）及相关硬件安全规范，以支持支付数据生命周期中的安全保障。

1. Hardware Terminal Layer: PCI PTS POI 6 Physical Security Certification

1. 硬件终端层：PCI PTS POI 6 物理安全认证

The physical payment hardware modules integrated within our smart vending systems have successfully completed formal testing and received official approval from the PCI Security Standards Council (PCI SSC), addressing sensitive data interception risks at the physical and firmware layers.

本智能柜机系统所集成的物理支付硬件模块均通过了支付卡行业安全标准委员会（PCI SSC）的官方测试与合规批准，以应对物理层和基础固件层的敏感数据拦截风险。

Official identification: The endpoint payment hardware terminals integrated into our systems, including the PAX IM30 series, are officially certified to meet PCI Device Security Requirements POI 6 (PCI SSC PTS Approval Number: 4-40372).

• 官方认证设备与编号：系统配备的端点支付硬件终端（包括 PAX IM30 系列）均已通过 PCI PTS Device Security Requirements POI 6 安全标准认证（官方合规批准号：4-40372）。

Encryption mechanisms: The hardware terminals natively support online and offline PIN entry via touch screen and leverage advanced key management mechanisms, including TDES and AES cryptographic algorithms under DUKPT and MK/SK architectures, to help secure data at the immediate point of card interaction.

• 加密与密钥管理：硬件终端原生支持线上与线下 PIN 码安全输入（Touch Screen PIN Entry），并采用先进的密钥管理机制（基于 DUKPT、MK/SK 架构下的 TDES 与 AES 强加密算法），以帮助确保数据在物理触卡瞬间受到高强度保护。

SRED technology implementation: The terminal fully implements Secure Reading and Exchange of Data (SRED) functions. Sensitive cardholder account data is encrypted immediately upon being read at the hardware layer and is not transmitted out of the hardware boundary in clear text.

• 高级安全读取（SRED）：终端全面启用 SRED（安全读取与交换数据）技术。持卡人敏感账户信息在读取瞬间即在硬件底层完成加密，不以明文形式流出硬件边界。

2. Clearing Layer: PCI DSS v4.0.1 Level 1 Platform Compliance

2. 交易清算层：PCI DSS v4.0.1 Level 1 服务商履约

The routing, authorization verification, and clearing processes of transactions are independently managed within the closed loops of globally certified Level 1 Service Providers, supporting the compliance of the Cardholder Data Environment (CDE).

本服务的交易路由、授权验证及清算流转过程，均独立交由通过合规审计的 Level 1 支付服务商（Service Provider Level 1）进行闭环处理，以支持持卡人数据环境（CDE）的合规性。

Adyen platform compliance: Our core acquiring and checkout systems interface with Adyen N.V., including Checkout, Acquirer Module, and In Person Payment platform components. The platform has undergone a comprehensive onsite assessment by Qualified Security Assessor Foregenix Ltd (QSA 202-957), securing a COMPLIANT status under PCI DSS v4.0.1.

• Adyen 全球支付平台验证：本平台核心收单与结账系统对接 Adyen N.V.（包含 Checkout、Acquirer Module、In Person Payment 等平台组件）。该平台已由合格安全评估机构 Foregenix Ltd (QSA 202-957) 进行现场全面审查，并获得 PCI DSS v4.0.1 下的 COMPLIANT 合规评级。

Universal Processing compliance: Our payment infrastructure and refund support systems leverage UNIVERSAL PROCESSING. The platform has successfully completed an onsite compliance validation audit resulting in a Report on Compliance (ROC) conducted by atsec (Beijing) Information Technology Co., Ltd (QSA 205-668), maintaining its compliant status under PCI DSS v4.0.1.

• Universal Processing 支付体系验证：本平台的日常支付基础服务与售后退款支持体系对接 UNIVERSAL PROCESSING。该平台已通过专业安全合规机构 atsec (Beijing) Information Technology Co., Ltd (QSA 205-668) 的现场合规性验证审计（ROC），维持 PCI DSS v4.0.1 下的合规状态。

Nayax IoT compliance: Our IoT transaction fulfillment channels interface with Nayax Ltd., which holds an official PCI DSS v4.0.1 Service Provider Level 1 ROC certificate of compliance issued by Qualified Security Assessor Yossi Trigger (QSA 206-357).

• Nayax 物联网清算体系验证：本系统的智能物联网清算渠道对接 Nayax Ltd.，该平台已取得由合格安全评估师 Yossi Trigger (QSA 206-357) 签发的 PCI DSS v4.0.1 Service Provider Level 1 ROC 合规证书。

3. Data Lifecycle and Omni-Channel Masking Matrix

3. 数据生命周期与全渠道脱敏矩阵

In accordance with the compliance conclusions of our partners’ official Reports on Compliance (ROC), our platform enforces a strict zero-local-retention approach for sensitive cardholder data and applies mandatory masking across relevant channels.

根据独立服务商合规报告（ROC）的安全结论，本平台在持卡人敏感数据方面执行严格的零本地留存原则，并在相关渠道实施强制脱敏技术。

（1）Clear PAN
完整银行卡号（Clear PAN）

Third-party processors: Collected, transmitted, and cleared independently by third-party payment processors acting as independent controllers.

• 第三方支付服务商处理权限：由第三方支付服务商作为独立控制者进行收集、传输与独立清算。

HAHA VENDING systems: Isolated from HAHA VENDING systems; not accessed or retained by our systems, servers, or local media.

• HAHA VENDING 系统处理权限：与 HAHA VENDING 系统隔离；系统、服务器及本地媒介不访问、不留存。

Storage and PCI scope status: No clear-text record is maintained in local or cloud persistent databases.

• 物理留存与合规状态：本地及云端持久化数据库无明文记录。

（2）CVV/CVC and PIN Codes
CVV/CVC 与 PIN 码

Third-party processors: Dynamically captured and securely routed by third-party payment processors for authorization.

• 第三方支付服务商处理权限：由第三方支付服务商动态采集并通过安全路由用于授权验证。

HAHA VENDING systems: Not read by HAHA VENDING software or hardware systems.

• HAHA VENDING 系统处理权限：HAHA VENDING 软硬件系统不具备读取权限。

Storage and PCI scope status: Destroyed from memory after authorization and not retained.

• 物理留存与合规状态：授权完成后从内存中销毁，不进行留存。

（3）Truncated PAN
已截断/脱敏卡号（Truncated PAN）

Third-party processors: Masked segments may be transmitted for order fulfillment and reconciliation.

• 第三方支付服务商处理权限：可加密同步脱敏片段，用于订单履约和对账。

HAHA VENDING systems: Used only for fulfillment purposes, such as refund support and inquiries.

• HAHA VENDING 系统处理权限：仅限履约用途使用，例如退款支持及查询。

Storage and PCI scope status: Processed in volatile memory during active browser sessions.

• 物理留存与合规状态：仅在激活的浏览器会话易失性内存中流转。

（4）Transaction Metadata and Expiration Date
交易元数据与到期日

Third-party processors: Transmitted as encrypted metadata as part of reconciliation evidence.

• 第三方支付服务商处理权限：作为对账凭证的一部分进行加密传输。

HAHA VENDING systems: Recorded and stored as encrypted logs for historical account review.

• HAHA VENDING 系统处理权限：以加密记录形式存储，供商户核对历史账目。

Storage and PCI scope status: Managed under controlled encrypted storage with intranet segregation and primary-backup redundancy.

• 物理留存与合规状态：在严格内网隔离与主备灾备模式下进行受控加密存储。

4. Network Transmission and Physical Boundary Security

4. 网络传输与物理边界安全

Our infrastructure and communication links implement compliance-aligned network-layer safeguards to help protect the integrity of the cardholder data environment.

本服务的基础设施与通信链路实施符合合规要求的网络层安全措施，以帮助保障持卡人数据环境的完整性。

Protocol decommissioning: Our digital infrastructure has decommissioned and disabled insecure legacy network protocols, including SSL, early TLS 1.0, and TLS 1.1.

• 协议淘汰标准（No SSL / Early TLS）：本平台网络边界停用并禁止使用包含 SSL、早期 TLS 1.0 或 TLS 1.1 在内的不安全、过时网络通信协议。

Mandatory strong cryptography: Network traffic communicating into or out of our environment over public networks is established through secure HTTPS channels using strong cryptography, including TLS 1.2 or higher, integrated with Cloudflare perimeter protections.

• 强制强加密传输（TLS 1.2+）：所有进出相关环境及公共网络的通信流量，通过部署强加密算法的 TLS 1.2 或更高版本 HTTPS 安全通道进行，并结合 Cloudflare 边缘边界防护。

Intranet segregation: Core production databases are restricted to internal network access and do not open public network ports. Production and testing environments are isolated via network segments, with wireless networks disabled within the scoped environment.

• 生产数据库公网隔离（Intranet Segregation）：存储业务元数据和对账凭证的核心生产数据库仅限内部网络访问，不开放公网网络端口。生产环境与测试环境通过网络分段实施隔离，并在相关范围内禁用无线网络连接。

Physical media protection: Physical storage media retaining operational metadata is subject to physical access controls. Persistent and backup media are housed within monitored and restricted secure physical cages inside cloud datacenters.

• 数据物理介质安全笼托管（Physical Cage Protection）：存储业务元数据的云端物理存储介质受到物理访问控制。持久化及备份介质托管于云数据中心内受监控且限制访问的物理安全笼中。

5. Continuous Security Testing and Organizational Governance

5. 持续性安全测试与组织治理体系

Our platform has integrated internal security auditing, vulnerability management, and organizational governance into a sustainable operational mechanism.

本平台已将内部安全审计、漏洞管理与组织治理流程纳入长期运营机制。

Operations auditing: Manual execution of SQL statements by internal operations staff must be conducted through the auditing function built into our data management tools, supporting real-time tracking and helping prevent unauthorized privilege escalation.

• 技术人员操作全时审计（SQL Auditing）：本公司内部运维技术人员手动执行 SQL 语句的操作，必须通过数据管理工具中内置的审计功能进行，以支持全时追踪记录并帮助防止越权操作。

Regular penetration testing: Our core clearing and fulfillment ecosystem undergoes regular external penetration testing and vulnerability scanning conducted by professional QSAs, with the latest comprehensive assessment concluded in December 2025.

• 定期外部高强度渗透测试（Penetration Testing）：核心结算与收单合作生态接受由专业 Qualified Security Assessor 机构开展的外部渗透测试与漏洞扫描，最近一次全面外部评估于 2025 年 12 月完成。

Governance and incident response: A dedicated internal Network and Data Compliance Leading Group coordinates cybersecurity and data safety compliance across the platform. We maintain a cybersecurity incident emergency response plan. In the event of an incident compromising system security, remediation will be activated, and affected users or merchants will be notified within statutory timelines through appropriate channels, such as email or system alerts.