Declaration Instructions

This is the commitment table of the agent regarding compliance with the Data Security Standard
requirements of the Payment Card Organization (PCI DSS) and compliance with the Security
Assessment Procedures at the agent. The agent must complete the items below and refer to the
"PCI DSS Compliance - Steps to Complete" section in this document.

Part 2. Agent business type (check all applicable):

 Retail  Contact information  Grocery

store or supermarket

 Fuel  Online sales  Mail / fax / phone

sales

 Other (please specify): Real estate business

List of locations that need to be evaluated for PCI DSS along with specific addresses: No. 107A
Hoa Hung, Ward 12, District 10, Ho Chi Minh City, Vietnam

Item 2a. Partnership

Does your company have a partnership with third-party service providers such as payment
gateways, web-hosting companies, airline ticket booking agents, customer management
companies, etc.?

Does your company have partnerships with more than 1 payment bank?

Item 2b. Transaction processing capability

How does your business store, process, and transmit cardholder information? Many or few?:
Please provide relevant information about payment applications that the unit is using:

Part 3. PCI DSS Confirmation

Based on the results recorded in the SAQ D table on (completion date), (Agent name) confirms
compliance status as follows (choose one):
x Compliant: Fill in all PCI SAQ items, all questions are answered, and the evaluation results
are COMPLIANT; and achieve safety certification when scanning the system through a PCI SSC
(ASV) system scanning service provider, so (Agent name) has demonstrated full compliance with
PCI DSS requirements.

 Non-compliant: Did not fill in all PCI SAQ items, or not all questions were answered "Yes,"
and the evaluation results are NON-COMPLIANT, or safety certification when scanning the
system was not performed by a PCI SSC (ASV) system scanning service provider, so (Agent
name) cannot demonstrate full compliance with PCI DSS requirements.

Item 3a. Compliance Confirmation

Agent confirms:

Self-Assessment Questionnaire (SAQ) for PCI DSS D, version (2.0) has been completed
accurately according to the instructions provided.

All information within the above-mentioned SAQ and accompanying documents reflect the agent's
assessment results truthfully.

The agent has confirmed with the payment application provider that the agent's payment system
does not store sensitive authentication data after the transaction is authorized.

The agent acknowledges having read the PCI DSS documentation and understands that they must
always fully comply with PCI DSS requirements at all times.

No evidence of track data, CAV2, CVC2, CID, CVV2 data[2], or PIN data[3] is stored after
transaction authorization, found on ANY system reviewed during the assessment.