Every organization that processes credit card payments has the payment card industry data security standard (PCI DSS) applied to it. By working in an organization that accepts credit card payments or stores, as well as processes and transmits cardholder data, you must be aware of the requirements placed upon you by the payment card industry.
PCI data security standard is meant to protect the data of credit and debit cardholders to minimize or eliminate data breaches and other security incidents. The PCI DSS has 12 high-level requirements involving the protection of payment card data during processing, storage, or transmission.
To be PCI compliant, entities must maintain secure internal operations, remediate insecure practices, and submit validation and/or compliance reports. Failure to comply with the PCI DSS can result in fines and/or penalties–the severity of which is defined by the individual payment card brands.
PCI DSS supplies a guide that describes all of the requirements an organization must meet for compliance. Many of the mandates in the document are open to interpretation and may not clearly define what is applicable to your organization. The document also does little to account for some of the intricacies associated with how payments are actually processed. And then there is the interpretation of compensating controls one must consider to determine if your company is meeting the spirit of the requirements.
The proliferation of online marketplaces and the increased ease of using secure applications to submit payments has made the understanding of PCI regulations a necessity for professionals throughout organizations. Information technology professionals will most likely be exposed to having to operate and secure a payment card environment.
This course will explore all of the PCI requirements and touch on how they can be satisfied outright or via compensating controls. Upon completion of this course, students will obtain a deep understanding of how payment cards are processed, and they will also be able to determine what is considered in scope for an assessment and differentiate between compliance levels.
This course is meant to help you prepare your organization so that you are able to navigate all of the pitfalls that are associated with becoming a PCI compliant company. Upon completion, you will understand the PCI compliance mandates and how to properly prepare your environment so that you may successfully pass an audit.
What is PCI DSS?
The Payment Card Industry Data Security Standard, or PCI DSS, is a list of criteria mandated by the Payment Card Industry Security Standards Council that requires organizations that handle credit card data to comply with. Compliance with the PCI DSS is reviewed and validated for organizations quarterly or annually via an external audit. The PCI DSS was created to reduce credit card fraud by increasing the controls related to protecting cardholder data.
What is PCI DSS Compliance?
PCI DSS is a list of requirements that cover major payment card companies like Visa, MasterCard, Discover, American Express, and JCB. The list is comprised of 12 general data security requirements that all merchants must adhere to. Additionally, there are more than 200 supplementary requirements that apply to some merchants, depending on the company.
The 12 PCI DSS requirements dictate that merchants:
- Install and maintain a firewall configuration to protect cardholder data.
- Do not use vendor-supplied defaults for system passwords and other security parameters.
- Protect stored cardholder data.
- Encrypt transmission of cardholder data across open, public networks.
- Use and regularly update antivirus software.
- Develop and maintain secure systems and applications.
- Restrict access to cardholder data by business need-to-know.
- Assign a unique ID to each person with computer access.
- Restrict physical access to cardholder data.
- Track and monitor all access to network resources and cardholder data.
- Regularly test security systems and processes.
- Maintain a policy that addresses information security for employees and contractors.
What Does this PCI DSS Training Cover?
The PCI DSS was established to ensure the security of debit and credit cardholders’ information and to eliminate or significantly reduce security incidents and data breaches. The standard that has been set consists of 12 requirements that must be met by all entities that handle payment card transactions including the processing, storage, and transmission of card data. In order to remain in compliance, these entities must always maintain protected internal operations, resolve any insecure practices, and complete validation or compliance reports. If they are not in compliance with the current PCI DSS version, they may be fined or otherwise penalized.
The PCI DSS course was created because IT professionals working for organizations involved with payment cardholders’ data, in any manner, will likely be exposed to the operations and security of a payment card environment.
When you have completed the PCI training, you will have a good understanding of how payment card processing works, what is involved in a compliance assessment, and how to distinguish different compliance levels. Additionally, the course will prepare you to help your company maintain compliance with the PCI Security Standards Council and successfully pass an audit.
The PCI DSS course has a total of 3 hours and 37 minutes of clock time that you can work on at your own pace. You will receive a Certificate of Completion when you complete training.
Who Should Take the PCI DSS Training Course?
Cybrary’s Payment Card Industry Data Security Standard online class is intended to be taken by any professionals who are employed in corporate finance or at any entity that is involved in debit or credit card processing who need to be familiar with the fundamental aspects of the mandate. Additionally, the entire course can be taken by anyone who is interested in accounting, finance, IT, information or cyber security, or any other related fields.