<img src="https://certify.alexametrics.com/atrk.gif?account=b2hlr1ah9W20em" style="display:none" height="1" width="1" alt="">

Compliance Essentials Library

PCI Data Security Standard Course

PCI Data Security Standard (PCI-DSS) is the information security standard for organisations that process credit card payments. Any merchant processing more than six million card transactions annually must comply with PCI-DSS. However, all organisations can benefit from compliance including the smaller ones.

Our PCI Data Security Standard Course will help your employees to understand what the standard is, why it is important, the key requirements and how to identify the actions needed to ensure PCI-DSS compliance.

Audience: All staff  |  Duration: 60 minutes  |  Format: E-learning module

Learning Objectives

This course will prepare your employees to:

  • Understand what the PCI Data Security Standard (PCI DSS) is
  • Why PCI DSS is important
  • The key requirements of PCI DSS
  • Identify the actions needed to ensure PCI DSS compliance

Course Contents

  • Welcome
  • PCI DSS basics
    - The PCI ecosystem
  • Why is PCI DSS important?
    - Examples: Information security breaches
    - Consequences of non-compliance
    - Exercise: Do you know?
    - You make the call: Fact or fiction?
  • How PCI DSS works
    - PCI DSS merchant levels
    - You make the call: Distinguishing between merchant levels
    - The goals of PCI DSS
    - You make the call: PCI DSS goals and requirements
  • Requirement 12: Maintain an information security policy
    - You make the call: Developing the security policy
  • Requirement 1: Install and maintain a firewall
    - Exercise: Rules for firewalls and router configurations
  • Requirement 2: Don't use defaults for system passwords and other security parameters
    - Examples: Malware
  • Requirement 3: Protect stored cardholder data
    - Key features of payment cards
    - You make the call: Rules for storing payment card data
    - You make the call: Taking action with payment card data
    - Masking the PAN and other payment card data
    - When is masking required?
    - Exercise: Applying the rules
  • Requirement 4: Encrypting the transmission of cardholder data
    - Safeguarding cardholder data with encryption
    - Maintaining a vulnerability management program
  • Requirement 5: Use and regularly update anti-virus software
    - Taking preventive action against malware
    - Scenario: Rajan's systems maintenance 1
    - Scenario: Rajan's systems maintenance 2
  • Requirement 6: Develop and maintain secure systems and applications
    - Exercise: Maintaining secure systems and applications
    - Exercise: Change control best practice
    - Access control measures
  • Requirement 7: Restrict access to cardholder data by business need to know
    - Exercise: Access control
  • Requirement 8: Assign a unique ID to each person with computer access
    - You make the call: Identifying and authenticating access to cardholder data
    - Exercise: Passwords
    - You make the call: Authentication
    - Password Pitfalls
  • Requirement 9: Restricting physical access to cardholder data
    - Exercise: Physical access
    - Exercise: Procedures for visitors
    - Exercise: Signs of tampering
    - Recap of the key rules
    - Monitoring and testing networks
  • Requirement 10: Track and monitor all access to network resources and cardholder data
  • Requirement 11: Test security systems and processes
    - You make the call: Penetration testing
  • Summary & Affirmation
  • Assessment

Free Trial: Compliance Essentials

This course is part of our Compliance Essentials Course Library.

Compliance Essentials is our best-selling library and there's a reason for that.

Essentials contains 30 in-depth courses and dozens of express micro-learning modules from AML, Bribery, GDPR and Equality to Health and Safety. It provides a complete and comprehensive off-the-shelf compliance solution for UK businesses that can be customised completely to fit your organisation.

Request now


Duration Approximately 60 minutes
Audience Suitable for all staff - examples and interactivities designed for staff at all levels
Prerequisites No previous knowledge or experience required
Design SHARD-compliant, responsive display on all devices, accessibility on screen readers, visual design controlled via client style sheet
Assessment Ten-question assessment
Test-out Ability to offer optional test-out, whereby users can choose to skip the course content and complete the learning assignment simply by passing the assessment Deployment AICC and SCORM 1.2-compliant, suitable for both hosted and deployed SCORM or AICC
Deployment AICC and SCORM 1.2-compliant, suitable for both hosted and deployed SCORM or AICC
Compatibility All Windows, Mac OSX, iOS, Android (Flash-free for mobile compatibility)
Tailoring Fully customisable on Skillcast Portal CMS
Translation Pre-translated versions not available, but all text content can be exported for translation into all languages
Localisation Based on UK legislation, but suitable for global audiences upon the removal of UK-specific references and translation as necessary

Off-the-shelf Courses

Our off-the-shelf subscription options allow you to train your staff using this course and other essential compliance courses cost-effectively.

We can also customise courses to your business needs or create fully bespoke courses to your specification.

View pricing