<img src="https://certify.alexametrics.com/atrk.gif?account=b2hlr1ah9W20em" style="display:none" height="1" width="1" alt="">

PCI DSS & Personal Data Training Course

The Payment Card Industry Data Security Standard (PCI DSS) is the information security standard for organisations that process credit card payments.

It can act as a tool for implementing technical measures for compliance with the General Data Protection Regulation (GDPR).

Our Safeguarding Personal Data with PCI DSS Course will help your employees to understand why it is important, the 12 key requirements for compliance and how to identify, resolve and prevent risks.

Start a Free Trial

PCI DSS & Personal Data Training Course

About this Course

Versions available as part of our Compliance Essentials and GDPR Course Libraries.

Learning Objectives

This course will prepare your employees to:

  • Explain what PCI DSS is and why it is important
  • Distinguish between different merchant levels
  • Recognise the key data types on a payment card
  • Apply the 12 requirements to ensure PCI DSS compliance
  • Understand the guidelines for protected cardholder data
  • Safeguard the integrity of the Card Data Environment (CDE)
  • Identify, prevent and resolve vulnerabilities and threats promptly

New in 2020

  • ▶ Text & image updates throughout the course
  • ▶ New pages, activities & scenarios
  • ▶ Penetration testing procedures aligned with current legislation
  • ▶ Updated scenarios & learning activities
  • ▶ Updated post-course assessment questions

Course Contents

Introduction

PCI DSS basics

The PCI ecosystem

Why is PCI DSS important?

- Examples: Information security breaches
- Consequences of non-compliance
- Exercise: Do you know?
- You make the call: Fact or fiction?

How PCI DSS works

- PCI DSS merchant levels
- You make the call: Distinguishing between merchant levels
- The goals of PCI DSS
- You make the call: PCI DSS goals and requirements

Requirement 1: Install and maintain a firewall

- Exercise: Rules for firewalls and router configurations

Requirement 2: Don't use defaults for system passwords and other security parameters

- Examples: Malware

Requirement 3: Protect stored cardholder data

- Key features of payment cards
- You make the call: Rules for storing payment card data
- You make the call: Taking action with payment card data
- Masking the PAN and other payment card data
- When is masking required?
- Exercise: Applying the rules

Requirement 4: Encrypting the transmission of cardholder data

- Safeguarding cardholder data with encryption
- Maintaining a vulnerability management program

Requirement 5: Use and regularly update anti-virus software

- Taking preventive action against malware
- Scenario: Rajan's systems maintenance 1
- Scenario: Rajan's systems maintenance 2

Requirement 6: Develop and maintain secure systems and applications

- Exercise: Maintaining secure systems and applications
- Exercise: Change control best practice
- Access control measures

Requirement 7: Restrict access to cardholder data by business need to know

- Exercise: Access control

Requirement 8: Assign a unique ID to each person with computer access

- You make the call: Identifying and authenticating access to cardholder data
- Exercise: Passwords
- You make the call: Authentication
- Password Pitfalls

Requirement 9: Restricting physical access to cardholder data

- Exercise: Physical access
- Exercise: Procedures for visitors
- Exercise: Signs of tampering
- Recap of the key rules
- Monitoring and testing networks

Requirement 10: Track and monitor all access to network resources and cardholder data

Requirement 11: Test security systems and processes

- You make the call: Penetration testing

Requirement 12: Maintain an information security policy

- You make the call: Developing the security policy

Summary

Affirmation

Start a Free Trial

Compliance Essentials is our comprehensive off-the-shelf training solution. It contains 30+ in-depth e-learning courses and dozens of microlearning modules that help companies from SMEs to global corporates to achieve compliance success.

Start a Free Trial

Start a Free Trial

Course Specifications

Icon

Duration

Approximately 30 minutes

Icon

Audience

Suitable for all staff - includes examples and interactivities designed for staff at all levels and best practice do's and don'ts for managers.

Icon

Prerequisites

No previous knowledge or experience required.

Icon

Design

SHARD-compliant, responsive display on all devices, accessibility on screen readers, visual design controlled via a client style sheet.

Icon

Assessment

Ten-question assessment.

Icon

Test-out

Ability to offer optional test-out, whereby users can choose to skip the course content and complete the learning assignment simply through passing the assessment.

Icon

Microlearning

Supplementary four-minute iExpress interactive video provided to create awareness and interest in this topic.

Icon

Deployment

AICC and SCORM 1.2-compliant, suitable for both hosted and deployed SCORM or AICC.

Icon

Compatibility

All Windows, Mac OSX, iOS, Android (Flash-free for mobile compatibility).

Icon

Tailoring

Fully customisable on Skillcast Portal CMS.

Icon

Translation

Pre-translated versions not available, but all text content can be exported for translation into all languages.

Icon

Localisation

Based on UK legislation, but suitable for global audiences upon the removal of UK-specific references and translation as necessary.