<img src="https://certify.alexametrics.com/atrk.gif?account=b2hlr1ah9W20em" style="display:none" height="1" width="1" alt="">
    Find a course

    Safeguarding Personal Data with PCI DSS

    Course Overview

    PCI Data Security Standard (DSS) is the information security standard for organisations that process credit card payments. It can act as a tool for implementing technical measures for compliance with the General Data Protection Regulation (GDPR). 

    In this course, you'll learn about PCI DSS, what it is, why it is important and the key requirements - and identify what action you need to take to ensure PCI compliance.

    Learning Objecetives

    • Explain what PCI DSS is and why it is important
    • Distinguish between different merchant levels
    • State the key data types on a payment card
    • Recognise and apply the 12 requirements to ensure PCI compliance
    • Identify the guidelines for protected cardholder data
    • Safeguard the integrity of the Card Data Environment (CDE)
    • Prevent, identify and resolve any vulnerabilities and threats promptly



    Free Trial: GDPR

    Our GDPR Compliance library gives you the full set of courses that you need to ensure that all your staff, across different functions, are aware of the rules relevant to their activities and have undertaken practical training on how apply the rules. Take a free trial to experience these courses yourself.

     Request now

    Course contents

    • PCI DSS basics
    • The PCI ecosystem
    • Why is PCI DSS important?
    • Examples: Information security breaches
    • Consequences of non-compliance
    • Exercise: Do you know?
    • You make the call: Fact or fiction?
    • How PCI DSS works
    • PCI DSS merchant levels
    • You make the call: Distinguishing between merchant levels
    • The goals of PCI DSS
    • You make the call: PCI DSS goals and requirements
    • Requirement 12: Maintain an information security policy
    • You make the call: Developing the security policy
    • Requirement 1: Install and maintain a firewall
    • Exercise: Rules for firewalls and router configurations
    • Requirement 2: Don't use defaults for system passwords and other security parameters
    • Examples: Malware
    • Requirement 3: Protect stored cardholder data
    • Key features of payment cards
    • You make the call: Rules for storing payment card data
    • You make the call: Taking action with payment card data
    • Masking the PAN and other payment card data
    • When is masking required?
    • Exercise: Applying the rules
    • Requirement 4: Encrypting the transmission of cardholder data
    • Safeguarding cardholder data with encryption
    • Maintaining a vulnerability management program
    • Requirement 5: Use and regularly update anti-virus software
    • Taking preventive action against malware
    • Scenario: Rajan's systems maintenance 1
    • Scenario: Rajan's systems maintenance 2
    • Requirement 6: Develop and maintain secure systems and applications
    • Exercise: Maintaining secure systems and applications
    • Exercise: Change control best practice
    • Access control measures
    • Requirement 7: Restrict access to cardholder data by business need to know
    • Exercise: Access control
    • Requirement 8: Assign a unique ID to each person with computer access
    • You make the call: Identifying and authenticating access to cardholder data
    • Exercise: Passwords
    • You make the call: Authentication
    • Password Pitfalls
    • Requirement 9: Restricting physical access to cardholder data
    • Requirement 9: Restricting physical access to cardholder data
    • Exercise: Physical access
    • Exercise: Procedures for visitors
    • Exercise: Signs of tampering
    • Recap of the key rules
    • Monitoring and testing networks
    • Requirement 10: Track and monitor all access to network resources and cardholder data
    • Requirement 11: Test security systems and processes
    • You make the call: Penetration testing


    Duration Approximately 30 minutes
    Audience Suitable for all staff - includes examples and interactivities designed for staff at all levels and best practice do's and don'ts for managers
    Prerequisites No previous knowledge or experience required
    Design SHARD-compliant, responsive display on all devices, accessibility on screen readers, visual design controlled via client style sheet
    Assessment Ten-question assessment
    Test-out Ability to offer optional test-out, whereby users can choose to skip the course content and complete the learning assignment simply by passing the assessment 
    iExpress Supplementary four-minute iExpress interactive video provided to create awareness and interest about the topic
    Deployment AICC and SCORM 1.2-compliant, suitable for both hosted and deployed SCORM or AICC
    Compatibility All Windows, Mac OSX, iOS, Android (Flash-free for mobile compatibility)
    Tailoring Fully customisable on Skillcast Portal CMS
    Translation Pre-translated versions not available, but all text content can be exported for translation into all languages
    Localisation Based on UK legislation, but suitable for global audiences upon the removal of UK-specific references and translation as necessary


    We offer several off-the-shelf subscription options for you to train your staff using this course and others in this library. Alternatively, you may purchase a perpetual licence to this course and tailor it completely to fit in with your business or go for something totally bespoke that we build for you ground up. Visit our pricing page for more details on all these options.

    View pricing