PCI DSS Training
Safeguard Credit Card Data with PCI DSS Training
Any business that transmits, stores, handles or accepts credit card data needs PCI DSS training.
Some of today’s worst data breaches involve stolen payment information, resulting in violations of the Payment Card Industry Data Security Standard (PCI DSS), a standard for organizations that deal with credit card data. PCI DSS compliance protects both organizations and consumers by putting security measures in place to take credit card payments securely while ensuring that personal data from purchases are not seen by unauthorized parties to avoid fraudulent activity.
GLS offers PCI DSS training in three formats:
PCI-DSS Introduction Course
PCI-DSS
for Retail
PCI-DSS Introduction Essentials
PCI-DSS Introduction Course
PCI-DSS
for Retail
PCI-DSS Introduction Essentials
Check back for PCI DSS 4.0 training coming soon!
PCI DSS Introduction –
Course Description
Module 1: Defining PCI DSS
- Overview – who created the PCI DSS standard and the purpose of PCI DSS
- The key technology used by PCI DSS to protect payment cards – EMV chip, card identification, primary account numbers, CVV and magnetic stripe
- Differentiating between Card Present and Card Not Present transactions
Module 2: Protecting Cardholder Data
- Importance and benefits of protecting cardholder data
- Consequences of non-compliance with PCI DSS
- Typical vulnerabilities that can lead to data security breaches
Module 3: Evolution of PCI DSS
- History and evolution of PCI DSS as a security standard
- Key characteristics of the current standard (PCI 3.0)
- Brief discussion of the latest dot release (PCI 3.1)
Module 4: PCI DSS Requirements
- The six control objectives merchants need to achieve to comply with PCI DSS
- How technology requirements work to protect cardholder data
Module 5: Complying with PCI DSS
- List of businesses that need to comply with PCI DSS
- Departments of a typical organization that need to comply with PCI DSS
- Steps that employees should take to prevent credit card fraud
- Steps that employees should take when fraud occurs
Module 6: Summary and Test
- Course summary
- Knowledge check
- Topic
- Data Privacy, Compliance
- Learning Modality
- Courseware
- Role/Audience
- Finance
- Language
- 3 Languages
- Total Time
- 30 Minutes
Contact GLS about PCI DSS training:
PCI DSS for Retail –
Course Description
Role Selection
Depending on their duties in the organization, users select from one of the following roles:
- Handling in-person transactions only
- Handling phone, mail, fax or ecommerce transactions only
- Handling both in-person and other forms of transactions
- Playing a leadership role in securing in-person transactions only
- Playing a leadership role in securing phone, mail, fax or e-commerce transactions only
- Playing a leadership role in securing both in-person and other forms of transactions
Module 1: Introduction to PCI-DSS
- What is PCI-DSS?
- The payment card players involved in a transaction: card issuer, merchant, and cardholder
- Description and importance of Cardholder Data (CHD) and Sensitive Authentication Data (SAD)
- Important details of CHD and SAD
- Strategies that criminals use to steal card data
- Requirements of PCI DSS
Module 2: Card Present Environment
- What is a card present environment?
- Types of payments linked to payment cards
- The various payment card security features
- Different ways of accepting card present payments:
- The processing flow for magnetic stripe transactions
- Other types of card payments
- How to protect card devices
- How to identify suspicious customer behavior
- Recognizing the signs of a false card
Module 3: Card Not Present Environment
- What is a card not present environment?
- How to accept card not present payments
- How to process card not present payments by phone, mail or fax
- Best practices for MOTO and fax transactions
- Best practices for handling payment equipment
- Best practices for storing and destroying payment data
- Best practices for e-commerce transactions
- How to protect the company from fraud
- Cybersecurity best practices
- Module summary
Module 4: Advanced Topics
- Consequences of non-compliance to PCI-DSS
- Understanding PCI-DSS requirements
- Asking for ID with a payment card with regards to the legal and PCI/Card network position
- Understanding additional transaction types
- Reporting a potential security incident (Code 10)
- Recognizing terminal tampering
- Understanding physical attack vectors such as shoulder surfing, dumpster diving and device theft
- Avoiding social engineering attacks such as spear phishing and tailgating
- Cybersecurity best practices
- Best practices for e-commerce
Module 5: Final Test
- Topic
- Data Privacy, Compliance
- Learning Modality
- Courseware
- Role/Audience
- Retailers
- Language
- English Only
- Total Time
- 30 Minutes
Upon completion, learners will be able to:
- Identify the PCI-DSS requirements that apply to retail interactions with customers
- Recognize payment card security features
- Describe common fraudulent practices
- Explain how to securely process Card Present and Card Not Present payment card transactions
- Describe how to identify and respond to suspected payment card fraud
- Recognize cybersecurity practices to secure sensitive data
PCI DSS Introduction Essentials –
Course Description
Module 1: Defining PCI DSS
- Overview – Who created the PCI DSS standard and the purpose of PCI DSS
- The key technology used by PCI DSS to protect payment cards – EMV chip, card identification, primary account numbers, CVV and magnetic stripe
- Differentiating between Card Present and Card Not Present transactions
Module 2: Protecting Cardholder Data
- Importance and benefits of protecting cardholder data
- Consequences of non-compliance with PCI DSS
- Typical vulnerabilities that can lead to data security breaches
Module 3: Complying with PCI DSS
- List of businesses that need to comply with PCI DSS
- Departments of a typical organization that need to comply with PCI DSS
- Steps that employees should take to prevent credit card fraud
- Steps that employees should take when fraud occurs
- Topic
- Data Privacy, Compliance
- Learning Modality
- Courseware
- Role/Audience
- Retailers
- Language
- 3 Languages
- Total Time
- 15 Minutes