PCI–DSS Compliance – Protecting Cardholder Data
Ever–increasing use of credit cards by consumers worldwide creates an ever-growing need for protection of cardholder data. For this reason, five major credit card companies adopted the Payment Card Industry Data Security Standard (PCI-DSS) in 2004. Its goal is to promote and achieve consistent global security standards for protecting cardholder information from fraud and breaches in security. Any merchant or service provider that stores, processes or transmits credit card account numbers must comply with PCI–DSS.
Compliance is mandatory at the company level as well as for sales clerks, cashiers and anyone else who processes credit card information. Considering that human error and/or lack of knowledge are inevitable, companies can have all of the proper technical safeguards in place and still experience serious security lapses. Security breaches can result in fines, loss of reputation, and the inability to accept major credit cards going forward — all of which are severely damaging. What companies need is for all employees who handle payment card information to learn to do so in accordance with PCI-DSS.
The Cintas, 40–minute online PCI-DSS Training Course provides all the basic fundamentals of PCI–DSS compliance and how they apply on the job. Content includes quizzes, news briefs and real-world compliance issues that employees should learn to recognize and deal with appropriately. Topics covered in the course include:
- A macro look at PCI-DSS
- Primary objectives and requirements of PCI-DSS
- Putting a cost on non-compliance
- What is Sensitive Authentication Data?
- Principles of hard-copy storage
- How to protect cardholder information
- What to know about payment-card transactions
- All about remote access
- Best practices in the workplace
- Recognizing security incidents
- What is restricted computer access?
- What is restricted physical access?
- The importance of tracking and monitoring
- Role of social engineering