PCI Compliance Training Seminar
PCI Compliance — critical to the safety of your cardholders and your
The Payment Card Industry (PCI) has developed industry-wide tools and
measurements to protect sensitive cardholder data and help merchants create
security procedures that are standardized and approved by the PCI Security
Credit cards represent an area of vulnerability for consumers, and merchants
must take all the steps they can to ensure that sensitive data remains protected
at all times. As hackers and others looking to breach or compromise cardholder
data become more sophisticated, it is crucial that businesses take action to
protect cardholder information.
As a merchant, what should you do to ensure PCI compliance?
As a merchant who handles credit card transactions, be aware that if you
transmit, process, or store credit card information, you must take all necessary
precautions to protect your customers and their payment card data. Even one
incident involving a breach of credit card security can damage your company's
reputation, irrevocably destroying consumer trust and confidence. As a merchant
who accepts credit cards, you must meet compliance requirements of the PCI Data
Security Standard. Compliance requirements include your network architecture,
software systems, security policies and procedures, as well as your operations
and the behavior of your staff.
PCI Compliance will give you an overview of the payment card industry,
the ever-evolving security concerns it faces, and how adopting the PCI Data
Security Standard has helped to protect cardholder data. You will learn to
identify potential vulnerabilities within your own security network, mitigate
them, and submit compliance reports to the card brands you work with. You'll
review the current Data Security Standard (Version 2.0), the 12 standard
requirements, and what constitutes compliance in regard to those requirements.
You'll learn proper testing and reporting procedures, and how to assess
compliance for specific payment card brands: American Express®, Discover®, JCB,
MasterCard®, Visa®, and Visa Europe.
PCI Compliance is critical for all merchants who do business with payment
cardholders. This workshop will give you the information you need right now to
protect your customers' interests, as well as your own.
PCI Compliance — Seminar Overview
An Introduction to PCI Compliance
- What types of organizations must be compliant with the PCI Standard?
- Why is it so important to comply with PCI Security Standards?
- What are the consequences for non-compliance — are there fines and
- Who enforces PCI Compliance?
- What are the levels of compliance, and how to know what level of
compliance to adhere to?
Specific Requirements of the PCI Standard
- How many requirements are there?
- How to implement these changes within your organization
- How can I test them for compliance?
- How to report testing information
Understanding the Intent of these Requirements
What are the rules for running a virtual environment
- Cardholder Data and Sensitive Authentication Data Elements
What is considered sensitive data and how to store it
Location of Cardholder Data and Sensitive Authentication Data
Track 1 versus Track 2 data
The 12 Requirements of PCI Compliance
Requirement 1: Install and maintain
a firewall configuration to protect cardholder data
Requirement 2: Do not use
vendor-supplied defaults for system passwords and other security parameters
Requirement 3: Protect stored
Requirement 4: Encrypt
transmissions of cardholder data across open, public networks
Requirement 5: Use and regularly
update anti-virus software or programs on all systems affected by malware
Requirement 6: Develop and maintain
secure systems and applications
Requirement 7: Restrict access to
cardholder data by business need-to-know
Requirement 8: Assign a unique ID
to each person with computer access
Requirement 9: Restrict physical
access to cardholder data
Requirement 10: Track and monitor
all access to network resources and cardholder data
Requirement 11: Regularly test
security systems and processes
Requirement 12: Maintaining a
policy that addresses information security for all personnel
How to Stay in Compliance
Choose a Qualified Security
Choose an Approved Scanning Vendor
Scope of Assessment for Compliance
Use the Self Assessment
A certificate is issued at the end of
Seminar check-in: 8:30AM
Seminar Program: 9:00AM - 4:00PM