Some £58bn was spent via credit and debit cards in the UK in April last year - some 6.8 per cent more than was spent in April 2016 - according to the UK’s Office for National Statistics.
While this might appear to offer increasing opportunities for card fraud, these opportunities are being minimised by the Payment Card Industry Data Security Standard (PCI DSS) – and by related learning materials, such as those launched recently by Engage in Learning.
The worldwide PCI DSS - which aims to help prevent card fraud and enable organisations to process card payments securely - is the result of collaboration between the major credit card brands: American Express, Discover, JCB, Mastercard and Visa. Complying with PCI DSS means that an organisation is doing its best to keep its customers’ information safe, secure and out of the hands of those who could use that data in a fraudulent way.
Anyone accepting a card payment is responsible for looking after that customer’s card data, regardless of who processes the data for that person’s organization. Moreover, those accepting card payments must comply with PCI DSS. It isn’t optional.
The Engage in Learning PCI DSS eLearning programme explains how the payment card system works; sets out the PCI’s requirements for organisations that process card payments, and outlines what those who handle payment card details need to know to ensure that they handle payment card data securely.
Intended to protect sensitive cardholder data, the PCI DSS has 12 high level requirements, encompassed in six categories:
1. Build and Maintain a Secure Network - install and maintain a firewall configuration to protect data. Don’t use vendor-supplied defaults for system passwords and other security parameters.
2. Protect Cardholder Data - protect stored data via encryption. Encrypt the transmission of cardholder data and sensitive information across the public net.
3. Maintain a Vulnerability Management Program – use, and regularly update, anti-virus software. Develop and maintain secure systems and applications.
4. Implement Strong Access Control Measures - restrict access to data by business on a need-to-know basis. Assign a unique ID to each person with computer access. Restrict physical access to cardholder data.
5. Regularly Monitor and Test Networks - track and monitor all access to network resources and cardholder data. Regularly test security systems and processes.
6. Maintain an Information Security Policy - maintain a policy that addresses Information Security.
ECSC, the UK's longest running full service information and cyber security service provider, has reviewed and verified this course.
Don't leave your organisation or your staff at risk, consider your PCI DSS training options now.
We are happy to provide you with free, full access to our eLearning course so you can complete it for yourselves and see just how fast, easy and engaging it is to train staff anytime, anywhere, in multiple languages and with a full auditable trail for your organisation's peace of mind and legal transparency. Give it a try, you'll see that we're an award-winning eLearning solutions provider for a reason.