If your organisation collects cardholder data, you need to comply with the Payment Card Industry Data Security Standard (PCI DSS). The Standard was designed to help organisations manage card payments securely, and is regulated by major card brands (Visa, Mastercard, American Express, JCB and Discover).
Failure to comply with the PCI DSS will lead to disciplinary action and reputational damage, but it could also lead to penalties from the payment card brands. Non-compliant organisations are likely to get less valuable commercial terms and may even be refused service.
It’s therefore vital that your organisation takes its compliance obligations seriously. The Standard contains more than 250 controls, which are split into 12 requirements. Organisations often mistakenly focus on the technological concerns, and although things such as firewalls and virus detection are an essential part of compliance, they are only effective if organisations put equal emphasis on their employees. Many employees handle payment card data on a day-to-day basis, making them your first line of defence and your biggest vulnerability.
Requirement 12.6 of the Standard underlines the need to manage your employees, stating that organisations must “implement a formal security awareness program to make all personnel aware of the importance of cardholder data security”.
Our PCI DSS Staff Awareness E-learning Course provides clear explanations of what you and your employees need to do to meet the requirements of the Standard.
This online course is ideal for everyone in your organisation, and should be deployed as part of your overall information security awareness programme. It explains:
- What the PCI DSS is and why employees need to be aware of it;
- The terms and definitions used in the Standard; and
- How to apply the Standard’s requirements.