Gloucester (UK), May 2018 - Some £58bn was spent via credit and debit cards in the UK in April last year, some 6.8 per cent more than was spent in April 2016, according to the UK’s Office for National Statistics. While this might appear to offer increasing opportunities for card fraud, these opportunities are being minimised by the Payment Card Industry Data Security Standard (PCI DSS) – and by related learning materials, such as those launched recently by Engage in Learning.
The worldwide PCI DSS, which aims to help prevent card fraud and enable organisations to process card payments securely, is the result of collaboration among the major credit card brands: American Express, Discover, JCB, Mastercard, and Visa. Complying with PCI DSS means that an organisation is doing its best to keep its customers’ information safe, secure, and out of the hands of those who could use that data in a fraudulent way.
“Anyone accepting a card payment is responsible for looking after that customer’s card data, regardless of who processes the data for that person’s organization,” explained Engage in Learning’s Managing Director, Chris Horseman. “Moreover, those accepting card payments must comply with PCI DSS. It isn’t optional.”
“The Engage in Learning PCI DSS eLearning programme explains how the payment card system works, sets out the PCI’s requirements for organisations that process card payments, and outlines what those who handle payment card details need to know to ensure that they handle payment card data securely.”
Intended to protect sensitive cardholder data, the PCI DSS has 12 high level requirements, encompassed in six categories:
- Build and maintain a secure network: Install and maintain a firewall configuration to protect data. Don’t use vendor-supplied defaults for system passwords and other security parameters.
- Protect cardholder data: Protect stored data via encryption. Encrypt the transmission of cardholder data and sensitive information across the public net.
- Maintain a vulnerability management program: Use, and regularly update, anti-virus software. Develop and maintain secure systems and applications.
- Implement strong access control measures: Restrict access to data by business on a need-to-know basis. Assign a unique ID to each person with computer access. Restrict physical access to cardholder data.
- Regularly monitor and test networks: Track and monitor all access to network resources and cardholder data. Regularly test security systems and processes.
- Maintain an information-security policy: Maintain a policy that addresses information security.
ECSC, the UK's longest running full service information and cyber security service provider, has commented, "This Engage in Learning course has been reviewed and verified by ECSC, a leading expert in PCI DSS compliance."