From the course: Getting Started with PCI 4.0 Compliance
Introduction to PCI 4.0
From the course: Getting Started with PCI 4.0 Compliance
Introduction to PCI 4.0
- [Laura] This course is going to take a reasonably deep dive into Payment Card Industry Data Security Standards Compliance, or PCI DSS, with a special focus on the PCI DSS 4.0 standards, which were released at the end of March 2022. For many merchant providers, mentioning PCI DSS may cause a chill, as most organizations don't particularly relish the idea of another compliance framework. Nevertheless, this set of standards is a really good set of security best practices which organizations should want to put in place. There are other PCI standards, but this course will cover PCI DSS specifically. PCI DSS is the standard published by the Payment Card Industry Security Standards Council, or PCSSE. The Council is responsible for developing and managing the PCI security standards, approving and training qualified assessors, publishing updates and fixes to standards and the related documentation, and providing an open forum for discussion about the standards. If you are an entity of any kind who processes, transmits, or stores cardholder data, and/or sensitive authentication data, then you'll need to meet PCI data security standard requirements. This could include merchants, banks, payment processes, and so on. You may also have to meet PCI if you're an entity, such as a data center, whose environment can affect the security of another entity's cardholder data environment, or CDE. Cardholder data is a term that references a number of fields. The most important field is the primary account number, or PAN. If you transmit, process, or store the PAN, you are in line for PCI DSS. Sensitive authentication data includes the magnetic strip data, chip data, card verification code, and any pin information. Cardholder data PANs and CDEs will be mentioned many times in this course. My goal in this particular course is to help provide the framework around which you can start down the path to PCI 4.0 compliance. From discussions around working with auditors, to scoping your environment and providing fine ladder stations. I will also be discussing the requirements at a very high level, and in 2023 I'll be releasing another course which will go into depth on the individual standards. It is too much content to cover in this course. If you need a bit more background, I'm going to provide some extra references for you to look at next.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.