3 hours 37 minutes
Welcome to the cyber. Very demystifying P C. I. D. S s compliance Course
this module focus on the fundamentals of what P. C. I is at some of the basics of what it takes to conduct transactions.
This video is a basic introduction to the payment card industry and some of the standards and certifications associated with it.
The objectives of this video is to teach you what the P c I s S e s s e is
and their responsibilities,
as well as to provide you with the certifications that they manage.
The payment card Industry Security Standards Council or P C I S S C was formed by American Express Discover, J, C, B, MasterCard and Visa.
The council was charged to establish a set of security standards known as the peat payment card industry data Security standard or P C. I. D. S s.
They also set the standards for all of the components for processing payments.
The P C I s S C provides education and outreach programs, answers to frequently asked questions,
rosters of auditors and encryption solutions and guidance on what is needed to implement a secure payment environment.
While each of these payment brands have their come together to form the P C I S S C.
They each have their own compliance program and is responsible for its enforcement.
One payment brand will have different penalties and fees than another.
They also have their own unique requirements when it comes to investigating a potential security breach.
As a merchant, you have to be aware of these differences when building out your compliance and security program.
We will explore this more when we talk about PC I incident response and later modules.
let's talk about some of the programs managed by P. C I and see how they all fit together.
The PC. I point to point encryption or P to P E program.
It's designed for hardware based encryption solutions.
P two p e solutions are combinations of secure devices, applications and processes that encrypt data from the point of interaction or P o. I.
So these were the card readers that holders dip, swipe or tap their card that is then encrypted until the data reads the secure decryption environment for processing.
Almost all of us should be familiar with these devices. If we physically use our credit cards to conduct transactions.
PC i Personal identification number, Transaction security or pts is focused on the physical and logical security of point of sales devices and terminals.
These are the attended and unintended systems that take payments.
You would run into these when interacting with an unattended system. An example of this is automated machines that take payments for parking or gas pumps at a gas station.
Now we have the PC I payment application data security standard or P A. D. S s.
The standard is focused on providing a standard for software vendors who develop payment applications.
This standard defines how companies handle payment card data with software.
When you go to a website, you could see that P. C I S S C provides a list of applications that are compliant.
They also list all the dependencies and the components tested.
The payment card industry data security standard P. C. I. D. S s
is a set of security standards designed to ensure that all companies that except process store or transmit credit card information maintain a secure environment.
It applies to merchants and service providers to ensure that they have the secure infrastructure in place
This is a standard will be focusing on throughout this course.
Here's a look at the chain
It's a picture of how it all fits together.
The hardware facilitates a software which facilitates the merchants and service providers.
P. T. P E shows that encryption of cardholder data is required from end to end.
The PC I Token service provider, or TSP, is designed for the security of the token ization process.
The TSP is an entity within the payments ecosystem that is able to provide register token merchants with a surrogate credit card or debit card numbers, otherwise known as payment tokens.
Payment tokens can only be used in a specific domains, such as a merchant's online website or a predefined channel, like a mobile device to make near field communication or NFC payments.
Payment tokens are designed to increase the security of payment transactions.
Next is a PC I three Domain Secure or three D s core security standard.
The three B s is a messaging protocol to facilitate the exchange of data between the merchant and cardholder and card issuer.
The objective of this is to benefit each of these parties by providing the ability to authenticate cardholders during a card not present e commerce purchase is reducing the likelihood of fraudulent usage of payment cards.
The three domains consist of the merchant acquirer domain,
the card issuer domain
and the interoperability. Comey.
In this video, we talked about how the P c I S S C was formed and the certifications that they have to find for those that wish to provide secure card transaction days.
We spoke of the P C I D S s P C I p t s p c i p a d s s p c i t s p p c i p to p e and the pc i three d s
Now for a quick quiz
for which of these is the P. C I S S C not responsible for
each payment brand requires its own methods for reporting incidents.
A payment token is used for what
token ization is a process of protecting sensitive data by replacing it with an algorithmic really generated number called a token.
Often, tokens are used to prevent credit card fraud.
It has no mechanisms for detecting from
true or false.
The P. C I S S C was created to have consistent finds and processes. The company is out of compliance.
This one is false
fighters and finds and processes air developed by the individual pregnant friends.