1.2 PCI/DSS

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Time
3 hours 37 minutes
Difficulty
Beginner
CEU/CPE
4
Video Transcription
00:00
Welcome to the cyber. Very demystifying P C. I. D. S s compliance Course
00:07
this module focus on the fundamentals of what P. C. I is at some of the basics of what it takes to conduct transactions.
00:16
This video is a basic introduction to the payment card industry and some of the standards and certifications associated with it.
00:25
The objectives of this video is to teach you what the P c I s S e s s e is
00:31
and their responsibilities,
00:32
as well as to provide you with the certifications that they manage.
00:39
The payment card Industry Security Standards Council or P C I S S C was formed by American Express Discover, J, C, B, MasterCard and Visa.
00:52
The council was charged to establish a set of security standards known as the peat payment card industry data Security standard or P C. I. D. S s.
01:02
They also set the standards for all of the components for processing payments.
01:07
The P C I s S C provides education and outreach programs, answers to frequently asked questions,
01:12
rosters of auditors and encryption solutions and guidance on what is needed to implement a secure payment environment.
01:22
While each of these payment brands have their come together to form the P C I S S C.
01:26
They each have their own compliance program and is responsible for its enforcement.
01:32
One payment brand will have different penalties and fees than another.
01:36
They also have their own unique requirements when it comes to investigating a potential security breach.
01:42
As a merchant, you have to be aware of these differences when building out your compliance and security program.
01:48
We will explore this more when we talk about PC I incident response and later modules.
01:56
Now
01:57
let's talk about some of the programs managed by P. C I and see how they all fit together.
02:01
The PC. I point to point encryption or P to P E program.
02:07
It's designed for hardware based encryption solutions.
02:10
P two p e solutions are combinations of secure devices, applications and processes that encrypt data from the point of interaction or P o. I.
02:21
So these were the card readers that holders dip, swipe or tap their card that is then encrypted until the data reads the secure decryption environment for processing.
02:30
Almost all of us should be familiar with these devices. If we physically use our credit cards to conduct transactions.
02:38
PC i Personal identification number, Transaction security or pts is focused on the physical and logical security of point of sales devices and terminals.
02:50
These are the attended and unintended systems that take payments.
02:54
You would run into these when interacting with an unattended system. An example of this is automated machines that take payments for parking or gas pumps at a gas station.
03:07
Now we have the PC I payment application data security standard or P A. D. S s.
03:13
The standard is focused on providing a standard for software vendors who develop payment applications.
03:17
This standard defines how companies handle payment card data with software.
03:23
When you go to a website, you could see that P. C I S S C provides a list of applications that are compliant.
03:30
They also list all the dependencies and the components tested.
03:37
The payment card industry data security standard P. C. I. D. S s
03:42
is a set of security standards designed to ensure that all companies that except process store or transmit credit card information maintain a secure environment.
03:52
It applies to merchants and service providers to ensure that they have the secure infrastructure in place
03:59
This is a standard will be focusing on throughout this course.
04:04
Here's a look at the chain
04:06
It's a picture of how it all fits together.
04:09
The hardware facilitates a software which facilitates the merchants and service providers.
04:15
P. T. P E shows that encryption of cardholder data is required from end to end.
04:21
The PC I Token service provider, or TSP, is designed for the security of the token ization process.
04:30
The TSP is an entity within the payments ecosystem that is able to provide register token merchants with a surrogate credit card or debit card numbers, otherwise known as payment tokens.
04:42
Payment tokens can only be used in a specific domains, such as a merchant's online website or a predefined channel, like a mobile device to make near field communication or NFC payments.
04:55
Payment tokens are designed to increase the security of payment transactions.
05:01
Next is a PC I three Domain Secure or three D s core security standard.
05:09
The three B s is a messaging protocol to facilitate the exchange of data between the merchant and cardholder and card issuer.
05:16
The objective of this is to benefit each of these parties by providing the ability to authenticate cardholders during a card not present e commerce purchase is reducing the likelihood of fraudulent usage of payment cards.
05:31
The three domains consist of the merchant acquirer domain,
05:35
the card issuer domain
05:36
and the interoperability. Comey.
05:43
In this video, we talked about how the P c I S S C was formed and the certifications that they have to find for those that wish to provide secure card transaction days.
05:54
We spoke of the P C I D S s P C I p t s p c i p a d s s p c i t s p p c i p to p e and the pc i three d s
06:10
Now for a quick quiz
06:12
for which of these is the P. C I S S C not responsible for
06:25
each payment brand requires its own methods for reporting incidents.
06:32
A payment token is used for what
06:41
token ization is a process of protecting sensitive data by replacing it with an algorithmic really generated number called a token.
06:48
Often, tokens are used to prevent credit card fraud.
06:53
It has no mechanisms for detecting from
07:00
true or false.
07:01
The P. C I S S C was created to have consistent finds and processes. The company is out of compliance.
07:12
This one is false
07:14
fighters and finds and processes air developed by the individual pregnant friends.
Up Next