1.2 PCI/DSS

00:00

Welcome to the cyber. Very demystifying P C. I. D. S s compliance Course

00:07

this module focus on the fundamentals of what P. C. I is at some of the basics of what it takes to conduct transactions.

00:16

This video is a basic introduction to the payment card industry and some of the standards and certifications associated with it.

00:25

The objectives of this video is to teach you what the P c I s S e s s e is

00:31

and their responsibilities,

00:32

as well as to provide you with the certifications that they manage.

00:39

The payment card Industry Security Standards Council or P C I S S C was formed by American Express Discover, J, C, B, MasterCard and Visa.

00:52

The council was charged to establish a set of security standards known as the peat payment card industry data Security standard or P C. I. D. S s.

01:02

They also set the standards for all of the components for processing payments.

01:07

The P C I s S C provides education and outreach programs, answers to frequently asked questions,

01:12

rosters of auditors and encryption solutions and guidance on what is needed to implement a secure payment environment.

01:22

While each of these payment brands have their come together to form the P C I S S C.

01:26

They each have their own compliance program and is responsible for its enforcement.

01:32

One payment brand will have different penalties and fees than another.

01:36

They also have their own unique requirements when it comes to investigating a potential security breach.

01:42

As a merchant, you have to be aware of these differences when building out your compliance and security program.

01:48

We will explore this more when we talk about PC I incident response and later modules.

01:56

Now

01:57

let's talk about some of the programs managed by P. C I and see how they all fit together.

02:01

The PC. I point to point encryption or P to P E program.

02:07

It's designed for hardware based encryption solutions.

02:10

P two p e solutions are combinations of secure devices, applications and processes that encrypt data from the point of interaction or P o. I.

02:21

So these were the card readers that holders dip, swipe or tap their card that is then encrypted until the data reads the secure decryption environment for processing.

02:30

Almost all of us should be familiar with these devices. If we physically use our credit cards to conduct transactions.

02:38

PC i Personal identification number, Transaction security or pts is focused on the physical and logical security of point of sales devices and terminals.

02:50

These are the attended and unintended systems that take payments.

02:54

You would run into these when interacting with an unattended system. An example of this is automated machines that take payments for parking or gas pumps at a gas station.

03:07

Now we have the PC I payment application data security standard or P A. D. S s.

03:13

The standard is focused on providing a standard for software vendors who develop payment applications.

03:17

This standard defines how companies handle payment card data with software.

03:23

When you go to a website, you could see that P. C I S S C provides a list of applications that are compliant.

03:30

They also list all the dependencies and the components tested.

03:37

The payment card industry data security standard P. C. I. D. S s

03:42

is a set of security standards designed to ensure that all companies that except process store or transmit credit card information maintain a secure environment.

03:52

It applies to merchants and service providers to ensure that they have the secure infrastructure in place

03:59

This is a standard will be focusing on throughout this course.

04:04

Here's a look at the chain

04:06

It's a picture of how it all fits together.

04:09

The hardware facilitates a software which facilitates the merchants and service providers.

04:15

P. T. P E shows that encryption of cardholder data is required from end to end.

04:21

The PC I Token service provider, or TSP, is designed for the security of the token ization process.

04:30

The TSP is an entity within the payments ecosystem that is able to provide register token merchants with a surrogate credit card or debit card numbers, otherwise known as payment tokens.

04:42

Payment tokens can only be used in a specific domains, such as a merchant's online website or a predefined channel, like a mobile device to make near field communication or NFC payments.

04:55

Payment tokens are designed to increase the security of payment transactions.

05:01

Next is a PC I three Domain Secure or three D s core security standard.

05:09

The three B s is a messaging protocol to facilitate the exchange of data between the merchant and cardholder and card issuer.

05:16

The objective of this is to benefit each of these parties by providing the ability to authenticate cardholders during a card not present e commerce purchase is reducing the likelihood of fraudulent usage of payment cards.

05:31

The three domains consist of the merchant acquirer domain,

05:35

the card issuer domain

05:36

and the interoperability. Comey.

05:43

In this video, we talked about how the P c I S S C was formed and the certifications that they have to find for those that wish to provide secure card transaction days.

05:54

We spoke of the P C I D S s P C I p t s p c i p a d s s p c i t s p p c i p to p e and the pc i three d s

06:10

Now for a quick quiz

06:12

for which of these is the P. C I S S C not responsible for

06:25

each payment brand requires its own methods for reporting incidents.

06:32

A payment token is used for what

06:41

token ization is a process of protecting sensitive data by replacing it with an algorithmic really generated number called a token.

06:48

Often, tokens are used to prevent credit card fraud.

06:53

It has no mechanisms for detecting from

07:00

true or false.

07:01

The P. C I S S C was created to have consistent finds and processes. The company is out of compliance.

07:12

This one is false