Time
3 hours 37 minutes
Difficulty
Beginner
CEU/CPE
4

Video Transcription

00:00
welcome to the side. Very D mystifying PC idea says compliance course
00:06
this module focused on the goals of the P C I. D. Ss and the requirements associate it with him.
00:12
This video introduces you to requirement for
00:15
we will talk about some of the requirements associated with protecting the transmission of cardholder data.
00:23
The learning objective of this video is to explore how to satisfy requirements around protecting the transmission of cardholder data and ways you can satisfy The P. C. I. D. S s requirement for
00:36
requirement for is pretty short and straight to the point.
00:40
If it's being encrypted over networks, it needs to be encrypted.
00:44
The P. C I. D. S says does make the distinction that this requirement is focused on public networks. But really, for best practice, it should be the methodology you apply across all networks.
00:57
This image is just the depiction of two systems communicating via encrypted channels over an insecure network
01:03
requirement for 0.1. What's merchants to use strong cryptography and security protocols? The safeguard sensitive cardholder data during transmission
01:12
objective, you should meet our toe only trust the keys and certificates are accepted.
01:19
You secure protocols and support only secure versions or configurations
01:23
use encryption strength that is appropriate for the encryption methodology and use.
01:30
A good auditor will be up to date on the latest vulnerabilities associated with cryptographic mechanisms.
01:36
As a merchant,
01:37
you have to understand that not all encryption is created. Equal
01:41
implementation and support of weaker encryption tools can lead to an insecure environment,
01:47
So you need to know top to bottom how you've implemented your inbound and outbound transmission encryption schemes.
01:53
An important note is that of As of June 2018 you could no longer support early SSL
02:01
or early T L s implementations or SSL
02:07
requirement for that one. That one is around wireless.
02:12
As a merchant, you must ensure wireless networks transmitting cardholder data or connected to the cardholder data environment. Used industry best practices to implement strong encryption for authentication and transmission.
02:25
PC ice. Put out an implementation guide for best Practices and wireless located here.
02:36
Requirement 4.2 should be ingrained in all staff that handles cardholder data.
02:40
They should never send unprotected pans by end user messaging technologies,
02:47
for example, e mail, instant messaging, SMS chat
02:53
or any of the application shown in this image.
02:55
These are insecure protocols and will lead to sensitive data spilling into environments. Outside of the CD,
03:02
an auditor will observe how merchants handle any messaging technologies and make sure that it's written in policy that cardholder data is not to be used in the tech
03:15
and finally for requirement for
03:17
requirement for 0.3 wants to ensure that security policies and operational procedures for encrypting transmissions of cardholder data is documented
03:27
in use and known by all those who operate within the environment.
03:32
In summary, we discussed all of the mandates associated with PC High Requirement for
03:38
Requirement for Wants to make sure our cardholder data is transmitted across the networks is secure from eavesdropping.
03:46
Included was a guide for deploying wireless networks within the cardholder data environment.
03:53
No for a quick Quist
03:54
tour. False.
03:57
As long as a merchant is using some encryption to transmission, transmit data, they're in compliance.
04:06
Some encryption ciphers have proven vulnerabilities associated with them.
04:11
Make sure you're only using up to date strong encryption mechanisms

Up Next

PCI DSS: Payment Card Industry Data Security Standard

This online PCI DSS training course covers the basic aspects of the PCI Data Security Standard for handling credit card data. It’s designed for professionals working for companies that must comply with the PCI DSS and its impact on company operations.

Instructed By

Instructor Profile Image
Timothy McLaurin
Director of Information Security at Wildcard Corp
Instructor