Payment Card Industry (PCI)

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
12 hours 57 minutes
Difficulty
Intermediate
CEU/CPE
13
Video Transcription
00:00
>> We're going to talk about the Payment
00:00
Card Industry Standard, PCI.
00:00
In this lesson, we're going to talk about
00:00
the Payment Card Industry.
00:00
We're going to talk about the information regulated
00:00
by the Payment Card Industry Standard,
00:00
and the implication of PCI in the Cloud.
00:00
The Payment Card Industry Data Security Standard is
00:00
referencing companies that are
00:00
processing credit card transactions.
00:00
Notice I said standard,
00:00
it's not a regulation or a law.
00:00
This is a standard that was created
00:00
by many of the large credit card processing companies,
00:00
the companies that issues credit cards got together,
00:00
and formed a private organization, PCI,
00:00
to create a certain set of standards and
00:00
best practices around the security
00:00
of credit card information.
00:00
On the left here, we have many of
00:00
the high level controls with regards
00:00
>> to PCI requirements.
00:00
>> The secure network, making sure you're secure,
00:00
a cardholder data, vulnerability management,
00:00
access control, network monitoring,
00:00
and then overall information security governance.
00:00
Now, you'll see that many of
00:00
these high level controls from
00:00
both the standards as
00:00
well many of the laws we discussed,
00:00
always have this aspect in mind,
00:00
they want you to be able to identify the data,
00:00
the data that needs to be protected.
00:00
Make sure you're securing your network,
00:00
and that means reviewing who has access to what,
00:00
from a confidentiality perspective
00:00
and addressing vulnerabilities,
00:00
their vulnerability management,
00:00
while the same time,
00:00
monitoring your network for signs of intrusion.
00:00
A lot of these controls are very
00:00
similar and there is a lot of overlap
00:00
amongst many of those regulations and standards,
00:00
when it comes to the overall security controls
00:00
that are needed in the Cloud environment.
00:00
One of the important things to also consider is that
00:00
PCI DSS compliance changes based on the level,
00:00
the level of PCI.
00:00
There are four different levels based on
00:00
how many transactions per
00:00
year your company is processing.
00:00
If you have a Cloud-based product or store,
00:00
you'll want to keep track of
00:00
these transaction levels and do PCI scan,
00:00
so ensure that you are compliant.
00:00
Level 1 is the highest level,
00:00
with six million plus transactions a year.
00:00
Level 2, one million
00:00
up to six million transactions per year.
00:00
Level 3 is 20,000 - 1 million transactions a year,
00:00
and level 4 is less than 20,000 transactions a year.
00:00
Companies that are at one,
00:00
at the highest level of requirements,
00:00
and you can do many of
00:00
these PCI self-assessments on your organization,
00:00
to identify which of the levels applies,
00:00
and which are the controls that PCI requires,
00:00
need to be implemented within your organization.
00:00
Companies also do PCI auditing, PCI readiness,
00:00
to help ensure that they are compliant
00:00
with the standard and
00:00
a good steward of customer credit card data.
00:00
Quiz question. Which of the following is
00:00
the highest Payment Card
00:00
Industry Data Security Standard compliance level?
00:00
Level 1, Level 3 or Level 4?
00:00
Level 1 is the highest.
00:00
Remember that is when they are processing over
00:00
six million credit card transactions a year,
00:00
and then Level 4 is the lowest when there's
00:00
underneath at 20,000 transactions being processed.
00:00
These levels are good to keep in
00:00
mind venture acts for whether you
00:00
know the size of your organization
00:00
and the number of sales that they are doing,
00:00
and what their credit cards are being
00:00
processed in your Cloud environment,
00:00
you go understand that as the business grows,
00:00
the complexity of the requirements
00:00
associated with the Payment Card Industry,
00:00
DSS standard will also
00:00
increase and you need to stay on top of it.
00:00
In summary, we've talked about the origin and
00:00
importance of the PCI Standard,
00:00
talked about the implications for the Cloud.
00:00
Then we also talked about the four PCI DSS levels,
00:00
and how those change over time,
00:00
if your company is processing
00:00
more credit card transactions.
00:00
I'll see you in the next lesson.
Up Next