PCI Part 1

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
51 minutes
Difficulty
Intermediate
CEU/CPE
1
Video Transcription
00:01
Hello and welcome to Cyberia Intermediate Data Security Course PC I. I'll be your instructor. Dustin Perry.
00:08
In today's video, we're going to discuss what PC I is and what types of data fall into the PC I category. Then we're going to go over why it's important to secure that data. So let's get started.
00:21
So PC eyes the payment card industry, the payment card industry
00:25
data security standards or P C I. D. S s is a set of security standards designed to ensure that all companies that accept, process, store or even transmit credit card information maintain a secure environment.
00:40
The P. C I. S s seat or payment card Industry Security Standards Council was launched on September 7th 2006 toe help manage the ongoing evolution of the payment card industry security standards with a focus on improving payment account security. Throughout, Thean tracked the transaction process.
01:00
The PC I and DSS is administered and managed by the P C I s a C and that's the P C i security standards or
01:10
which is in an independent body that was created by the major payment and credit card brands.
01:15
And let's go ahead and hop in the website here.
01:21
Yeah. So this is the P C I S S C or Security Standards Council website, and this is where you're gonna have all of the most today up to date information about PC I and the data security standards behind it.
01:36
So it goes a little bit of over why you should secure and how we can help. And this is them going over what they provide, including training, different events, toe learn about it. And they also have news as well, which is really good because thes data security centers do change from time to time, so it's important to stay on top of them.
01:55
And again the website for this is just PC i security standards dot org's
02:00
so back to our side show.
02:05
So what types of PC I data are there?
02:09
Hackers always want your cardholder data by obtaining the primary account number or the P A. M. That's the 16 digit credit card number on your credit card debit card. Any card like that,
02:23
Another sensitive authentication data. With this information, a thief can impersonate the cardholder, use the card and steal the cardholder's identity.
02:32
So let's ah take a look at the diagram, and this goes over everything the PC I covers, and that's anything with the red arrows. So on the front of a credit card, most of your common ones will have ah, chip nowadays, and that's to help protect the card versus
02:51
some of the skimming and stuff that was, It's really popular. It still is.
02:55
Then again, you have the primary account number or the P A M. And that's your 16 digit card number.
03:01
Under that, you've got your your name, of course, on bats, whoever owns the card of, of course, and then we have the expiration date, and this is important, especially for any online purchases. You probably used a credit or debit card online, and you always need
03:17
those those things right there. The p A in your primary account number, your name and your expiration date.
03:23
Sometimes you'll also need what's called C A V to ah, see I d cvv two, and that's on the back of your card.
03:34
And that's on the right hand side of the diagramming, and that's usually a three digit code.
03:38
And then, of course, most cards still have the regular magnetic stripe which holds data on it.
03:49
So what should you secure?
03:51
You secure cardholder data where it's captured at the point of sale and as it flows into the payment system,
03:58
the best step you can take is to not store any cardholder data ever. And this includes protecting all of your card readers. And that's physical access to them.
04:09
Point of sale systems, any registers or just a straight pos system that your company has. You need to make sure that only authorized users have access to the system itself physically and to the operating system on it.
04:23
You also need to secure any store networks and wireless access routers that these devices air connected. Teoh. You wouldn't want your register on your guest network that anybody can access.
04:35
You also need to secure payment card, data storage and transmission, and that's again I recommend if you can never storing any of that data and then you don't have to worry about that. But you also want to protect it as it's transmitted across the wire, and this includes things like encryption.
04:54
If you do have to do any paper based sales, which is common if the Internet goes down Or maybe you lose power and you still need to process sales.
05:03
Typically, you would take those on paper and you need to secure that paper so no one can walk in and take it and steal all that card information.
05:13
And lastly, you want to make sure you're securing any online payment applications and a shopping carts as well.
05:21
So what is PC I DSS, or what does it stand for?
05:28
Give you just a quick question?
05:31
Quick minutes over that?
05:35
Yeah, it's the payment card industry. We knew that was pretty easy to remember. But then also data security standard.
05:42
And that's the set of security standards designed to ensure that all companies that accept, process, store or transmit credit card information maintain a secure environment.
05:53
When most people talk about PC, I d assess, they more commonly refer to it as just PC I or being PC I compliant. That means that your meeting all of the standards to secure that data.
06:08
So why do you want to secure that data?
06:10
And we've kind of talked about that the security of Carvel data really affect everybody.
06:15
The breech, or theft of cardinal data affects the entire payment card ecosystem.
06:19
Customers will lose trust and merchants or financial institutions. Their credit could be negatively affected, and there is enormous personal follow. Merchants and financial institutions lose credibility and in turn, business,
06:34
they're also subject Teoh many numerous financial liabilities and finds following PC I security standards really just good business.
06:46
These standards help ensure healthy and trustworthy payment card transit transactions for the hundreds of millions of people worldwide that use their cards every day.
06:57
In today's video, we discussed the payment card industry standards
07:01
types of PC I data
07:03
and how and why to secure PC I data In the next video, we're going to continue our conversation on PC I so safety.
Up Next