The eLamb Guide to PCI Compliance

As the shift from paper money moves rapidly to card-based payments, to the point where paper money may not exist for much longer, so with it comes more need for security. Throughout the world this is known as PCI DSS (Payment Card Industry Data Security Standard), which is a set of security standards designed to ensure ALL companies that accept, process, store or transmit any card information keep it secure.

The regulations around PCI DSS apply to any organisation, regardless of employee count or incomes, there are a number of levels you would fall into depending on your company details.

Merchant LevelDescription
1Any merchant — regardless of acceptance channel — processing over 6M Visa transactions per year. Any merchant that Visa, at its sole discretion, determines should meet the Level 1 merchant requirements to minimize risk to the Visa system.
2Any merchant — regardless of acceptance channel — processing 1M to 6M Visa transactions per year.
3Any merchant processing 20,000 to 1M Visa e-commerce transactions per year.
4Any merchant processing fewer than 20,000 Visa e-commerce transactions per year, and all other merchants — regardless of acceptance channel — processing up to 1M Visa transactions per year.

This means if your company wants to store card data it must be PCI compliant, your staff must be trained to be compliant and understand why, how and what the reasons are for them being taught this information, so eLamb has created an eLearning compliance package. We’ve created all the content a business would need to train its staff to the required levels of competency.

Pile of Credit CardsOnce staff have become trained in PCI DSS related items, it will help the company avoid the penalties that come with ignoring it. If an incident is found to have happened, fines of between £5,000-10,000 could be implemented on the banks themselves and you can bet these figures will be passed down the chain until they reach the merchant themselves. This is why it’s best to train all members of staff and there is no better way to do so than with a custom eLearning course

Overall there are 12 high-level requirements, and they fall into the six categories below:

Build and Maintain a Secure Network
  • Install and maintain a firewall configuration to protect data
  • Do not use vendor-supplied defaults for system passwords and other security parameters.
Protect Cardholder Data
  • Protect stored data (use encryption)
  • Encrypt transmission of cardholder data and sensitive information across public networks
Maintain a Vulnerability Management Program
  • Use and regularly update anti-virus software
  • Develop and maintain secure systems and applications
Implement Strong Access Control Measures
  • Restrict access to data by business need-to-know
  • Assign a unique ID to each person with computer access
  • Restrict physical access to cardholder data
Regularly Monitor and Test Networks
  • Track and monitor all access to network resources and cardholder data
  • Regularly test security systems and processes
Maintain an Information Security Policy
  • Maintain a policy that addresses Information Security

If you think that you might need an online assessment and an eLearning provider like eLamb to help you accomplish this, or to just learn more about any of our eLearning courses and assessments then drop us a note below or call+44 (0)1325 734 885.

Don’t be shy say hello