Safety and risk management

Learn what PCI-DSS requirements are, how to securely manage cardholder records; accounts and data; and learn how to recognise and prevent security breaches. 

Learn what PCI-DSS (Payment Card Industry Data Security Standard) is, and your basic responsibilities, both technical and non-technical. 

What is PCI?
The Payment Card Industry Data Security Standard (PCI-DSS) is a set of requirements designed to ensure that cardholder data is processed, stored, and transmitted in a safe and secure manner.


PCI-DSS was created with the goal of ensuring card data was secure, and dealt with in a similar manner across all vendors and merchants.
This greatly reduces the risk of vulnerability for all parties involved.


Anyone who accepts, processes, or transmits cardholder data (employees, contractors & developers)  must comply with PCI requirements.


Who needs to comply with PCI requirements if they accept, process, or transmit cardholder data?


How does PCI-DSS protect cardholder data?
Through a range of measures, our PCI-DSS policy takes important steps to protect cardholder data.


Secure Network
All payment data is transmitted using AES encryption over a secure computer network. Card details can never be stored in plain text, and passwords must be secure and regularly changed.
It would take the world's fastest computer a billion billion years to decrypt AES encryption without the private key (which is a secret, like a password).


Vulnerability Management Program
Beem It has a policy of vulnerability management, including strong anti-virus, firewalls, agile security updates and systems designed with security in mind. This policy doesn't work, however, if your own devices are running old software.


It is important that you, as a user of IT systems, install software updates as soon as they become available, and familiarise yourself with how to install updates on all your devices.


As an organisation, we also conduct employee background checks before exposing employees to cardholder information.
It is important to keep this in mind if you are ever in charge of onboarding someone in a sensitive position. If you're unsure, check with the HR department.


Access Control
Unique IDs for everybody who accesses our networks, no physical access to cardholder information, and a security hierarchy are all ways in which Beem It maintains access control of their secure information.


As an employee who accepts, processes, or transmits cardholder data, it is important you never share your User ID or Password with anybody else.
You never know where your information will end up.


Which of these are consequences of  non-compliance with PCI security?


Never share your username or password
Keep your computer up to date, and enable automatic updates
Never write down a customer's credit card information
Never write down a username or password
Use a secure password containing letters, number and special characters


Summary: How can you protect yourself, your **employer ** and your customers?


Intro to PCI-DSS Requirements

Learn about policy surrounding the recognition and prevention of security breaches. 

Recognise and Prevent Security Breaches

Find out how to think of strong passwords, and techniques for creating strong but memorable passwords. 

Choosing Strong Passwords

Understand the policies and procedures surrounding the management of Cardholder Records. 

Securely Managing Cardholder Records

Review the main concepts covered by the course in this review lesson. 

New

free course

PCI-DSS Requirements

PCI-DSS Requirements Lessons

Course overview

The full course includes

Explore more

EdApp is easy to use and free for you and your team. No credit card required.