Module One – The Basics

This first module covers everything you need to know about PCI DSS, including how it works, who it affects, and why compliance is so important in building a stable and strong ‘Human Firewall’.

Introduction
What is PCI DSS and who does it affect?
Why is PCI Compliance important?
The risks of non-compliance
Test your Knowledge

Introduction

Welcome to the first module of our Summer School. This module covers everything you need to know about PCI DSS, including how PCI DSS works, who it affects and why compliance is so important in building a stable and strong ‘Human Firewall’.

What is PCI DSS and who does it affect?

Any company or contact centre that takes card payments from customers over the phone, and their employees, are responsible for keeping that data as safe and secure as possible – not just to protect customers but to protect the business as well.

Enter the Payment Card Industry Data Security Standard (PCI DSS), a set of 12 binding requirements that are designed to ensure complete data protection for merchants who take card payments from the major card schemes, such as VISA, MasterCard, AMEX, Discover and JCB.

It was set up in 2004 by VISA and MasterCard and is now regulated by the Payment Card Industry Security Standards Council (PCI SSC).

What is PCI DSS and who does it affect?

The PCI compliance standards work to protect against card fraud by ensuring every business that handles cardholder information does so in a way that keeps customer data secure and protected.

If a contact centre wants to handle card payments from any of the major schemes they must comply with the following 12 requirements:

12 requirements of PCI DSS

What is PCI DSS and who does it affect?

Who does PCI DSS affect?

Any organisation that stores, processes or transmits cardholder data from the major card schemes must comply with PCI DSS requirements.

Why is PCI Compliance important?

The PCI DSS requirements are designed to combat card fraud by keeping cardholder data safe from hackers and other security breaches, but it’s not just customers’ safety that is protected.

By ensuring they are PCI DSS compliant, businesses are also protecting themselves – both financially and legally.

A single data breach is now estimated to cost a company $3m on average, while the loss of connectivity caused by a breach or DDoS attack can prevent businesses operating for long periods of time and, so, losing out on revenue.

86% of data breaches are financially motivated and credit card data is the ‘holy grail’ for cyber attacks.

The risks of non-compliance

PCI Compliance is mandatory if a business or contact centre wants to process transactions with the major card schemes.

If a system is compromised and the company is found not to be PCI DSS compliant, the business could face severe penalties, such as:

  • brand damage
  • lawsuits and legal costs
  • share price drop
  • job losses
  • insurance claims
  • regulator fines
  • higher banking fees
  • and potentially, the loss of ability to accept card payments

These, coupled with the fraud losses, the cost of replacing cards, loss of customer confidence, and the ensuing decrease in sales can all lead to a company suffering huge financial losses or even going out of business entirely.

The risks of non-compliance

2019 saw one of the worst years on record for data breaches across the globe, with 16 high-level breaches occurring in January alone, including the hugely popular online game ‘Fortnite’ which saw an estimated 108 million user records compromised.

In April, Facebook was at the heart of a scandal with more than 540 million records falling into the wrong hands, while online shopping giant Amazon was found to have been publishing private user data in error on its Japanese site. There was also Capital One’s damaging hack, which resulted in the loss of 106 million pieces of sensitive user data.

When looking at the causes of the largest breaches in 2019, many were caused by poor security protocols, hackers and human error.

While it is impossible to fully protect a business 100% from hackers and data breaches, by ensuring compliance with industry standards, implementing the right systems and processes to sensitively handle personal data and ensuring staff understand their role and responsibility when it comes to data security, businesses can protect themselves and their customers from potential harm.

1
2
3
4
5
6
7
8
9
10

What is PCI DSS?

Please select an option before moving onto the next question.

What does PCI SSC stand for?

Please select an option before moving onto the next question.

If a business processes payments by customers over the phone, who is responsible for keeping that data safe and secure?

Please select an option before moving onto the next question.

How many binding requirements make up the Payment Card Industry Data Security Standard

Please select an option before moving onto the next question.

Who is affected by PCI DSS?

Please select an option before moving onto the next question.

Who does PCI DSS protect?

Please select an option before moving onto the next question.

Finish this PCI DSS requirement: Install and maintain a secure [ ]

Please select an option before moving onto the next question.

How many user records were compromised as a result of Fortnite’s 2019 data breach?

Please select an option before moving onto the next question.

How much is a single data breach estimated to cost a company on average?

Please select an option before moving onto the next question.

How many user records were compromised as a result of Facebook’s April 2019 data breach?

Please select an option before moving onto the next question.

Checking your answers...

You completed Module One, how about moving on to Module Two to find out more about data breach repercussions.

 

 

Next Module