PCI DSS Implementation

Description

Compliance with the PCI standard is now mandatory for companies accepting credit cards or manipulating data related to payment cards.

Mr. Christian Richard, an expert in security and payment, will present you how to justify your implementation but also discuss alternative strategies and special considerations in a Canadian context. For example: the EMV migration (chip & pin) and emerging payment methods without contact and mobile. Therefore, a comprehensive course covering not only the 12 requirements of the standard but foremost how to react according to your context.

This course will not only allow you to understand the PCI DSS standard, its implications for your organization but also how to position yourselves against this standard.

Target audience:

This course is open to all members of a PCI implementation team, programmers, database administrators, managers working as much on the procedural level as the technical side and in general, to members of the IT department of organizations accepting payment cards.

Learning Objectives:

1. Understand exactly how to position yourself against the PCI DSS standard;

2. Recogne the efforts implied for your organization

3. Knowing the effects of PCI DSS 1.2 and 2.0;

4. Should you be certified or use alternative methods?

5. Justify the certification's standard

6. Differentiating the impact of PCI DSS in the Canadian, U.S. and European context

7. Overview of new methods of payments: EMV, contactless (Paypass and VisaWave) and mobile payment.

Duration: 2 days

Course content:

MODULE 1

Background and objectives of the PCI Committee and its obligations

- What criminals look for

- How to protect yourself: teamwork

- Obligations of the Security Council: PCI DSS 1.2 and soon 2.0

- Canadian's approach vs. the United States and Europe:

o Where is PCI DSS used and some other payment standards.

MODULE 2

Your obligations to this standard. Where you're located in the ranking system

- PCI DSS Self-assessment, how to do it?

MODULE 3

The 12 commandments of PCI DSS standards

- Definition of data payments, how to cope against them?

- Review of the 6 large requirements groups and the 12 commandments

- Having a secure network

- Requirements 1 & 2: Firewall, Password

- Protect payment cards data.

o Who may store the data? Whether data

o Requirements 3 & 4: Encryption of databases and communications

- Vulnerability Management

o Requirements 5 & 6: Antivirus and security systems

- Access Control

o Requirements 7 & 8: "Log" and physical access control

- Audit and scan

o Requirements 9 & 10: audit by a PCI QSA and approved scanning tools

- Security Policy and Training

MODULE 4

How to certify the company? Who to notify? How is the compliance verified?

- Sample Compliance Report

MODULE 5

Project Management

- Is the PCI DSS standard beneficial for your company?

- PCI-DSS within an overall approach to compliance (ISO 27001, ITIL, COBIT, etc..)

- Alternative methods

- Case studies that well justify PCI DSS

- Choosing an auditor and test methods

- Staff Training

- Defining a Road Map PCI DSS

MODULE 6

Canadian market fFeatures

- Deployment of EMV payment

- PCI DSS approved supplier

- The emergence of contactless and mobile payment

- Standards related to payments

o Interac, ISO8583, EMV PayPass Visawave. What's GSTI?