Settings
Language
Color Theme
Secure Credit Card Handling
When handling credit cards, it is crucial to adhere to stringent protocols and employ robust security measures to keep credit card information safe and secure.
Is the following statement True or False:
It's ok to store credit card information on a Post-it note as long as you throw it away after.
Where possible, avoid writing or documenting credit card information in a physical format. These documents can be easily viewed or stolen, and the information on them can be abused. If writing the information down is unavoidable, ensure the document is securely disposed of (e.g., shredded) when no longer needed. Avoid simply throwing it in the bin.
View Options Again
True
False
Understanding the Risks
Handling credit cards without proper security measures can expose both the cardholder and the receiving business to financial losses and fines! It can also impact customer trust and increase the risk of fraud or identity theft.
Protecting Credit Cards
There is no silver bullet to protecting credit cards. A mixture of secure processes, technologies, and trusted individuals is needed. Over the next few pages, we'll delve into all aspects of compliance, privacy, and security.
Compliance Obligations
Let's understand what the Payment Card Industry Data Security Standards (PCI-DSS) are and why they're important.
Purpose and Origin
Enforcement and Compliance
Repercussions of Non-Compliance
PCI-DSS was developed to establish a standardized security framework for organizations handling credit card information. It was introduced by major credit card brands, including Visa, Mastercard, American Express, Discover, and JCB (known as the PCI Security Standards Council). Its primary goal is to prevent data breaches and reduce fraud.
PCI-DSS compliance is enforced by credit card brands and banks, which require organizations to comply with the standard as a condition for accepting credit cards. The volume of annual credit card transactions a business processes dictates whether compliance is assessed through self-assessment questionnaires or by Qualified Security Assessors.
Non-compliance with PCI-DSS can have significant consequences for businesses, including financial penalties from credit card providers, increased transaction fees by banks, and potential loss of the ability to process credit card payments. Additionally, banks may terminate their relationship with non-compliant businesses due to the risk they pose.
What is the Cardholder Data Environment (CDE)?
In the context of PCI-DSS, the CDE is a critical component. Any person, process or technology that interacts with credit cards is considered part of the CDE and must adhere to PCI-DSS requirements.
What is PCI-DSS and what is its goal?
The Payment Card Industry Data Security Standards (PCI-DSS) are a security framework for organizations handling credit card information. Its primary goal is to prevent data breaches and reduce credit card fraud.
View Options Again
A type of encryption protocol designed specifically to protect credit card data.
An international policing task force. Its primary goal is to find and prosecute individuals performing credit card fraud.
A security framework for organizations that handle credit card information. Its primary goal is to prevent data breaches and reduce fraud.
A regulator made up of major credit card brands. Its primary goal is to determine who can process credit card transactions.
What's a potential impact of PCI-DSS non-compliance?
Non-compliance with PCI-DSS can have significant consequences for businesses, including financial penalties from credit card providers, increased transaction fees by banks, and potential loss of the ability to process credit card payments. Additionally, banks may terminate their relationship with non-compliant businesses due to the risk they pose.
View Options Again
Banks may increase their transaction fees.
Banks may terminate their relationship with non-compliant businesses.
Credit card providers may impose financial penalties and fines.
All options are correct.
Employee Roles & Responsibilities
Understanding who has what responsibility when it comes to handling credit cards is a crucial part of keeping them safe and secure! Let’s delve into a few key roles and the responsibilities they each have.
Data Custodians
IT Security Administrators
Compliance Officer
Data Custodians handle and maintain cardholder data on a day-to-day basis. They must follow strict data handling procedures such as ensuring encryption is used where possible, limiting access to authorized personnel, using secure storage, and following secure disposal practices.
The IT Security Administrator is responsible for implementing and managing technical security controls, such as firewalls, intrusion detection systems, and encryption. They monitor network activity, conduct vulnerability assessments, and ensure that systems are properly configured and updated to protect cardholder data.
The Compliance Officer is responsible for overseeing the organization's adherence to the PCI-DSS requirements. They ensure that policies and procedures are in place, perform regular audits and assessments, and coordinate with internal teams and external auditors to maintain compliance.
Is the following statement True or False:
A Data Custodian is responsible for handling cardholder data on a day-to-day basis.
Data Custodians handle and maintain cardholder data on a day-to-day basis. They must follow strict data handling procedures such as ensuring encryption is used where possible, limiting access to authorized personnel only, using secure storage, and following secure disposal practices.
View Options Again
True
False
Data Custodian Best Practices
Let's go through some general best practices you can follow as a Data Custodian to ensure you're accepting, storing, and disposing of credit cards securely.
Secure Card Acceptance
Secure Card Storage
Secure Card Disposal
When accepting credit cards, it's crucial to ensure that the method of transmission is secure from interception and that there isn't unnecessary logging, which may inadvertently record credit card information. Examples of this include call recordings, email logging, network logging, and more.
Ensure any stored credit cards are secured using appropriate security controls. This includes keeping credit cards within the defined cardholder data environment (CDE) and the use of systems designed to store credit cards. Do not store credit card information on personal USBs, unencrypted removable hard drives, or on unauthorized cloud storage.
When a credit card is no longer required, it's crucial to ensure it's securely disposed of. This could include shredding any printed documents or receipts or using a secure digital deletion method that's relevant to the type of digital storage used (e.g., Cryptographic erasure, data wiping, degaussing, or physical destruction).
Is the following statement True or False:
It's ok for a Data Custodian to store credit card information on a personal computer or USB.
Credit card information should never leave the cardholder data environment (CDE) as defined by the business. Storing credit cards on personal devices can be considered a potential data breach and unnecessarily exposes customer information to potentially less secure processes or technologies.
View Options Again
True
False
Wrapping up
Secure credit card handling is a team effort. Compliance Officers need to implement effective policies, Security Administrators need to implement effective controls, and Data Custodians need to follow defined policies, procedures, and processes.
Back
Next
Translation Correction
×
Select a translation to correct...
Begin the Guided Tour
[0, "Begin the Guided Tour", "Begin the Guided Tour"],
Look out for urgency in email subjects, fraudulent sender addresses or requests to perform an action.
[1, "Look out for urgency in email subjects, fraudulent sender addresses or requests to perform an action.", "Look out for urgency in email subjects, fraudulent sender addresses or requests to perform an action."],
Compose
[2, "Compose", "Compose"],
Folders
[3, "Folders", "Folders"],
Inbox
[4, "Inbox", "Inbox"],
Starred
[5, "Starred", "Starred"],
Draft
[6, "Draft", "Draft"],
Sent Mail
[7, "Sent Mail", "Sent Mail"],
Spam
[8, "Spam", "Spam"],
Trash
[9, "Trash", "Trash"],
[URGENT] Claim Your Work From Home Set-Up Payment
[10, "[URGENT] Claim Your Work From Home Set-Up Payment", "[URGENT] Claim Your Work From Home Set-Up Payment"],
Human Resources
[11, "Human Resources", "Human Resources"],
to
[12, "to", "to"],
Claim Your Work From Home Set-Up Payment
[13, "Claim Your Work From Home Set-Up Payment", "Claim Your Work From Home Set-Up Payment"],
Our company acknowledges that we are all working from home for a longer period and is offering a one-time payment to all employees of
[14, "Our company acknowledges that we are all working from home for a longer period and is offering a one-time payment to all employees of", "Our company acknowledges that we are all working from home for a longer period and is offering a one-time payment to all employees of"],
to ensure that you have a suitable home working set-up.
[15, "to ensure that you have a suitable home working set-up.", "to ensure that you have a suitable home working set-up."],
To receive the payment via payroll
[16, "To receive the payment via payroll", "To receive the payment via payroll"],
you will need to complete this
[17, "you will need to complete this", "you will need to complete this"],
acknowledgement form
[18, "acknowledgement form", "acknowledgement form"],
For more information on how to set up your home office space safely, please look at the
[19, "For more information on how to set up your home office space safely, please look at the", "For more information on how to set up your home office space safely, please look at the"],
Thank you
[20, "Thank you", "Thank you"],
The Human Resources Team
[21, "The Human Resources Team", "The Human Resources Team"],
This is an automatically generated email, please do not reply
[22, "This is an automatically generated email, please do not reply", "This is an automatically generated email, please do not reply"],
Is the following statement True or False
[23, "Is the following statement True or False", "Is the following statement True or False"],
View Options Again
[24, "View Options Again", "View Options Again"],
Email Subject: Urgent Action
[25, "Email Subject: Urgent Action", "Email Subject: Urgent Action"],
Phishing attacks are designed to put a
[26, "Phishing attacks are designed to put a", "Phishing attacks are designed to put a"],
time pressure on us to act fast
[27, "time pressure on us to act fast", "time pressure on us to act fast"],
This can cause us to skip much of the critical thinking we normally apply when browsing our emails
[28, "This can cause us to skip much of the critical thinking we normally apply when browsing our emails", "This can cause us to skip much of the critical thinking we normally apply when browsing our emails"],
Email Sender: Fradulent Address
[29, "Email Sender: Fradulent Address", "Email Sender: Fradulent Address"],
Email Sender: Fraudulent Address
[30, "Email Sender: Fraudulent Address", "Email Sender: Fraudulent Address"],
Attackers will often use
[31, "Attackers will often use", "Attackers will often use"],
obscure email addresses and use display names
[32, "obscure email addresses and use display names", "obscure email addresses and use display names"],
that appear legitimate to the naked eye. Be cautious and carefully inspect email sender information
[33, "that appear legitimate to the naked eye. Be cautious and carefully inspect email sender information", "that appear legitimate to the naked eye. Be cautious and carefully inspect email sender information"],
Email Content: Engaging Topic
[34, "Email Content: Engaging Topic", "Email Content: Engaging Topic"],
Attackers often use a
[35, "Attackers often use a", "Attackers often use a"],
broad but important topic
[36, "broad but important topic", "broad but important topic"],
to increase the likelihood of a victim interacting with the phishing material. These topics may include geographic, political or financial themes.
[37, "to increase the likelihood of a victim interacting with the phishing material. These topics may include geographic, political or financial themes.", "to increase the likelihood of a victim interacting with the phishing material. These topics may include geographic, political or financial themes."],
Email Link: Phishing Website
[38, "Email Link: Phishing Website", "Email Link: Phishing Website"],
hovering over the link
[39, "hovering over the link", "hovering over the link"],
you'll see the true link location. Often this is enough to see the malicious intent.
[40, "you'll see the true link location. Often this is enough to see the malicious intent.", "you'll see the true link location. Often this is enough to see the malicious intent."],
Wrapping up
[41, "Wrapping up", "Wrapping up"],
If you
[42, "If you", "If you"],
spot anything suspicious
[43, "spot anything suspicious", "spot anything suspicious"],
with the email sender, subject, content, links or attachments
[44, "with the email sender, subject, content, links or attachments", "with the email sender, subject, content, links or attachments"],
Don't take the risk. Report the email to your IT or Security team for review.
[45, "Don't take the risk. Report the email to your IT or Security team for review.", "Don't take the risk. Report the email to your IT or Security team for review."],
Submit
[46, "Submit", "Submit"],
Next
[47, "Next", "Next"],
Back
[48, "Back", "Back"],
Malicious links will often appear with innocent looking text. By
[49, "Malicious links will often appear with innocent looking text. By", "Malicious links will often appear with innocent looking text. By"],
Correct!
[50, "Correct!", "Correct!"],
Incorrect
[51, "Incorrect", "Incorrect"],
True
[52, "True", "True"],
False
[53, "False", "False"],
Change language
[54, "Change language", "Change language"],
Current Language
[55, "Current Language", "Current Language"],
Use Browser Settings
[56, "Use Browser Settings", "Use Browser Settings"],
Select a language
[57, "Select a language", "Select a language"],
Change Language
[58, "Change Language", "Change Language"],
Please select a language
[59, "Please select a language", "Please select a language"],
Language
[60, "Language", "Language"],
Color Theme
[61, "Color Theme", "Color Theme"],
Color Theme And Background Selector
[62, "Color Theme And Background Selector", "Color Theme And Background Selector"],
Colorful Theme
[63, "Colorful Theme", "Colorful Theme"],
Select Theme
[64, "Select Theme", "Select Theme"],
Close
[65, "Close", "Close"],
Dark Theme
[66, "Dark Theme", "Dark Theme"],
Green Theme
[67, "Green Theme", "Green Theme"],
Purple Theme
[68, "Purple Theme", "Purple Theme"],
Light Theme
[69, "Light Theme", "Light Theme"],
Blue Theme
[70, "Blue Theme", "Blue Theme"],
Settings
[71, "Settings", "Settings"],
Theme Selected
[72, "Theme Selected", "Theme Selected"],
This training has been translated from English. If there is an inaccuracy, please report the correct translation by clicking here!
[73, "This training has been translated from English. If there is an inaccuracy, please report the correct translation by clicking here!", "This training has been translated from English. If there is an inaccuracy, please report the correct translation by clicking here!"],
Translation Correction
[74, "Translation Correction", "Translation Correction"],
Select a translation to correct...
[75, "Select a translation to correct...", "Select a translation to correct..."],
Original Text
[76, "Original Text", "Original Text"],
Correct Translation
[77, "Correct Translation", "Correct Translation"],
Translation to correct...
[78, "Translation to correct...", "Translation to correct..."],
Submissions are reviewed and applied within 48 hours.
[79, "Submissions are reviewed and applied within 48 hours.", "Submissions are reviewed and applied within 48 hours."],
Submit Correction
[80, "Submit Correction", "Submit Correction"],
Submission Successfully Sent
[81, "Submission Successfully Sent", "Submission Successfully Sent"],
Submission Error - Please Try Again
[82, "Submission Error - Please Try Again", "Submission Error - Please Try Again"],
Submission Sending...
[83, "Submission Sending...", "Submission Sending..."],
Mandatory Viewing
[84, "Mandatory Viewing", "Mandatory Viewing"],
Please watch the video from beginning to end before proceeding.
[85, "Please watch the video from beginning to end before proceeding.", "Please watch the video from beginning to end before proceeding."],
Ok
[86, "Ok", "Ok"],
Note: The Colorful, Blue, Light, and Dark Themes are all WCAG 2.2 Level AA conformant.
[87, "Note: The Colorful, Blue, Light, and Dark Themes are all WCAG 2.2 Level AA conformant.", "Note: The Colorful, Blue, Light, and Dark Themes are all WCAG 2.2 Level AA conformant."],
Secure-Credit-Card-Handling
[88, "Secure-Credit-Card-Handling", "Secure-Credit-Card-Handling"],
Secure Credit Card Handling
[89, "Secure Credit Card Handling", "Secure Credit Card Handling"],
When handling credit cards, it is crucial to adhere to stringent protocols and employ robust security measures to keep credit card information safe and secure.
[90, "When handling credit cards, it is crucial to adhere to stringent protocols and employ robust security measures to keep credit card information safe and secure.", "When handling credit cards, it is crucial to adhere to stringent protocols and employ robust security measures to keep credit card information safe and secure."],
It's ok to store credit card information on a Post-it note as long as you throw it away after.
[91, "It's ok to store credit card information on a Post-it note as long as you throw it away after.", "It's ok to store credit card information on a Post-it note as long as you throw it away after."],
Where possible, avoid writing or documenting credit card information in a physical format. These documents can be easily viewed or stolen, and the information on them can be abused. If writing the information down is unavoidable, ensure the document is securely disposed of (e.g., shredded) when no longer needed. Avoid simply throwing it in the bin.
[92, "Where possible, avoid writing or documenting credit card information in a physical format. These documents can be easily viewed or stolen, and the information on them can be abused. If writing the information down is unavoidable, ensure the document is securely disposed of (e.g., shredded) when no longer needed. Avoid simply throwing it in the bin.", "Where possible, avoid writing or documenting credit card information in a physical format. These documents can be easily viewed or stolen, and the information on them can be abused. If writing the information down is unavoidable, ensure the document is securely disposed of (e.g., shredded) when no longer needed. Avoid simply throwing it in the bin."],
Understanding the Risks
[93, "Understanding the Risks", "Understanding the Risks"],
Handling credit cards without proper security measures can expose both the cardholder and the receiving business to financial losses and fines! It can also impact customer trust and increase the risk of fraud or identity theft.
[94, "Handling credit cards without proper security measures can expose both the cardholder and the receiving business to financial losses and fines! It can also impact customer trust and increase the risk of fraud or identity theft.", "Handling credit cards without proper security measures can expose both the cardholder and the receiving business to financial losses and fines! It can also impact customer trust and increase the risk of fraud or identity theft."],
Protecting Credit Cards
[95, "Protecting Credit Cards", "Protecting Credit Cards"],
There is no silver bullet to protecting credit cards. A mixture of secure processes, technologies, and trusted individuals is needed. Over the next few pages, we'll delve into all aspects of compliance, privacy, and security.
[96, "There is no silver bullet to protecting credit cards. A mixture of secure processes, technologies, and trusted individuals is needed. Over the next few pages, we'll delve into all aspects of compliance, privacy, and security.", "There is no silver bullet to protecting credit cards. A mixture of secure processes, technologies, and trusted individuals is needed. Over the next few pages, we'll delve into all aspects of compliance, privacy, and security."],
Compliance Obligations
[97, "Compliance Obligations", "Compliance Obligations"],
Let's understand what the Payment Card Industry Data Security Standards (PCI-DSS) are and why they're important.
[98, "Let's understand what the Payment Card Industry Data Security Standards (PCI-DSS) are and why they're important.", "Let's understand what the Payment Card Industry Data Security Standards (PCI-DSS) are and why they're important."],
Purpose and Origin
[99, "Purpose and Origin", "Purpose and Origin"],
PCI-DSS was developed to establish a standardized security framework for organizations handling credit card information. It was introduced by major credit card brands, including Visa, Mastercard, American Express, Discover, and JCB (known as the PCI Security Standards Council). Its primary goal is to prevent data breaches and reduce fraud.
[100, "PCI-DSS was developed to establish a standardized security framework for organizations handling credit card information. It was introduced by major credit card brands, including Visa, Mastercard, American Express, Discover, and JCB (known as the PCI Security Standards Council). Its primary goal is to prevent data breaches and reduce fraud.", "PCI-DSS was developed to establish a standardized security framework for organizations handling credit card information. It was introduced by major credit card brands, including Visa, Mastercard, American Express, Discover, and JCB (known as the PCI Security Standards Council). Its primary goal is to prevent data breaches and reduce fraud."],
Enforcement and Compliance
[101, "Enforcement and Compliance", "Enforcement and Compliance"],
PCI-DSS compliance is enforced by credit card brands and banks, which require organizations to comply with the standard as a condition for accepting credit cards. The volume of annual credit card transactions a business processes dictates whether compliance is assessed through self-assessment questionnaires or by Qualified Security Assessors.
[102, "PCI-DSS compliance is enforced by credit card brands and banks, which require organizations to comply with the standard as a condition for accepting credit cards. The volume of annual credit card transactions a business processes dictates whether compliance is assessed through self-assessment questionnaires or by Qualified Security Assessors.", "PCI-DSS compliance is enforced by credit card brands and banks, which require organizations to comply with the standard as a condition for accepting credit cards. The volume of annual credit card transactions a business processes dictates whether compliance is assessed through self-assessment questionnaires or by Qualified Security Assessors."],
Repercussions of Non-Compliance
[103, "Repercussions of Non-Compliance", "Repercussions of Non-Compliance"],
Non-compliance with PCI-DSS can have significant consequences for businesses, including financial penalties from credit card providers, increased transaction fees by banks, and potential loss of the ability to process credit card payments. Additionally, banks may terminate their relationship with non-compliant businesses due to the risk they pose.
[104, "Non-compliance with PCI-DSS can have significant consequences for businesses, including financial penalties from credit card providers, increased transaction fees by banks, and potential loss of the ability to process credit card payments. Additionally, banks may terminate their relationship with non-compliant businesses due to the risk they pose.", "Non-compliance with PCI-DSS can have significant consequences for businesses, including financial penalties from credit card providers, increased transaction fees by banks, and potential loss of the ability to process credit card payments. Additionally, banks may terminate their relationship with non-compliant businesses due to the risk they pose."],
What is the Cardholder Data Environment (CDE)?
[105, "What is the Cardholder Data Environment (CDE)?", "What is the Cardholder Data Environment (CDE)?"],
In the context of PCI-DSS, the CDE is a critical component. Any person, process or technology that interacts with credit cards is considered part of the CDE and must adhere to PCI-DSS requirements.
[106, "In the context of PCI-DSS, the CDE is a critical component. Any person, process or technology that interacts with credit cards is considered part of the CDE and must adhere to PCI-DSS requirements.", "In the context of PCI-DSS, the CDE is a critical component. Any person, process or technology that interacts with credit cards is considered part of the CDE and must adhere to PCI-DSS requirements."],
What is PCI-DSS and what is its goal?
[107, "What is PCI-DSS and what is its goal?", "What is PCI-DSS and what is its goal?"],
A security framework for organizations that handle credit card information. Its primary goal is to prevent data breaches and reduce fraud.
[108, "A security framework for organizations that handle credit card information. Its primary goal is to prevent data breaches and reduce fraud.", "A security framework for organizations that handle credit card information. Its primary goal is to prevent data breaches and reduce fraud."],
A regulator made up of major credit card brands. Its primary goal is to determine who can process credit card transactions.
[109, "A regulator made up of major credit card brands. Its primary goal is to determine who can process credit card transactions.", "A regulator made up of major credit card brands. Its primary goal is to determine who can process credit card transactions."],
An international policing task force. Its primary goal is to find and prosecute individuals performing credit card fraud.
[110, "An international policing task force. Its primary goal is to find and prosecute individuals performing credit card fraud.", "An international policing task force. Its primary goal is to find and prosecute individuals performing credit card fraud."],
A type of encryption protocol designed specifically to protect credit card data.
[111, "A type of encryption protocol designed specifically to protect credit card data.", "A type of encryption protocol designed specifically to protect credit card data."],
The Payment Card Industry Data Security Standards (PCI-DSS) are a security framework for organizations handling credit card information. Its primary goal is to prevent data breaches and reduce credit card fraud.
[112, "The Payment Card Industry Data Security Standards (PCI-DSS) are a security framework for organizations handling credit card information. Its primary goal is to prevent data breaches and reduce credit card fraud.", "The Payment Card Industry Data Security Standards (PCI-DSS) are a security framework for organizations handling credit card information. Its primary goal is to prevent data breaches and reduce credit card fraud."],
What's a potential impact of PCI-DSS non-compliance?
[113, "What's a potential impact of PCI-DSS non-compliance?", "What's a potential impact of PCI-DSS non-compliance?"],
Credit card providers may impose financial penalties and fines.
[114, "Credit card providers may impose financial penalties and fines.", "Credit card providers may impose financial penalties and fines."],
Banks may increase their transaction fees.
[115, "Banks may increase their transaction fees.", "Banks may increase their transaction fees."],
Banks may terminate their relationship with non-compliant businesses.
[116, "Banks may terminate their relationship with non-compliant businesses.", "Banks may terminate their relationship with non-compliant businesses."],
All options are correct.
[117, "All options are correct.", "All options are correct."],
Non-compliance with PCI-DSS can have significant consequences for businesses, including financial penalties from credit card providers, increased transaction fees by banks, and potential loss of the ability to process credit card payments. Additionally, banks may terminate their relationship with non-compliant businesses due to the risk they pose.
[118, "Non-compliance with PCI-DSS can have significant consequences for businesses, including financial penalties from credit card providers, increased transaction fees by banks, and potential loss of the ability to process credit card payments. Additionally, banks may terminate their relationship with non-compliant businesses due to the risk they pose.", "Non-compliance with PCI-DSS can have significant consequences for businesses, including financial penalties from credit card providers, increased transaction fees by banks, and potential loss of the ability to process credit card payments. Additionally, banks may terminate their relationship with non-compliant businesses due to the risk they pose."],
Employee Roles & Responsibilities
[119, "Employee Roles & Responsibilities", "Employee Roles & Responsibilities"],
Understanding who has what responsibility when it comes to handling credit cards is a crucial part of keeping them safe and secure! Let’s delve into a few key roles and the responsibilities they each have.
[120, "Understanding who has what responsibility when it comes to handling credit cards is a crucial part of keeping them safe and secure! Let’s delve into a few key roles and the responsibilities they each have.", "Understanding who has what responsibility when it comes to handling credit cards is a crucial part of keeping them safe and secure! Let’s delve into a few key roles and the responsibilities they each have."],
Data Custodians
[121, "Data Custodians", "Data Custodians"],
Data Custodians handle and maintain cardholder data on a day-to-day basis. They must follow strict data handling procedures such as ensuring encryption is used where possible, limiting access to authorized personnel, using secure storage, and following secure disposal practices.
[122, "Data Custodians handle and maintain cardholder data on a day-to-day basis. They must follow strict data handling procedures such as ensuring encryption is used where possible, limiting access to authorized personnel, using secure storage, and following secure disposal practices.", "Data Custodians handle and maintain cardholder data on a day-to-day basis. They must follow strict data handling procedures such as ensuring encryption is used where possible, limiting access to authorized personnel, using secure storage, and following secure disposal practices."],
IT Security Administrators
[123, "IT Security Administrators", "IT Security Administrators"],
The IT Security Administrator is responsible for implementing and managing technical security controls, such as firewalls, intrusion detection systems, and encryption. They monitor network activity, conduct vulnerability assessments, and ensure that systems are properly configured and updated to protect cardholder data.
[124, "The IT Security Administrator is responsible for implementing and managing technical security controls, such as firewalls, intrusion detection systems, and encryption. They monitor network activity, conduct vulnerability assessments, and ensure that systems are properly configured and updated to protect cardholder data.", "The IT Security Administrator is responsible for implementing and managing technical security controls, such as firewalls, intrusion detection systems, and encryption. They monitor network activity, conduct vulnerability assessments, and ensure that systems are properly configured and updated to protect cardholder data."],
Compliance Officer
[125, "Compliance Officer", "Compliance Officer"],
The Compliance Officer is responsible for overseeing the organization's adherence to the PCI-DSS requirements. They ensure that policies and procedures are in place, perform regular audits and assessments, and coordinate with internal teams and external auditors to maintain compliance.
[126, "The Compliance Officer is responsible for overseeing the organization's adherence to the PCI-DSS requirements. They ensure that policies and procedures are in place, perform regular audits and assessments, and coordinate with internal teams and external auditors to maintain compliance.", "The Compliance Officer is responsible for overseeing the organization's adherence to the PCI-DSS requirements. They ensure that policies and procedures are in place, perform regular audits and assessments, and coordinate with internal teams and external auditors to maintain compliance."],
A Data Custodian is responsible for handling cardholder data on a day-to-day basis.
[127, "A Data Custodian is responsible for handling cardholder data on a day-to-day basis.", "A Data Custodian is responsible for handling cardholder data on a day-to-day basis."],
Data Custodians handle and maintain cardholder data on a day-to-day basis. They must follow strict data handling procedures such as ensuring encryption is used where possible, limiting access to authorized personnel only, using secure storage, and following secure disposal practices.
[128, "Data Custodians handle and maintain cardholder data on a day-to-day basis. They must follow strict data handling procedures such as ensuring encryption is used where possible, limiting access to authorized personnel only, using secure storage, and following secure disposal practices.", "Data Custodians handle and maintain cardholder data on a day-to-day basis. They must follow strict data handling procedures such as ensuring encryption is used where possible, limiting access to authorized personnel only, using secure storage, and following secure disposal practices."],
Data Custodian Best Practices
[129, "Data Custodian Best Practices", "Data Custodian Best Practices"],
Let's go through some general best practices you can follow as a Data Custodian to ensure you're accepting, storing, and disposing of credit cards securely.
[130, "Let's go through some general best practices you can follow as a Data Custodian to ensure you're accepting, storing, and disposing of credit cards securely.", "Let's go through some general best practices you can follow as a Data Custodian to ensure you're accepting, storing, and disposing of credit cards securely."],
Secure Card Acceptance
[131, "Secure Card Acceptance", "Secure Card Acceptance"],
When accepting credit cards, it's crucial to ensure that the method of transmission is secure from interception and that there isn't unnecessary logging, which may inadvertently record credit card information. Examples of this include call recordings, email logging, network logging, and more.
[132, "When accepting credit cards, it's crucial to ensure that the method of transmission is secure from interception and that there isn't unnecessary logging, which may inadvertently record credit card information. Examples of this include call recordings, email logging, network logging, and more.", "When accepting credit cards, it's crucial to ensure that the method of transmission is secure from interception and that there isn't unnecessary logging, which may inadvertently record credit card information. Examples of this include call recordings, email logging, network logging, and more."],
Secure Card Storage
[133, "Secure Card Storage", "Secure Card Storage"],
Ensure any stored credit cards are secured using appropriate security controls. This includes keeping credit cards within the defined cardholder data environment (CDE) and the use of systems designed to store credit cards. Do not store credit card information on personal USBs, unencrypted removable hard drives, or on unauthorized cloud storage.
[134, "Ensure any stored credit cards are secured using appropriate security controls. This includes keeping credit cards within the defined cardholder data environment (CDE) and the use of systems designed to store credit cards. Do not store credit card information on personal USBs, unencrypted removable hard drives, or on unauthorized cloud storage.", "Ensure any stored credit cards are secured using appropriate security controls. This includes keeping credit cards within the defined cardholder data environment (CDE) and the use of systems designed to store credit cards. Do not store credit card information on personal USBs, unencrypted removable hard drives, or on unauthorized cloud storage."],
Secure Card Disposal
[135, "Secure Card Disposal", "Secure Card Disposal"],
When a credit card is no longer required, it's crucial to ensure it's securely disposed of. This could include shredding any printed documents or receipts or using a secure digital deletion method that's relevant to the type of digital storage used (e.g., Cryptographic erasure, data wiping, degaussing, or physical destruction).
[136, "When a credit card is no longer required, it's crucial to ensure it's securely disposed of. This could include shredding any printed documents or receipts or using a secure digital deletion method that's relevant to the type of digital storage used (e.g., Cryptographic erasure, data wiping, degaussing, or physical destruction).", "When a credit card is no longer required, it's crucial to ensure it's securely disposed of. This could include shredding any printed documents or receipts or using a secure digital deletion method that's relevant to the type of digital storage used (e.g., Cryptographic erasure, data wiping, degaussing, or physical destruction)."],
It's ok for a Data Custodian to store credit card information on a personal computer or USB.
[137, "It's ok for a Data Custodian to store credit card information on a personal computer or USB.", "It's ok for a Data Custodian to store credit card information on a personal computer or USB."],
Credit card information should never leave the cardholder data environment (CDE) as defined by the business. Storing credit cards on personal devices can be considered a potential data breach and unnecessarily exposes customer information to potentially less secure processes or technologies.
[138, "Credit card information should never leave the cardholder data environment (CDE) as defined by the business. Storing credit cards on personal devices can be considered a potential data breach and unnecessarily exposes customer information to potentially less secure processes or technologies.", "Credit card information should never leave the cardholder data environment (CDE) as defined by the business. Storing credit cards on personal devices can be considered a potential data breach and unnecessarily exposes customer information to potentially less secure processes or technologies."],
Wrapping up
[139, "Wrapping up", "Wrapping up"],
Secure credit card handling is a team effort. Compliance Officers need to implement effective policies, Security Administrators need to implement effective controls, and Data Custodians need to follow defined policies, procedures, and processes.
[140, "Secure credit card handling is a team effort. Compliance Officers need to implement effective policies, Security Administrators need to implement effective controls, and Data Custodians need to follow defined policies, procedures, and processes.", "Secure credit card handling is a team effort. Compliance Officers need to implement effective policies, Security Administrators need to implement effective controls, and Data Custodians need to follow defined policies, procedures, and processes."],
[141, "", ""],
Original Text (English)
Correct Translation (English)
Submissions are reviewed and applied within 48 hours.
Color Theme And Background Selector
×
Colorful Theme
Select Theme
Blue Theme
Select Theme
Light Theme
Select Theme
Purple Theme
Select Theme
Green Theme
Select Theme
Dark Theme
Select Theme
Note: The Colorful, Blue, Light, and Dark Themes are all WCAG 2.2 Level AA conformant.
