The PCI Data Security Standard (PCI DSS) is a global standard that provides a baseline of operational & technical requirements designated to protect payment data. PCI DSS v4.0 is the next evolution of the standard.PCI DSS v4.0 replaces version 3.2.1 to address emerging threats and technologies and enable innovative methods to combat new threats. This version associate the protection of payment data with new controls to address sophisticated cyber attacks.
What is new in PCI DSS v4.0
Meeting the security needs in PCI continuously
Promoting security as a continuous process
Adding flexibility and support of additional methodologies to achieve
As threats change, New version of security practices must evolve.
Ongoing security is crucial to protect the payment data always as
criminals never sleep.
Increased flexibility allows more options to achieve a requirement’s
objective and supports payment technology innovation.
and reporting options.
In the past few years, we have seen massive breaches at organizations such as Target and Equifax. In many cases, these organizations were compliant to PCI DSS. Yet, breaches happened, and, in most cases, the breach was notified to the impacted company by an outside agency. Investments in complying to these standards are in addition to technology investments made by companies in anti-viruses, firewalls, security incident and event management systems, etc. The traditional checkbox approach to cybersecurity no longer works.
It is important that organizations realize that the cybersecurity journey goes far beyond just compliance to any given standard. Organizations should also recognize that even after significant investments breaches can still occur.
The CPSP v2.0 training will cover the entire payment ecosystem and the latest PCI DSS v4.0 standard which will help participants in understanding the intent and objective of each PCI DSS v4.0 requirement. The CPSP v2.0 training will also provide participants with a platform where they can understand a PCI QSA’s (Payment Card Industry Qualified Security Assessor) perspective of validating a PCI DSS v4.0 requirement.
Building a framework for securing payment card data
Guidance to professionals for protecting customer data
Ensuring security and not just compliance
Going beyond the traditional checklist-based approach for
Taking a risk-based approach to implement security controls
Basics of Payment Ecosystem: Card Data (Track data, EMV Chip),
Payment Transaction flow: Issuing and Acquiring
(Card Present and Card Not Present Transactions)
Stages of Payment Processing: Authentication, Authorization, Clearing, Settlement, Chargeback, Refund etc.
Various Payment Channels: ATM, POS, Ecom, Mobile App, MOTO, NFC or Contactless
PCI Perspective on architecture: Good and Bad: Inhouse Arch.
Third party Cloud Architecture, Virtualization
What is PCI DSS v4.0 ?
Who is PCI SSC v4.0?
Responsibilities of various entities: PCI SSC, PCI QSAs, PCI ASVs etc.
PCI DSS v4.0 Compliance Mandate and Applicability of PCI DSS v4.0
Levels of Service Provider and Merchants
Various SAQs and Applicability
Approach for PCI DSS v4.0 Implementation and Certification: “The Phased
Overview PCI DSS v4.0: 6 objectives and 12 Requirements
Overview of PA – DSS, PCI SSF
Overview of PCI PTS
Overview of PCI P2PE
Integration Model for Various PCI Standards
PCI DSS v4.0 Scoping and Network Segmentation
Scoping vs Sampling: What is what?
PCI DSS Risk Assessment Methodology and Approach
PCI DSS v4.0 and ISO 27001: A Comparison
PCI DSS v 3.2.1 VS v4.0
PCI DSS v4.0 timelines
Annual PCI DSS v4.0 Compliance
Management: The PCI DSS v4.0 Calendar
An Approach to Handle suspected card data breach
PCI DSS v4.0 Resources and Knowledge Library