"Cash or card?"
It’s a familiar question posed by millions of retail workers every day. Cashless transactions have increased at an astounding rate, especially over the past two decades.
These days you’re hard-pressed to find a bricks-and-mortar store that doesn’t accept payments via credit card. And by their very nature, this is even more the case for online stores and e-commerce websites.
We’re so used to using credit cards that it’s easy to take these small rectangles of plastic payment convenience for granted. But when you stop to think about it, these cards have value, which often makes them a target for criminals.
This is why the credit card security standard, PCI DSS, was developed. It’s a way to make sure that if you’re going to accept credit card payments and handle that cardholder data, you’ll do it in the right ways.
The phantom (compliance) menace
We’ve worked with many small businesses where security standards and compliance weren’t top-of-mind. Understandably so — they’re primarily focused on their core business offering, like building a product or providing a service.
Many small businesses want to work securely and follow good security practices, but the time and resources available for focusing on these areas are often tightly stretched. Businesses work hard to get into the habit of overcoming other security challenges, so why does PCI DSS feel like a much bigger hurdle?
Some small business owners approach the PCI DSS standard tentatively or even slightly unenthusiastically. They may have had previous experience with PCI DSS compliance when working in much larger enterprise environments, and they still have the battle scars to show for it. But dealing with PCI DSS doesn’t have to feel that way.
Fear is the path to the dark side
We get it — it can be hard to wrap your head around some of the terminology, processes, tables, and spreadsheets that come with understanding the responsibilities a small business might have relating to PCI DSS compliance.
But taking it step-by-step, following a prioritised approach, and working with experts when you need to can help make this seem like less of an intergalactic challenge.
Also cool is that we’ve condensed our experience with PCI DSS into a short course which gives you an instant head start on tackling it.
Once you know the basics, have defined your scope, and have a plan for tackling security requirements, you can start turning PCI DSS compliance from a worry into a super power. This is one effort you can guarantee will help protect your business, your customers, and your reputation.
A new hope (for small businesses)
Our latest SafeStack Academy Security Awareness course is all about complying with PCI DSS for those organisations that know they have to do it.
Many smaller businesses shiver at the thought of card transactions — because with credit cards, comes that dreaded acronym: PCI DSS.
It doesn't have to be scary, though, and when you pull back the layers of technical speak and words, your responsibilities can be boiled down to few actions.
What's in the course?
This course encourages you to think about how your organisation handles cardholder data and which systems fall within the scope of a PCI DSS audit.
Among other things, our Getting Started with PCI DSS course covers:
- Breaking compliance down into actionable steps.
- The objectives of the PCI DSS standard, plus the 12 requirements for achieving compliance; and
- Taking a prioritised approach to help your teams understand what security needs to come first. This includes some helpful downloads on the PCI DSS controls, broken down by priority and assessment scope, from the PCI Security Standards Council.
All of our Security Awareness courses are bite-sized nuggets of on-topic content, outstanding graphics and interactive activities and quizzes to make your learning experience a fun one.
You'll also get a printable summary of the course for easy reference whenever you need it.
Who is this course for?
Getting Started with PCI DSS is for all the organisations out there that manage credit cards, and need help understanding what to do next.
It’s for system managers, owners, and developers who are looking for a refresher on things they’ve learned previously and need to recap before the next audit. It can also be used as a starting point for mapping out a PCI DSS compliance roadmap.
Try it yourself
We love to hear from you
We hope this course helps to demystify PCI DSS compliance for you and your team.
We'd love to hear your feedback. Drop us a line on firstname.lastname@example.org and let us know what you think.