Fundamentals of PCI-DSS

Learn everything about the Payment Card Industry Data Security Standards, including assessment and the 12 requirements.

4.63 (1151 reviews)

Udemy

platform

English

language

Network & Security

What you will learn

You'll learn about the terminology essential to the PCI-DSS, such as CDE, CHD, SAD, PANs, SAQs, ROCs, QSAs, as well as other payment industry terms

You'll learn about the history of the PCI-DSS and its major revisions

You'll learn about how the assessment process works, with ROCs and SAQs, and a clarification of the 8 types of SAQs

You'll learn everything about Requirement 1, involving having a firewall configuration to isolate your card data, network documentation and more

You'll learn everything about Requirement 2, including changing vendor defaults, isolating server functionality and securing vulnerabilities in devices

You'll learn everything about Requirement 3 in terms of securing stored data, including encryption protocols, key lifecycle, key management and more

You'll learn everything about Requirement 4, protecting data in transit, including masking plaintext PANs and using strong encryption protocols such as WPA/WPA2

You'll learn everything about Requirement 5, in terms of preventing malware through an antivirus solution that is frequently updated and frequently runs scans

You'll learn everything about Requirement 6, in terms of developing securely, doing regular vulnerability assessment and patching

You'll learn everything about Requirement 7, in terms of limiting access to card data by "need-to-know", minimising who accesses it formally

You'll learn everything about Requirement 8, in terms of identifying access through unique user IDs, strong authentication and MFA, password practices and more

You'll learn everything about Requirement 9, in terms of physical security, visitor identification/authorisation, as well as media storage/transport/destruction

You'll learn everything about Requirement 10, in terms of having a logging solution, logging specific required events, specific data points, and log integrity

You'll learn everything about Requirement 11, in terms of doing regular AP (authorised + rogue) and IP audits, vulnerability testing, pentesting, etc

You'll learn everything about Requirement 12, in terms of having a company-wide InfoSec policy, including employee screening, third-party screening, etc

Why take this course?

SECURE YOUR DATA, SECURE YOUR KNOWLEDGE

You may know that payment fraud has risen over time, and unfortunately is not slowing down.

The PCI-DSS, or Payment Card Industry Data Security Standards, are a set of strict standards for any organisation dealing with card data.

They tell you how to store and transmit these data.

However, you'll hardly find a course that both covers the technical knowledge, but also practical applications and examples.

In short, most PCI-DSS courses are either only about the tech, or about the business.

If only you could find a course that combined both...

Well... that's what this course aims to change.

LET ME TELL YOU... EVERYTHING

Some people - including me - love to know what they're getting in a package.

And by this, I mean, EVERYTHING that is in the package.

So, here is a list of everything that this course covers:

You'll learn about the clarification of all terms used in the PCI-DSS, including what is the CDE, what is CHD, SAD, whether an organisation must take an ROC or SAQ, as well as some "general" payment industry terms such as what is an issuing bank and an acquiring bank;
You'll learn about the history of the PCI-DSS since 2004, with several iterations and its own release lifecycle;
You'll learn about the merchant assessment process, based on their classification from Level 1-4, and how both SAQs and ROCs work, as well as the 8 different types of SAQs, and the types of machines/merchants they target, including the SAQ-A and SAQ-A-EP, the SAQ-B and SAQ-B-IP, the SAQ-C and SAQ-C-VT, the SAQ-P2PE-HW, and finally, the most general SAQ-D;
You'll learn about the anatomy of a payment process, involving a cardholder and a merchant, from authorisation to authentication, clearing and settlement, and the role of the issuing bak, the acquiring bank and the card company;
You'll learn about an overview of all 12 PCI-DSS requirements, as well as their relationship with the 6 goals;
You'll learn all about Requirement 1 (Have a Firewall), including firewall configurations and standards, documentation on network topology and card data flows, setting up a DMZ, rejecting unsecured traffic, and more;
You'll learn all about Requirement 2 (No Defaults), about removing default passwords/accounts/strings from devices, but also isolating server functionality and removing unnecessary ports/services/apps that may present vulnerabilities;
You'll learn all about Requirement 3 (Protect Stored Data), about using strong encryption to protect cardholder data, as well as having proper data retention policies, data purging, as well as masking plaintext PANs, not storing SAD, and using proper key management and key lifecycle procedures;
You'll learn all about Requirement 4 (Protect Transmitted Data), about using strong encryption when transmitting CHD across public networks such as cellular or satellite, as well as masking plaintext PANs in transit, especially across IM channels;
You'll learn all about Requirement 5 (Prevent Malware), about having an antivirus solution on all commonly affected computers in order to prevent malware, as well as access control policies to prevent disabling AV software;
You'll learn all about Requirement 6 (Develop Securely), about doing vulnerability ranking and timely patch installation for both internal and 3rd-party applications, as well as including security requirements in the SDLC, as well as training developers to protect against common exploits such as code injections, buffer overflows and many others;
You'll learn all about Requirement 7 (Need-to-Know Access), about limiting access to CHD by personnel as much as possible, defining permissions by role, and having a formal mechanism for access control to consolidate this, such as LDAP, AD or ACLs;
You'll learn all about Requirement 8 (Identify Access), about tying each action to a unique user, including forcing unique IDs, automatic logouts on inactivity, lockouts on wrong password attempts, removing inactive accounts, limiting third-party access, forbidding the use of shared IDs, forcing physical security measures to be used only by the intended user, and more;
You'll learn all about Requirement 9 (Restrict Physical Access), about authorising and distinguishing visitors, enforcing access control to rooms with CHD, as well as the proper transport, storage and disposal of physical media containing CHD, with different sensitivity levels;
You'll learn all about Requirement 10 (Monitor Networks), about logging. Having a logging solution that is operating, logging specific events (such as all failed operations, all admin operations, all operations on CHD, etc), logging specific elements in each event (such as the user ID, the operation status, the affected resource, etc), as well as having a single time synchronisation mechanism for all logs, FIM (File Integrity Monitoring) on logs, frequent log review and proper log retention;
You'll learn all about Requirement 11 (Test Regularly), about performing regular scans for Access Points (APs), both authorised and non-authorised ones, as well as regular vulnerability scanning and regular penetration testing (from inside and outside, and multiple layers), as well as having FIM (File Integrity Monitoring) on all critical files, as well as having an IDS/IPS (Intrusion Detection/Prevention System) to prevent attacks;
You'll learn all about Requirement 12 (Have an InfoSec Policy), which covers roles, responsibilities and owners at levels of the organisation, including varied topics such as technology usage policies, employee screening, employee awareness, third-party selection criteria, regular risk and vulnerability assessments, among others;
You'll learn about a review of all 12 requirements and general patterns among them, such as "denying everything" by default, using common sense for certain parameters, enforcing change management on all changes, and always prioritising security (both logical and physical);

MY INVITATION TO YOU

Remember that you always have a 30-day money-back guarantee, so there is no risk for you.

Also, I suggest you make use of the free preview videos to make sure the course really is a fit. I don't want you to waste your money.

If you think this course is a fit and can take your fraud prevention knowledge to the next level... it would be a pleasure to have you as a student.

See you on the other side!

Screenshots

Reviews

Irshaad

September 29, 2023

PCI-DSS Related coursework was really great and the accompanying resources are wonderful. Just think the additional 3 hours of "Bonus" coursework was irrelevant and not needed when the focus should be on PCI-DSS. Overall very happy.

Miguel

September 14, 2023

No lo elegi yo, fue una imposicion: El curso esta bien hecho pero es demasiado largo, para compaginar con la actividad del dia a dia, me interesa y tengo que ir mas rapido de lo que me gustaria por la presion de tiempo para hacerlo.

Dietrich

September 6, 2023

Hi. Doing a bit of a career change so new to PCI DSS . Doing the theoretical part is all good and well but I think maybe being exposed to doing a practical assessment will go a long way in assisting new comers I understand it will be a lengthy process and at this stage I am not in the industry as of yet to get exposure . Other than that really enjoyed your course.

Jessica

August 12, 2023

El contenido está bien. Sin embargo, se vuelve tedioso y más si el instructor se la pasa leyendo las diapositivas sin añadir mucho más.

Johaann

August 1, 2023

El curso maneja información que de pronto no se tiene en cuenta en el tema de encriptación y aclara conceptos básico del mismo.

Ana

July 29, 2023

o curso é muito bom; uma sugestão é que vocês disponibilizem a apostila logo no início do curso, pois perdi muito tempo parando o curso para fazer anotações de siglas etc; se eu estivesse com a apostila era só marcar os textos que achei importantes.

Blake

June 27, 2023

love the course so far it really breaks down what i thought i knew and helping me kick start my career as an ISA. no recommendations on improvement until i finish whole course

Andreas

May 24, 2023

If your goal is to better understand PCI-DSS and dig deeper than just "an inch deep" this is the course for you. This course is very well made, interesting and easy to follow the instructor's presentation.

Marco

March 29, 2023

The course is very well-made and relevant. I loved most of it. It is rich in interesting topics. I'd personally leave off this training section 6 about Pitching Technical Projects. It is not bad, but I'd prefer to have it available as an additional course because it is not strictly relevant to the core topic of the course.

Collins

March 12, 2023

The course was very insightful and detailed enough to give me the desired knowledge and skill i require,

Brian

February 17, 2023

So far I've received information that I'm already using on the job. Explanations of the terminology were clear!

Naganishant

December 31, 2022

Very Informative. Starting from Scratch and the examples which has been listed against each requirement will make sure that we understand the concept well. Kudos for the content provided

December 27, 2022

1. Most of the quiz questions are written wrong. 2. Many sentences stated the wrong information. 3. Most of his information is wrong due to his language, that he maybe doesn't master, or a lack of security technical background so he used the wrong term and teach novice people wrong, and get experts people disappointed.

Kyle

October 19, 2022

So far I believe it is a good fit for me. I like the way the content is explained and it is repeated so it sticks to memory.

Nahid

October 1, 2022

this is a must have course for everyone who integrates payment in their system. The course is beautifully curated with basics and details. At the end of a module, the recap summarizes the content fully. If you revisit it after sometime, the recap video itself will help you refresh the details. Amazing!

Charts

Price

Rating

Enrollment distribution

Fundamentals of PCI-DSS - Distribution chart