In case you weren’t able to attend today’s webinar, Introduction to the Payment Card Industry Data Security Standard, we’ve posted a recording of the entire session on Halock’s YouTube channel.

The full 6-part series is embedded below for your convenience.

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

This series of videos provides an educational overview of the key things you need to know if you’re working towards achieving compliance with the Payment Card Industry Data Security Standard (PCI DSS).

Part 1 of 6:

  • What is the PCI DSS?
  • Common PCI Myths
  • Introduction to the 12 main PCI DSS requirements

Part 2 of 6:

  • Advantages of PCI Compliance
  • Consequences of Non-Compliance
  • Overview and applicability of PCI Standards (DSS, PA-DSS, and PTS)
  • PCI Service Provider considerations
  • How is PCI Compliance enforced?


Part 3 of 6:

  • Merchant and Service Provider classification levels
  • Validation requirements according to classification level
  • Difference between validation and actual compliance
  • Self Assessment Questionnaire (SAQ) Types
  • Onsite Assessment Validation Process
  • What needs to be in scope for PCI compliance, and how can that scope be optimized?


Part 4 of 6:

  • What types of cardholder data may or may not be stored?
  • Differences between PCI DSS and other compliance standards
  • The 80/20 rule as it relates to implementing controls for PCI compliance
  • What will it cost my organization to achieve PCI compliance?
  • How does the cost of PCI compliance compare to the cost of a security breach?
  • Cost effective strategies for PCI compliance
  • Overview of recommended approach/methodology for achieving and maintaining PCI compliance

Part 5 of 6:

  • Example of how network segmentation can be used for PCI scope reduction
  • Brief overview of data tokenization
  • Brief overview of end-to-end encryption
  • Overview of what’s new in PCI DSS v2.0
  • MasterCard’s new validation rules
  • State laws relating to PCI DSS compliance


Part 6 of 6 – Questions and Answers:

  • How frequently do logs need to be reviewed for PCI compliance and how can this best be addressed?
  • What are the differences between the requirements for quarterly vulnerability scanning and penetration testing (requirements 11.2 and 11.3)
  • Which IP addresses have to be included for quarterly external scanning? All IP addresses, or only those associated with the Cardholder Data Environment?

Jeremy Simon, PCI QSA, CISSP, CISA
Practice Lead, PCI Compliance Services