PCI Education and Resources
Live Education Webcasts
Trustwave is providing the opportunity for anyone wishing to learn more about PCI to sign up for live webinars related to specific PCI topics.
Sign up for a Live Education Webinar
The PCI Security Standards Council also offers live webinars from.
View the schedule of upcoming live webinars. Pre-recorded Webcasts
Trustwave also offers past webcasts in a pre-recorded format to playback/view on your own schedule. Click on a topic below to view in your browser:
Merchant Experience – Navigating the Trustwave PCI-DSS Portal
Trustwave has spent a great deal of time creating the PCI-DSS Portal in order to simplify the merchant experience and make it easier for merchants to complete the PCI-DSS. That said, we have had enough requests for assistance with the Portal that we asked Trustwave to pre-record a session to walk through the PCI-DSS and SAQ.
The walk through cannot be comprehensive given the myriad of options available for a merchant to choose. Therefore the merchant experience is only meant to be a representation of one possible mix of answers to the PCI-DSS and SAQ.
Like many QSA's, Trustwave offers a for-fee service to merchants wishing to have a dedicated resource walk them through the PCI-DSS and SAQ. If (after viewing the Merchant Experience) you feel additional assistance is still required, you may engage Trustwave’s services by contacting them at 877-841-7014.
View the Merchant Experience webcast
PCI Information - Pertinent Links
There are a myriad of resources available to provide additional information to merchants, starting with the PCI Council’s website. These resources can be accessed through the following links:
PCI-DSS Standards via the PCI Council
PA-DSS Standards via the PCI Council
PA-DSS Certified applications list via the PCI Council
PCI-PTS (formerly PCI-PED) Standards via the PCI Council
PCI-PTS approved terminals list via the PCI Council
PCI Council Merchant Resource Center
Trustwave "PCI-Made Easy" Site Sage Payment Solutions – Service Provider Status
Service providers are organizations that process, store, or transmit cardholder data on behalf of clients, merchants, or other service providers. Service provider levels are defined differently based on the Card Association:
Service Provider Level 1: Any service provider that stores, processes and/or transmits over 300,000 Visa transactions annually. MasterCard sets this level at greater than 1 Million transactions annually.
Service Provider Level 2: Any service provider that stores, processes and/or transmits less than 300,000 Visa transactions annually. MasterCard sets this limit as less than 1 Million transactions annually.
In addition to the need to register with Visa and MasterCard as a Service Provider, as well as adhering to the PCI-DSS, compliance validation is required. This includes:
Service Provider Level 1:
Annual On-Site PCI Data Security Assessment
Quarterly Network Scan
Service Provider Level 2:
Annual PCI Self-Assessment Questionnaire
Quarterly Network Scan
The level of scrutiny for a Level 1 provider is considerably greater than that of a Level 1 provider, and as such considerable costs and resources are required to support a Level 1 Service Provider's infrastructure.
Sage Payment Solutions is a Service Provider Level 1, and we remain committed to the security of cardholder data, as well as to doing whatever we can to help our merchants prevent a possible breach. Sage Payment Solutions is listed as a Service Level Provider 1.
Access Visa's information on certification.
Access MasterCard's information on certification.
PCI Security Standards Council Fact Sheets
Lifecycle for changes to the PTS
The Payment Card Industry PIN Transaction Security (PTS) requirements are used primarily by ATM and point-of-sale equipment manufacturers to secure cardholder data at the physical point of interaction. Changes to the standard follow a defined 36-month lifecycle with eight stages. The lifecycle ensures a gradual, phased use of new versions of the standard without invalidating current implementations of PTS. It also prevents organizations from becoming noncompliant when changes are published and allows vendors to complete existing product development. Throughout the lifecycle, the Council will continuously evaluate evolving technology and threats, and provide ongoing guidance about these standards.
Lifecycle for changes to the PCI DSS and PA DSS
The Payment Card Industry Data Security Standard (PCI DSS) secures cardholder data that is stored, processed or transmitted by merchants and other organizations. Changes to the PCI standards follow a defined 36-month lifecycle with eight stages. The lifecycle ensures a gradual, phased introduction of new versions of the standard in order to prevent organizations from becoming noncompliant when changes are published. This lifecycle also applies to the Payment Application Data Security Standard (PA-DSS), which covers validation requirements for applications used to process payment cards. During the lifecycle, the Council will continuously evaluate evolving technology and threats, and if necessary, make mid-lifecycle changes to the standards or provide ongoing supplemental guidance about these issues.
Overview of the PCI SSC Skimming Prevention: Best Practices for Merchants
Skimming is the unauthorized capture and transfer of payment data to another source. Its purpose is to commit fraud, the threat is serious, and it can hit any merchant's environment. PCI Security Standards currently contain a number of requirements and recommendations to guard against skimming. This “At-a-Glance” provides a snapshot of skimming and introduces areas requiring countermeasures to ensure an appropriate level of security for cardholder data.
Overview of the PCI DSS Wireless Guideline
The goal of this document is to help organizations understand how PCI DSS applies to wireless environments, how to limit the PCI DSS scope as it pertains to wireless, and provide practical methods and concepts for deployment of secure wireless in payment card transaction environments.
PCI Data Storage Do's and Don'ts
Requirement 3 of the Payment Card Industry’s Data Security Standard (PCI DSS) is to "protect stored cardholder data." For merchants who have a legitimate business reason to store cardholder data, it is important to understand what data elements PCI DSS allows them to store and what measures they must take to protect those data.
Payment Card Industry Security Standards Overview
PCI security standards are technical and operational requirements set by the Payment Card Industry Security Standards Council to protect cardholder payment data.
Getting Started with PCI Data Security Standard
PCI security for merchants and payment card processors is the vital byproduct of applying information security best practices in the Payment Card Industry Data Security Standard (PCI DSS).
Ten Common Myths of PCI DSS
The Payment Card Industry Data Security Standard (PCI DSS) secures cardholder payment data that is stored, processed or transmitted by merchants and processors.
Reports and Blog Resources
Verizon Business 2010 Data Breach Investigations Report
Verizon Business Security Blog