Payment Card Industry Data Security Standards (PCI DSS)

Anyone handling payment card details must follow the Payment Card Industry Data Security Standard (PCI DSS).

This course explains how the payment card system works, the requirements of the Payment Card Industry for organisations that process card payments, and what you need to know to make sure you handle payments and payment card data securely.

Learning Objectives

Module 1:
Understand what PCI DSS is and what it means
Identify who is involved in the payment card system and how the system works
Recognise how we have a responsibility to protect cardholder data and ensure PCI compliance
Explain what cardholder data we are able to store and what is classed as sensitive data
Module 2:
Understand what things can go wrong with cardholder data and methods of payment systems
Identify different environments in which payment systems can be used
Describe how we can keep card and payment systems more secure
Module 3:
Understanding the importance of having a strong password
Identify password best practice
Recognise the dangers of phishing and social engineering
Explain the benefits of multi-factor authentication

Necessary

Always Enabled

Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.

Cookie	Duration	Description
_GRECAPTCHA	5 months 27 days	This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
ARRAffinity	session	ARRAffinity cookie is set by Azure app service, and allows the service to choose the right instance established by a user to deliver subsequent requests made by that user.
ARRAffinitySameSite	session	This cookie is set by Windows Azure cloud, and is used for load balancing to make sure the visitor page requests are routed to the same server in any browsing session.
cli_user_preference	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user preference
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
geot_rocket_country	session	This cookie is used to give location settings necessary for us to regionalise website content
geot_rocket_state	session	This cookie is used to give location settings necessary for us to regionalise website content
JSESSIONID	session	The JSESSIONID cookie is used by New Relic to store a session identifier so that New Relic can monitor session counts for an application.
STYXKEY_geot_country	session	This cookie is used to give location settings necessary for us to regionalise website content
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Functional

Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.

Cookie	Duration	Description
__cf_bm	30 minutes	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
__hssrc	session	This cookie is set by Hubspot whenever it changes the session cookie. The __hssrc cookie set to 1 indicates that the user has restarted the browser, and if the cookie does not exist, it is assumed to be a new session.
_biz_flagsA	1 year	A Cloudflare cookie set to record users’ settings as well as for authentication and analytics.
_biz_nA	1 year	This cookie, set by Bizible, is a sequence number that Bizible includes for all requests, for internal diagnostics purposes.
_biz_pendingA	1 year	A Cloudflare cookie set to record users’ settings as well as for authentication and analytics.
_biz_sid	30 minutes	This cookie is set by Bizible, to store the user's session id.
_biz_uid	1 year	This cookie is set by Bizible, to store user id on the current domain.
aka_debug	session	Vimeo sets this cookie which is essential for the website to play video functionality.
bcookie	1 year	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser ID.
bscookie	1 year	LinkedIn sets this cookie to store performed actions on the website.
geot_rocket_city	session	This cookie is used to give location settings necessary for us to regionalise website content
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.
player	1 year	Vimeo uses this cookie to save the user's preferences when playing embedded videos from Vimeo.

Performance

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

Cookie	Duration	Description
sync_active	never	This cookie is set by Vimeo and contains data on the visitor's video-content preferences, so that the website remembers parameters such as preferred volume or video quality.

Analytics

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.

Cookie	Duration	Description
__hssc	30 minutes	HubSpot sets this cookie to keep track of sessions and to determine if HubSpot should increment the session number and timestamps in the __hstc cookie.
__hstc	5 months 27 days	This is the main cookie set by Hubspot, for tracking visitors. It contains the domain, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).
_BUID	1 year	This cookie, set by Bizible, is a universal user id to identify the same user across multiple clients’ domains.
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_2YCM7MHZLL	2 years	This cookie is installed by Google Analytics.
_gat_UA-1424943-1	1 minute	A variation of the _gat cookie set by Google Analytics and Google Tag Manager to allow website owners to track visitor behaviour and measure site performance. The pattern element in the name contains the unique identity number of the account or website it relates to.
_gcl_au	3 months	Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
_hjAbsoluteSessionInProgress	30 minutes	Hotjar sets this cookie to detect the first pageview session of a user. This is a True/False flag set by the cookie.
_hjFirstSeen	30 minutes	Hotjar sets this cookie to identify a new user’s first session. It stores a true/false value, indicating whether it was the first time Hotjar saw this user.
_hjIncludedInPageviewSample	2 minutes	Hotjar sets this cookie to know whether a user is included in the data sampling defined by the site's pageview limit.
_hjIncludedInSessionSample	2 minutes	Hotjar sets this cookie to know whether a user is included in the data sampling defined by the site's daily session limit.
_hjTLDTest	session	To determine the most generic cookie path that has to be used instead of the page hostname, Hotjar sets the _hjTLDTest cookie to store different URL substring alternatives until it fails.
_session_id	14 days	Cookie set by G2 to store the visitor’s navigation by recording the landing pages. This allows the website to present products and indicate the efficiency of the website.
AnalyticsSyncHistory	1 month	Linkedin set this cookie to store information about the time a sync took place with the lms_analytics cookie.
hubspotutk	5 months 27 days	HubSpot sets this cookie to keep track of the visitors to the website. This cookie is passed to HubSpot on form submission and used when deduplicating contacts.
li_gc	5 months 27 days	Linkedin set this cookie for storing visitor's consent regarding using cookies for non-essential purposes.
vuid	2 years	Vimeo installs this cookie to collect tracking information by setting a unique ID to embed videos to the website.
VWO	3 months	Collects data on the user’s navigation and behaviour on the website. This is used to compile statistical reports and heatmaps for the website owner.

Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.

Cookie	Duration	Description
_fbp	3 months	This cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website.
_uetsid	1 day	Bing Ads sets this cookie to engage with a user that has previously visited the website.
_uetvid	1 year 24 days	Bing Ads sets this cookie to engage with a user that has previously visited the website.
drift_aid	2 years	The driftt_aid cookie is an anonymous identifier token set by Drift.com for tracking purposes and helps to tie the visitor onto the website. The cookie also allows Drift to remember the information provided by the site visitor, through the chat on successive site visits.
drift_campaign_refresh	30 minutes	This cookie is an anonymous identifier token set by Drift.com for tracking purposes and helps to tie the visitor onto the website. The cookie also allows Drift to remember the information provided by the site visitor, through the chat on successive site visits.
driftt_aid	2 years	The driftt_aid cookie is an anonymous identifier token set by Drift.com for tracking purposes and helps to tie the visitor onto the website. The cookie also allows Drift to remember the information provided by the site visitor, through the chat on successive site visits.
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
lang	session	LinkedIn sets this cookie to remember a user's language setting.
MUID	1 year 24 days	Bing sets this cookie to recognize unique web browsers visiting Microsoft sites. This cookie is used for advertising, site analytics, and other operations.
sa-user-id	1 year	StackAdapt sets this cookie as a Random Identifier for user identification, to display relevant advertisements.
sa-user-id-v2	1 year	StackAdapt sets this cookie as a Random Identifier for user identification, to display relevant advertisements.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
UserMatchHistory	1 month	LinkedIn sets this cookie for LinkedIn Ads ID syncing.

Others

Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.

Cookie	Duration	Description
_hjSession_2026456	30 minutes	Hotjar sets this cookie to identify a session of a user.
_hjSessionUser_2026456	1 year	Hotjar sets this cookie to identify a session of a user.
ln_or	1 day	a LinkedIn cookie used to determine if Oribi analytics can be carried out on a specific domain

Course: Payment Card Industry Data Security Standards (PCI DSS)

Payment Card Industry Data Security Standards (PCI DSS)

Constantly expanding content library

AI-powered text and audio translations

“We have been developing for over 20 years, so we really know what works for customers and learners”

What course are you looking for?

Courses specifically for Compliance

Code of Conduct

Martyn’s Law for Venues

Preventing Sexual Harassment for Managers

Essential Digital Skills – Online Searching

Essential Digital Skills – Digital Communication

Essential Digital Skills – Social Media Awareness

Essential Digital Skills – Secure Online Transactions

Freedom of Information Act

IR35 – Off Payroll Working

Physical Security

How Do Grievances Work? (Microlearning)

How Do Disciplinaries Work? (Microlearning)

What Are Disciplinaries and Grievances? (Microlearning)

Discipline and Grievance

Martyn’s Law for Retail

Safeguarding Adults

Drug and Alcohol Misuse

Introduction to Alcohol Misuse (Microlearning)

Introduction to Drug Misuse (Microlearning)

Preventing Substance Misuse in the Workplace (Microlearning)

Embracing Disability in the Workplace

Disability: Working Inclusively

Disability Awareness

Conflict of Interest

Safeguarding Children

Criminal Finances Act

Competition Law (EU)

Cyber Security in the Workplace (Microlearning)

Setting Strong Passwords (Microlearning)

Cyber Security and Phishing

Phishing (Microlearning)

Preventing Bribery in Business

Preventing Bribery in Business (Overseas)

Preventing Bribery in Business (Managers’ Responsibilities)

Competition Law

Right to Work

Preventing Money Laundering (Essentials)

Preventing Money Laundering

Preventing Bribery in Business (Essentials)

Preventing Bribery in Business (Managers)

Taking Action Against Radicalisation at Work (Microlearning)

Recognising Radicalisation (Microlearning)

Preventing Radicalisation

Managing Microbehaviours (Microlearning)

Managing Biases in Decision-Making (Microlearning)

Recognising Unconscious Biases (Microlearning)

Unconscious Bias

Unconscious Bias for Managers

International Fraud, Bribery and Corruption

GDPR (UK)

PCI DSS (Back Office)

PCI DSS (Front Line)

The EU and UK GDPRs

Understanding Microaggressions

Gender Awareness at Work

Inclusive Management (Microlearning)

Equity, Diversity and Inclusion for Managers

Equity, Diversity and Inclusion

Equity and Diversity (Microlearning)

Challenging Diversity Assumptions (Microlearning)

Managing and Leading Neurodivergent Colleagues

Neurodiversity at Work

GDPR Essentials

Information Security

What is Bullying and Harassment? (Microlearning)

Speaking Up (Microlearning)

Bullying and Harassment

Sexual Harassment Awareness (Microlearning)

Dignity at Work (Microlearning)

Cyberbullying (Microlearning)

Modern Slavery

Whistleblowing