These comprehensive resources aim to help UBC merchants make informed decisions around PCI compliance, business and technical processes.
PCI standards are updated every three years and merchants are advised to ensure that they use the most up-to-date documents:
- UBC Information Systems Policy
- Information Security Standards
- PCI Security Standards Council Site
- Digital Payments Program
PCI Security Awareness
UBC merchants involved in the acceptance of credit card payments are expected to have at least an adequate knowledge on Information Security Standards related to PCI.
The purpose of the awareness video presentations is to emphasize attention on security. They are intended to allow UBC merchants to recognize IT and PCI security concerns and to know how to respond and deal with them. Following are the recommended modules to satisfy the PCI requirement on security awareness. You must have a CWL login ID to access the videos:
- Introduction (1:06)
- You are the target (2:09)
- Social engineering (3:36)
- Email & IM (6:52)
- Passwords (3:40)
- Payment Card Industry's Data Security Standard (2:08)
- End-Brief overview (0:38)
Fact Sheets
- PCI Security Standards Overview
- Getting Started with PCI DSS
- Understanding SAQs
- PCI DSS Requirements and Security Assessment Procedures (version 3.2.1)
- Lifecycle for Changes to the PCI DSS and PA-DSS
- Skimming Resource Guide
- Ten Common Myths of PCI DSS
Information Supplements
- SAQ Instructions and Guidelines
- Glossary of Terms, Abbreviations and Acronyms
- Migrating from SSL and Early TLS
- Penetration Testing Guidance
- Best Practices for Implementing Security Awareness Program
- Skimming Prevention: Overview of Best Practices for Merchants
- Best Practices for Maintaining PCI DSS Compliance
- eCommerce Guidelines
- Risk Assessment Guidelines
- Tokenization Guidelines
- Virtualization Guidelines
- Protecting Telephone-based Payment Card Data
- PCI Forensic Investigator (PFI) Program Guide