FFIEC News

MasterCard Worldwide Enhances PCI Merchant Education Program for PCI DSS 1.2

(Nov 03, 20080-- MasterCard Worldwide announced the availability of two new seminars designed to help merchants protect payment card data and reduce the likelihood of reputational risk and fraud. The new seminars are titled 'Data Storage' and 'PCI DSS Requirements -Version 1.2.' The seminars further expand MasterCard's PCI Merchant Education Program, an initiative offered to acquiring bank customers to provide practical assistance in educating merchants and encouraging broader adoption of the Payment Card Industry Data Security Standard (PCI DSS). With the addition of the two new seminars, there are now 14 Web-based, complementary modules featuring actionable advice from MasterCard and industry experts available online.

"The MasterCard Merchant Education Program has been very popular since we began it a year ago and participation is steadily increasing each time we add new seminars. In fact, more than 2,000 registered acquiring banks and merchants have viewed our online training modules more than 4,300 times since the program's inception," said John Verdeschi, vice president, MasterCard Worldwide. "Facilitating the consistent implementation of data security measures around the world ultimately helps protect our customers and cardholders from data theft and fraud. That is why we are dedicated to
helping our customers understand PCI requirements and remain committed to expanding our education program as the PCI standards evolve."

The PCI DSS sets forth requirements for enhancing payment account data security. The tandard-which was developed by MasterCard and the other payment brands that comprise the PCI Security Standards Council-is intended to help companies safeguard payment account data. The security standard
includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures.

About the two new seminars:

-- Data Storage - This seminar, presented by Arsenal Security Group, covers the complexities of both the temporary and long-term secure storage of sensitive cardholder data. The session will explain what data is allowed to be stored through authorization and post-authorization. The session also will cover common places where merchants potentially store cardholder data and ways to identify and purge data the PCI DSS do not permit to be stored.
-- PCI DSS Requirements Update - Version 1.2 - This session, presented by Trustwave, will provide a detailed review of newly clarified requirements of the PCI DSS by section. The updated requirements offer improved flexibility to address today's security challenges and eliminate redundant sub-requirements. A discussion on remediation and compensating controls will complete the session.

The PCI Merchant Education Program is adaptable and delivered through various channels based on the needs of the individual acquiring member and its merchant population. Merchants and other organizations have participated in the program, which consists of a series of customizable, interactive modules and as well as training sessions and materials tailoredto merchants. The education program offers several training options including:

-- On-Site - In-person training for acquiring bank members at designated locations. This option provides the best opportunity for high-contact interaction.
-- Live Web Meeting - Real-time online interface and teleconference. This option is ideal for presenting one to three modules and may be followed by Q&A sessions.
-- On-Demand Webinar Series - Pre-recorded content available through an online interface. This option can be viewed as the merchant's schedule allows. MasterCard in conjunction with other industry security professionals deliver these sessions.

MasterCard security initiatives can be found online at http://www.mastercardsecurity.com, or merchants may contact their MasterCard SDP
representative.

Share or bookmarklet this web page at: