PCI Security Awareness Training

Services clients purchase before

PCI Security Policies

Services clients purchase after

PCI Gap Analysis

Top 10 Tips for PCI Compliance
Zen & the Art of PCI Compliance
Need some help?

Speak to the Risk Factory Foreman
and he'll tell you everything you
need to know.

Call us on 
0800 978 8139

Quote details


What is it?

PCI Security Awareness Training is the continuous process to ensure that your employees understand the security risks to the credit and debit cardholder data that your business process, stores or transmits and the minimum requirements for its protection. Like information security policies, security training must include employee confirmation that they both understand and accept their responsibilities to protect cardholder data and the procedures they must follow to do so.

Why should I do this?

Training is mandated for compliance to Requirement 12.6 of the Payment Card Industry (PCI) Data Security Standard (DSS) and requires that employees with access to card data receive initial training and annually thereafter to ensure they understand their responsibilities for protecting cardholder data.

A good PCI Security Awareness Program heightens employee attentiveness to risk of a breach of cardholder data and the things that must be done to mitigate that risk. Whether through ignorance, or malicious intent, employees are still the primary risk to the cardholder data your business processes.

How often should I do it?

Training is mandated for compliance and requires that employees with access to card data receive initial training and on-going annual training to ensure they understand their responsibilities for protecting this sensitive data.

What will Risk Factory do?

  • Provide an easy to use, on-line (40 minute) PCI Information Security Awareness Training Course for your employees to log on and learn best cardholder data security practice.
  • Provide best practice PCI specific course content for your compliance requirements.
  • Teach your employees in simple non-technical language, how and why hackers hack into systems to steal credit and debit cardholder data.
  • Instruct your employees in the best methods of protecting your systems and the cardholder data you process.
  • Explain the employee’s inherent responsibilities for protecting cardholder data and identifying and reporting suspicious incidents.

What will I receive?

  • Effective course content with consistent, simple and meaningful messages useful outside of the workplace and so more readily accepted by both non-technical and technical employees alike. You can see the portal and sample content by contacting the Risk Factory Foreman.
  • Company & employee information security training validation certificates for award and evidence of compliance to Requirement 12.6 of the PCI DSS.
  • Monthly information security awareness bulletins to be included in your businesses newsletters, intranet publications, or blogs.

Do I need to do anything in advance?

The service is charged on a per year, per employee basis so just give us the number of years you'd like us to provide the training (quantity) and the number of employees requiring training (users) when getting your quote. Our Factory Foreman will then call you to set everything up.