The Payment Card Industry (PCI) Data Security Standard is a set of comprehensive security requirements that applies to merchants and service providers who process and/or store payment card information. The standard was developed by Visa and MasterCard, and has now been adopted by the other major credit card issuing companies.
The part of the standard that relates to security awareness and training is section 12.6 which requires merchants and service providers to:
Implement a formal security awareness program to make all employees aware of the importance of cardholder data security.
- Educate employees upon hire and at least annually.
- Require employees to acknowledge in writing that they have read and understood the company’s security policy and procedures.
Merchants and service providers are also required to provide appropriate training to staff with security breach response responsibilities.
