PCI Concepts for Non-Technical People

Many small, medium and yes, large businesses struggle to understand the technical jargon that is used by the Payment Card Industry (PCI).  Often-times companies do not have in-house experts trained in PCI and they rely on vendors to help protect their customer payments.

In 2016 the Payment Card Industry Security Standards Council (PCI SSC) put together a taskforce to create documents that define PCI concepts in non-technical terms, focus on security practices that help protect credit card data and provide pictures that help people visualize how credit card data moves from acceptance by the merchant to payment by the card issuer.

The taskforce directed their efforts to helping small merchants, however reading through the documents can be helpful for people in all levels of an organization to understand PCI basics.  The four documents produced are:

Guide to Safe Payments provides a comparison of twelve security basics based on cost, ease of use and risk mitigation.  The document describes each security basic and lists web pages where you can read more on the topic.

Common Payment Systems provides visuals to help you identify the type of payment system your business may be using, the risks associated with each type of payment system, the threats to that payment type and recommendations to secure that payment type.

Questions to ask your vendors provides a set of questions that you can ask you vendor and also follow-up questions depending on their response.

Glossary of Information and Security Terms  Terms provides you with the common terms that are often used within PCI discussions.  Refer to this glossary as you read the other three documents in this series.

I recommend that everyone read these documents.  They contain many visuals, offer security basics, explain risks involved in each type of payment process and lay a good foundation for further PCI study and discussions.


Patsy Rossow on Linkedin
Patsy Rossow
Senior Security Analyst (Team Lead) at FRSecure
Patsy Rossow has 25 years experience in IT. Patsy has extensive experience handling security threats, regulating data access, and security program management. Prior to FRSecure, Patsy held various technical positions with Scholarship America and built its information security program. Patsy is instrumental in establishing FRSecure’s PCI methodology.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *