PCI Security Standards Council (PCI SSC) has adopted a new eLearning platform to move all informational and certification programs online. With the rise of the COVID-19 pandemic, the Council took important steps earlier this year to protect the health and safety of all involved by canceling face-to-face, instructor-led training courses for the remainder of the calendar year.
To date, PCI SSC has received considerable positive feedback regarding the course delivery platform and, as a result, has been able to accommodate broader, global participation.
In this blog, we interviewed PCI SSC Director, Training Programs Travis Powell, about the eLearning platform, the importance of informational training, and which classes are now available.
What is Informational Training?
Travis Powell: Informational training is a valuable way for individuals to understand how to protect payments and learn how to effectively demonstrate that security requirements have been met. Our training offers a way for those who would like to increase their knowledge of a certain subject or standard, without the need to obtain certification. This training is a great fit for anyone who may want a deeper understanding of what the standards and programs entail or what to expect from an assessment. It’s also just a great way to stay current on what’s new in the payments industry.
Informational training will be conducted via a virtual eLearning platform. Tell us about the new platform, how it differs from classroom training and what trainees can expect.
Travis Powell: eLearning incorporates a combination of computer-based training as well as live remote instructor-led training sessions. One of the benefits of informational training on the eLearning platform is the access to instructional time with industry experts who can guide you through better understanding the standards. As part of the training program, participants can work at their own pace, from anywhere in the world, to complete the computer-based training module. Once the course has been completed, participants will get the equivalent training and knowledge that is delivered to our Assessor community, but without the requirement of taking an exam for certification. Participants will also receive a letter of completion that confirms continuing professional education (CPE) credits earned. The eLearning platform also allows for a significant cost savings since participants won’t incur the travel-related expenses that they would otherwise have when attending in-person training.
Which informational training classes are available and when are they offered?
Travis Powell: Currently, informational training is offered as part of eLearning with remote, instructor-led classes and is available for the following courses:
- PCI PIN – This course provides instruction on how to perform assessments of entities in accordance with the PCI PIN Security Requirements and Testing Procedures (PCI PIN Standard). This training will provide you with an understanding of the requirements for the secure management, processing, and transmission of personal identification numbers (PINs) during payment card transaction processing at ATMs and attended and unattended point-of-sale (POS) terminals.
- Secure Software Assessor - This course provides instruction on how to perform assessments of payment software in accordance with the Secure Software Requirements and Assessment Procedures (PCI Secure Software Standard). This training will provide you with an understanding of the requirements with corresponding assessment procedures and guidance for the development of secure payment software. Next opportunity to take this class is on 21 July!
- Secure Software Lifecycle (SSLC) – This course provides instruction on how to perform assessments of entities in accordance with the Secure Software Lifecycle (Secure SLC) Requirements and Assessment Procedures (PCI Secure SLC Standard). This training will provide you with an understanding of the requirements with corresponding assessment procedures and guidance for payment software vendors to design, develop, and maintain secure payment software throughout the software lifecycle. Next opportunity to take this class is on 20 July!
These classes are scheduled on specific dates and can reach capacity. Therefore, it is important to register as early as possible. Future dates will be added as demand dictates. We plan to offer informational training for Card Production and Provisioning classes, as well as Point to Point Encryption (P2PE) v3 courses, which are anticipated to launch later this year as part of our eLearning program.
Those individuals that do wish to obtain certification must meet the full list of Qualification Requirements that are defined in each program’s corresponding program guide published in the PCI SSC Document Library.
How much do the informational training classes cost and are there any opportunities for discounts or to attend the class for free?
Travis Powell: While there is a fee to attend informational training classes, corporate group rates are available. All pricing information is available on our website when you click on the link to the specific class. If you would like to inquire about group or corporate training requests, please contact us at Training@PCISecurityStandards.org for further information.
What is Corporate Training and how does it differ from other training classes?
Travis Powell: Corporate training offers organizations the ability to learn directly from the PCI SSC trainers, exclusively with the peers in their company. Not only can corporate training reduce the costs of travel associated with attending training courses, but it also allows organizations to plan training around a timeframe that works best for their organization. Our trainers offer instruction with hands-on experience assessing merchants and/or service providers. We offer all our courses (Assessor or Informational) in corporate training format and, when it is permissible, our trainers will come to you and deliver the classes at your facility. We also offer the option for the eLearning format to be delivered as part of our corporate training offerings and we will organize a remote instructor-led session tailored to fit your organization. We have found that corporate training offers all the benefits from a typical class, but we can cater the course to be convenient for your organization and can take place in whatever format works best for your needs. You can learn more about Corporate Training by visiting our website.
Why should people sign up for these informational training classes? Why is this important?
Travis Powell: Attending informational training classes will allow individuals to gain insight into the various aspects of the Payment Card Industry. This is valuable for vendors who may be developing payment software that needs to be assessed in order to be compliant with the standards, or for those organizations that wish to only have their Secure SLC processes evaluated as part of their software development practices. Showing compliance with these standards demonstrates that your organization has a validated solution, or Secure SLC practice, to ensure secure development of payment applications.
The same applies for PCI PIN informational training. This type of training is valuable for those entities that acquire or process PINs to support transaction processing. It is also of value for those organizations that are supporting Key Injection Facility operations or the injection of PINs into POI devices. As part of informational training you will learn the various requirements as it relates to the PCI PIN standard as well as the required key management practices in order to secure your PIN environment.
How can individuals register for informational training classes?
Travis Powell: Those wishing to attend an informational training class can register directly from our website. We’ve listed course details, prices and schedule, information about the registration process, and any requirements.
For more information about which instructor-led trainings were canceled as a result of the pandemic, please read our blog post: Important Training Schedule Update: Instructor-Led Trainings (ILT) Canceled