MasterCard Worldwide Expands PCI Merchant Education Program

Company extends popular program, adding three new seminars to build merchants’ knowledge on data security standards

MasterCard Worldwide today announced the availability of three new seminars designed to help merchants protect payment card data and reduce the likelihood of reputational risk and the incidence of fraud.

The new seminars are titled “Data Encryption: Understanding Encryption and PCI DSS,” “Network Segmentation,” and “Maximize Internal Preparations for PCI DSS.” The seminars expand MasterCard’s PCI Merchant Education Program, an initiative offered to acquiring bank customers to provide practical assistance in educating merchants and encouraging broader adoption of the Payment Card Industry Data Security Standard (PCI DSS).

“Merchant education is critical to ensuring the integrity of payment data, and MasterCard is committed to facilitating and encouraging broader adoption of the PCI standards,” said Joshua Peirez, Chief Payment System Integrity Officer, MasterCard Worldwide. “The new modules are highly informative and address areas of interest identified by past training participants. By expanding our Merchant Education Program, we are bolstering our collaborative efforts to help protect our customers and cardholders from data theft and fraud and are helping to facilitate the global implementation of consistent data security measures.”

With the addition of the three new seminars, there are now 12 Web-based modules featuring actionable advice from MasterCard and industry experts available online at www.webcasts.com/mastercardpci. Since the program launch in October 2007, more than 1,625 registered users have viewed the online training modules more than 3,200 times. The complimentary education and training for acquiring banks and merchants was designed to improve their understanding of PCI DSS through interactive sessions.

The PCI DSS sets forth requirements for enhancing payment account data security. The standard, which was developed by MasterCard and the other payment brands that comprise the PCI Security Standards Council, is intended to help companies protect payment account data. The security standard includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures.

About the three new seminars:

Network Segmentation, presented by Arsenal Security Group, focuses on the importance of network segmentation to minimize the scope of a PCI DSS compliance audit or self-assessment, as isolating payment card environments from non-payment card environments can significantly reduce the amount of the effort required to comply with PCI DSS and the cost of remediation for merchants and service providers. Additionally, this session reviews the criteria that merchants and service providers should use in determining how to segment their environments - including complexity, cost, operational impact and risk.

Maximize Internal Preparations for PCI DSS, presented by Vigitrust, discusses how organizations can conduct key tasks related to PCI DSS compliance internally. The session focuses on how best to build an internal team to manage PCI DSS compliance efforts and what to expect from QSAs at the audit stage. This webinar also examines what organizations can do internally prior to an audit to maximize existing security investments.

Data Encryption: Understanding Encryption and PCI DSS, presented by Verizon Business, provides an overview of cryptography and background on the basic concepts of symmetric and asymmetric algorithms. It also addresses how the PCI DSS encryption requirements can be leveraged in other areas of a merchant’s systems as well as the protection of PAN and key management.

About the MasterCard PCI Merchant Education Program:

The PCI Merchant Education Program is adaptable and delivered through various channels based on the needs of the individual acquiring member and its merchant population. Merchants and other organizations have participated in the program, which consists of a series of customizable, interactive modules and as well as training sessions and materials tailored to merchants.

The education program offers several training options including:

* On-Site — In-person training for acquiring bank members at designated locations. This option provides the best opportunity for high-contact interaction.
* Live Web Meeting — Real-time online interface and teleconference. This option is ideal for presenting one to three modules and may be followed by Q&A sessions.
* On-Demand Webinar Series — Pre-recorded content available through an online interface. This option can be viewed as the merchant’s schedule allows. MasterCard delivers these sessions in conjunction with other industry security professionals.


Webinar modules currently available in addition to the three new sessions are:

* An Introduction to the PCI Security Standards Council
* A Detailed Look at the PCI DSS Requirements
* A Merchant’s Journey Toward Compliance
* Understanding Account Data Compromise
* Preparing for a Successful PCI Assessment, Lessons from the Field
* Reducing Your Risk: A Look into PCI Vulnerability Scanning
* Security and the Payments System
* Compliance Validation and Beyond
* A Look into the New Self Assessment Questionnaire


MasterCard offers several global promotions in partnership with certified security vendors. The promotions give merchants access to free network scans, enabling them to identify potential gaps in their network security that may expose payment card data to the risk of compromise.

In addition to the PCI Merchant Education Program, the MasterCard Academy of Risk Management (ARM) offers a full curriculum of online seminars, global conferences, educational materials and other tools to help secure the payments system and promote secure commerce worldwide. More information on the PCI Merchant Education Program and other ongoing MasterCard security initiatives can be found online at www.mastercardsecurity.com, or merchants may contact their MasterCard SDP representative.