At atsec, we’re committed to contributing to the multitude of security standards we do testing for and participate in. Last week, atsec China exemplified that commitment by hosting a PCI Training Workshop focused on payment industry security standards. Over May 22nd and 23rd, the workshop brought together professionals from card brands, banks, payment service providers, merchants (including airlines, gaming companies, and e-commerce platforms), hardware manufacturers, and other organizations involved in payment security and risk management to solidify everyone’s understanding of the nuances of the payment security industry.
The workshop kicked off with an industry overview delivered by an atsec lecturer, covering the history and evolution of payment security standards, global compliance trends, the PCI standard family, validation requirements, and the compliance assessment process.
An expert from an international card brand delivered the workshop’s keynote speech, where they shared insights on the latest global payment security trends and engaged in interactive discussions with participants. Additionally, experts from a leading risk management solution provider shared best practices in transaction risk control, covering management, products, technology, and implementation.
Discussions of risk management for payment tools and service providers were a focus of another industry expert, covering topics such as analyzing mainstream cross-border payment tools, risk identification and prevention, and future trends and innovations in cross-border payments.
Over the two-day training period, atsec lecturers also provided an in-depth introduction to the PCI DSS standard requirements, focusing on the most recent version, v4.0.1. They combined theoretical knowledge with practical project experience to discuss an array of topics:
- Defining and simplifying the cardholder data environment (CDE)
- Cardholder data protection
- Software lifecycle security
- Network and system security
- Logical and physical access control
- Vulnerability management
- Security testing
- Information security management systems
Participants engaged in active discussions with lecturers, sharing security technology and management questions encountered in their daily operations.
As in previous training sessions, participants engaged in group discussions and case analyses, exploring scenarios such as cloud environment compliance. The atsec instructor provided relevant explanations and comments, further bridging the gap between standard requirements and their practical implementation.
At the conclusion of the training, participants took the atsec PCI Security Engineer (SE) exam. Those who pass the written exam will receive a PCI SE training certificate issued by atsec China.
After providing such a successful training workshop, atsec China is even more committed to helping institutions within the payment security industry optimize their security operations and development work and contributing to the overall advancement of payment security – we’ve seen firsthand how beneficial that is!
