Understanding PCI SSC

PCI SSC is an open "global" forum founded in 2006 by 5 major card brands.

American Express                :  www.americanexpress.com/datasecurity
Discover Financial services    :  www.discovernetwork.com/merchants/
JCB International                  :  http://partner.jcbcard.com/security/jcbprogram/index.html
MasterCard                          :   http://www.mastercard.com/sdp
Visa inc                               :   http://www.visa.com/cisp
Visa Europe                         :   http://www.visaeurope.com/ais

PCI-SSC is also called as "The Council" and it develops, maintains and manages  PCI security standards which include but not limited to:  

                                                - Payment Card Industry Data Security Standard ( PCI-DSS )
                                                - Payment Application Data Security Standard ( PA-DSS )
                                                - PIN Transaction Security ( PIN ) Requirements

The council offers various trainings and enhances payment account data security by driving education and awareness of PCI security standards. PCI-SSC does "NOT"  validate or enforce any organization's compliance and does "NOT"  impose penalties for non-compliance, these are governed and managed by payment brands!

PCIP Study Material

Actually “ALL” content available at www.pcisecuritystandards.org. Am I being selfish here ? Really ?

PCIP exam will majorly test applicants understanding in below areas but not limited to :

•PCI DSS, PA DSS, PTS , P2PE and PIN security
•Security Assessments Procedure
•Navigating PCI DSS
•PCI Terminology
•SAQ and its relevance
•Compensating control and its relevance
•New technologies like segmentation, Tokenization, mobile, cloud and its relevance to PCI industry

PCIP Certification Benefits

High Level Benefits of PCIP Certification:

• Provides foundation understanding of Payment Card Industry and Standards. It’s a niche skill domain!
• Career progression in Information Security Field and professional advancement
• Opens up avenues for ISA and QSA certification and other profession fields in information technology like Vulnerability mgmt, Penetration testing, PCI consulting etc. PCIP is not a prerequisite for ISA, QSA though.
• You join an integral team that is responsible for the protection of environment that stores, processes   and transmits account data and advances the profession and drive enterprise towards being compliant and secure.

PCIP Overview

PCIP certification demonstrates professional knowledge in the field of "Payment Card Industry" and solid understanding of PCI standards and related technologies. It is expected that the candidate appearing of PCIP should have prior knowledge and understanding of :

• Information Technology
• Network & Security Architecture
• Basic understanding of Payment card industry etc..

Here are some high level important points  that an applicant should be aware of :

• PCIP Certification remains with the individual even when they "switch" employers
• Re certification is subject to renewal after every "2" years

• It is “strongly recommended” that the candidate undergo PCIP training offered by "PCI SSC"
• 60 questions, 90 min. Pass/Fail decision on exam conclusion. Student must wait for 6 months after 3 consecutive failures before retaking the PCIP examination.
• PCI SSC council maintains the list of PCIP’s on the council’s website, however it is not updated frequently! So don't be disappointed when your name does not appear on SSC website. It's your knowledge is all that matters.

PCIP Certification Process Flow

Follow this process for your PCIP certification and start your preparation by reading the articles available at www.pcisecuritystandards.org

PCIP ( Payment Card Industry Professional ) certification from "The Council" has been one of the prestigious certification in the market today that covers both technical and operational requirements knowledge needed to demonstrate the understanding of PCI and its requirements. PCIP holders with right technical knowledge and understanding can assess CDE ( Cardholder Data Environment ) and drive the organization towards PCI compliance.

Since this is a fairly new certification and there are only 1000+ PCIP certification holders, I thought of publishing a methodical course work, which can help in PCIP certification.

So lets get started :

Module -1 : Would familiarize with what it takes to pass PCIP certification offered by PCI SSC.


Pathway to PCIP Certification and Requirements

• PCIP Application
• Study materials
• PCIP certification and re certification requirements