Skip to main content
Image coming soon

CMP9106 Mastering PCI DSS for Financial Services Compliance Practitioners

$199.00
Adding to cart… The item has been added

A tailored course, built for your situation

Mastering PCI DSS for Financial Services Compliance Practitioners

Build confidence in payment security frameworks with a tailored implementation path for complex financial environments.

$199 one-time
24-hour access provisioning 30-day money-back guarantee Hand-built implementation playbook
12 modules. 12 chapters per module. 144 chapters total.
12 modules, each with 12 chapters (144 chapters total), text-based, plus downloadable templates and a hand-built implementation playbook delivered alongside course access.
Staying ahead of shifting payment security demands without reinventing the wheel every cycle.

The situation this course is for

Compliance teams in financial services are under pressure to prove payment security beyond the audit, consistently, across new platforms, integrations, and third parties. Yet most guidance is generic, vendor-driven, or tied to industries outside finance. The gap isn’t knowledge, it’s applicability.

Who this is for

Senior compliance or risk practitioner in financial services responsible for implementing, maintaining, or advising on PCI DSS within a regulated, multi-system environment.

Who this is not for

Entry-level auditors, non-compliance staff, or practitioners outside financial services looking for general PCI awareness.

What you walk away with

  • Map PCI DSS requirements directly to Schwab’s infrastructure and workflows
  • Produce repeatable evidence packages that hold up under cross-functional review
  • Anticipate scope changes before they impact integration timelines
  • Speak confidently across technology, risk, and operations teams using a common compliance framework
  • Reduce cycle time for control validation by up to 40% using embedded templates

The 12 modules (with all 144 chapters)

Module 1. Understanding PCI DSS in the Financial Services Context
Lay the foundation by adapting PCI DSS core principles to the specific risk landscape, regulatory overlap, and operational complexity of financial institutions like the firm.
12 chapters in this module
  1. Distinguishing retail vs. financial services PCI applicability
  2. How GLBA and FFIEC expectations intersect with PCI controls
  3. Identifying where payment data flows in wealth management platforms
  4. Mapping client transaction types to PCI scope definitions
  5. Recognizing non-cardholder data that still triggers PCI scrutiny
  6. Integrating PCI DSS with existing SOX and operational risk frameworks
  7. Assessing third-party processor responsibility and accountability
  8. Defining internal accountability across platform and security teams
  9. Documenting legacy system exceptions with audit integrity
  10. Aligning annual validation timing with fiscal reporting cycles
  11. Using past audit findings to preempt future gaps
  12. Setting baseline expectations for cross-team PCI literacy
Module 2. Scope Definition and Boundary Control
Learn to draw precise PCI boundaries in complex, interconnected environments without over-capturing or under-protecting.
12 chapters in this module
  1. Identifying CDE boundaries in hybrid cloud architectures
  2. Excluding systems properly using segmentation evidence
  3. Handling API gateways that route payment data selectively
  4. Documenting network segmentation for assessor review
  5. Managing scope creep from microservices adoption
  6. Evaluating tokenization impact on data flow diagrams
  7. Validating scope decisions with engineering stakeholders
  8. Capturing scope changes during M&A integration cycles
  9. Using data classification tools to support boundary claims
  10. Addressing virtualization and container sprawl in scope
  11. Creating reusable scope justification templates
  12. Training incident responders on scope implications
Module 3. Building and Maintaining the Network Security Foundation
Implement firewall and router configurations that meet PCI requirements while supporting business agility.
12 chapters in this module
  1. Aligning firewall rules with least-privilege principles
  2. Documenting change management for network device updates
  3. Integrating firewall reviews into automated CI/CD pipelines
  4. Managing default credentials across network devices
  5. Establishing secure remote access for third parties
  6. Validating segmentation controls through regular testing
  7. Using SIEM alerts to detect unauthorized configuration drift
  8. Maintaining detailed network diagrams with version control
  9. Auditing router configurations for unused ports
  10. Enforcing change approval workflows across teams
  11. Creating network security evidence packages for assessors
  12. Balancing security needs with developer productivity
Module 4. Securing Cardholder Data at Rest
Apply encryption and key management standards that protect sensitive data without introducing operational bottlenecks.
12 chapters in this module
  1. Choosing appropriate encryption methods for structured data
  2. Implementing hashing strategies for PAN storage compliance
  3. Managing encryption key lifecycle in cloud environments
  4. Segregating key management from application owners
  5. Validating decryption controls during incident response
  6. Documenting data retention policies aligned with PCI
  7. Using tokenization to reduce data exposure surface
  8. Assessing database encryption performance tradeoffs
  9. Auditing access to encrypted data repositories
  10. Integrating key rotation into DevOps workflows
  11. Handling keys during system decommissioning
  12. Training database administrators on PCI obligations
Module 5. Protecting Data in Transit
Ensure secure transmission of payment data across internal and external connections using current cryptographic standards.
12 chapters in this module
  1. Enforcing TLS 1.2+ across all payment channels
  2. Managing certificate lifecycle and renewal processes
  3. Validating certificate trust chains with external partners
  4. Disabling weak cipher suites in production environments
  5. Monitoring for SSL/TLS downgrade attacks
  6. Integrating mutual TLS for internal service authentication
  7. Documenting secure coding practices for API teams
  8. Testing encryption strength in staging environments
  9. Responding to external vulnerability reports
  10. Auditing client-side script behavior for data leakage
  11. Using secure SDKs in mobile payment applications
  12. Training support staff on secure data handling protocols
Module 6. Vulnerability Management Program Execution
Run a continuous, risk-based scanning and remediation cycle that satisfies PCI requirements and reduces attack surface.
12 chapters in this module
  1. Scheduling regular internal and external vulnerability scans
  2. Integrating scan results into ticketing and tracking systems
  3. Prioritizing remediation based on business impact
  4. Validating patch deployment across distributed systems
  5. Using automated tools to detect missing security updates
  6. Managing false positives in vulnerability reporting
  7. Documenting compensating controls for delayed fixes
  8. Integrating vulnerability data into risk registers
  9. Conducting manual verification of critical patching
  10. Reporting scan status to senior leadership
  11. Aligning scan scope with PCI data environment
  12. Training operations teams on rapid response workflows
Module 7. Implementing Strong Access Control Measures
Enforce role-based access to cardholder data and related systems with practical controls that scale across teams.
12 chapters in this module
  1. Defining roles and responsibilities for PCI access
  2. Implementing multi-factor authentication for privileged users
  3. Reviewing access rights on a quarterly basis
  4. Enforcing separation of duties for critical functions
  5. Managing shared account usage during outages
  6. Using just-in-time access for third-party vendors
  7. Documenting access requests and approvals
  8. Integrating identity providers with monitoring tools
  9. Auditing privileged session activity
  10. Training employees on access responsibility
  11. Handling access revocation during role changes
  12. Creating access review templates for audit readiness
Module 8. Tracking and Monitoring All Access
Deploy logging and monitoring solutions that provide visibility into access to cardholder data environments.
12 chapters in this module
  1. Capturing required log events per PCI DSS
  2. Centralizing logs in a secure, immutable repository
  3. Setting retention policies for audit compliance
  4. Using correlation rules to detect suspicious activity
  5. Integrating logs with incident response playbooks
  6. Validating log accuracy through regular checks
  7. Ensuring logs are protected from tampering
  8. Training SOC analysts on payment-related alerts
  9. Reviewing logs for unauthorized access attempts
  10. Documenting log management procedures for assessors
  11. Integrating user behavior analytics with logging
  12. Aligning monitoring scope with PCI boundaries
Module 9. Regular Testing of Security Systems and Processes
Conduct internal and external penetration tests and technical reviews that validate ongoing compliance.
12 chapters in this module
  1. Scheduling annual external penetration tests
  2. Conducting internal penetration testing between cycles
  3. Choosing qualified assessors with financial services experience
  4. Defining test scope with business unit input
  5. Using phishing simulations to test awareness
  6. Performing code reviews for payment-related applications
  7. Validating segmentation with active testing
  8. Documenting test findings and remediation plans
  9. Sharing results securely with stakeholders
  10. Integrating test feedback into control improvements
  11. Training engineers on safe testing practices
  12. Creating repeatable test execution checklists
Module 10. Maintaining an Information Security Policy
Develop and enforce a comprehensive policy that supports PCI DSS compliance across the organization.
12 chapters in this module
  1. Drafting policy language aligned with PCI requirements
  2. Obtaining executive endorsement for security policy
  3. Distributing policy updates across business units
  4. Conducting annual employee attestation
  5. Integrating policy with onboarding and training
  6. Aligning policy with incident response plans
  7. Reviewing policy for regulatory updates
  8. Documenting exceptions with justification
  9. Enforcing disciplinary measures for violations
  10. Using policy as a foundation for audits
  11. Updating policy for new technology adoption
  12. Training managers on policy enforcement
Module 11. Managing Third-Party Relationships
Ensure service providers comply with PCI DSS and maintain accountability for their portion of the environment.
12 chapters in this module
  1. Requiring PCI compliance from all third parties
  2. Reviewing vendor self-assessment questionnaires
  3. Validating assessor reports for critical partners
  4. Including compliance clauses in contracts
  5. Monitoring ongoing compliance through audits
  6. Managing onboarding of new payment processors
  7. Assessing cloud provider responsibilities
  8. Handling subcontractor compliance oversight
  9. Documenting shared responsibility models
  10. Creating vendor risk scoring frameworks
  11. Training procurement teams on PCI questions
  12. Establishing exit protocols for terminated vendors
Module 12. Preparing for and Managing the PCI Assessment
Streamline the validation process with organized documentation, stakeholder alignment, and evidence readiness.
12 chapters in this module
  1. Assigning roles for assessment preparation
  2. Gathering evidence in advance of assessor visits
  3. Conducting internal readiness reviews
  4. Responding to assessor questions accurately
  5. Documenting compensating controls clearly
  6. Using gap analysis to prioritize fixes
  7. Coordinating interviews across teams
  8. Presenting control narratives with confidence
  9. Tracking findings and remediation timelines
  10. Leveraging past reports for efficiency
  11. Maintaining ongoing compliance post-assessment
  12. Creating a sustainable review cycle for future years

How this maps to your situation

  • Addressing multi-system complexity in financial platforms
  • Aligning PCI DSS with parallel compliance efforts
  • Scaling controls across evolving technology environments
  • Maintaining consistency amid organizational changes

Before vs. after

Before
Disjointed, reactive compliance cycles with inconsistent evidence and stakeholder alignment.
After
Confident, repeatable execution of PCI DSS requirements across teams and systems with prepared documentation and clear ownership.

What's included with your purchase

  • 12 modules with 12 chapters each (144 chapters)
  • Downloadable templates and worked examples for every module
  • Hand-built implementation playbook delivered alongside course access
  • 30-day money-back guarantee

Delivery and format

  • Course and learning environment access provisioned within 24 hours of purchase
  • Hand-built implementation playbook delivered alongside course access

Format: Text-based modules and chapters in the Art of Service learning environment, plus downloadable templates and worked examples for every chapter, plus the hand-built implementation playbook delivered alongside course access.

Time investment: 90 minutes total, self-paced, designed to fit within a single weekend morning or extended lunch break.

If nothing changes
Without a structured approach, PCI compliance remains fragile , dependent on individual knowledge, vulnerable to scope changes, and prone to audit findings that could affect client trust and regulatory standing.

How this compares to the alternatives

Unlike generic PCI DSS overviews or one-size-fits-all compliance courses, this program is tailored to the operational realities of financial services, integrates with existing risk frameworks like SOX and GLBA, and focuses on practical implementation rather than theoretical knowledge.

Frequently asked

Is this course only for QSA-certified professionals?
No , this course is designed for practitioners implementing and maintaining PCI DSS in real environments, regardless of certification.
How is the course structured?
12 modules, each containing 12 chapters (144 chapters total).
Will this help with our next PCI audit?
Yes , every module includes templates and checklists directly applicable to evidence collection, scoping, and control validation for assessors.
$199 one-time. 90 minutes total, self-paced, designed to fit within a single weekend morning or extended lunch break..

Within 24 hours your account in the learning environment is provisioned and the tailored implementation playbook is delivered alongside it.

30-day money-back guarantee· 144 chapters· Hand-built playbook included· Account access within 24 hours