Training in PCI Compliance

Compliance and Audit Group creates a division aimed at helping retailers comply with PCI credit card standards. TurboPCI offers education and training for retailers.

A security assessor company is creating a division within its company that will focus on offering education, training and validation to help retailer comply with PCI DSS (Payment Card Industry Data Security Standards).

Compliance and Audit Group announced its TurboPCI unit July 8.

TurboPCI offers a blended learning system that includes programmed instructional workbooks, workshops, and a secure online portal.

"Retailers come in all sizes, shapes and colors," said Suzanne Miller, senior partner of TurboPCI. "Some like to learn while holding something in their hand and some like to learn online. We let the merchants educate themselves."

Miller said the content available online is the same as that available in workbooks and workshops, and all technology used is based upon programmed learning instructional methodology. The portal is a hosted solution that stores no cookies on the user's browser and meets current security best practices.

According to Miller, TurboPCI allows each user to identify how they specifically process credit cards.

"Depending on what type of merchant they are and how they use credit card data, we will lead them through the compliance they need for validation," she said. "It's not an easy process."

Miller said TurboPCI can educate retailers of any size about the specific tasks they need to follow to achieve PCI compliance.

"Step by step, they learn about policies they need to follow, what forms they need to fill out, how to fill them out, when to review them, and where to store them," she said. "We lead them through the 214 requirements step by step, following the best security practices of today."

Miller said TurboPCI is especially important because retailers who do not comply with PCI DSS requirements will lose the ability to accept credit cards.

"You can imagine the impact of that," she said. "It's amazing how many merchants don't know that yet."

A 2008 report from research firm Aberdeen Group illustrates the efforts retailers have been making to comply with PCI DSS regulations.

"Public disclosures of security breaches involving consumer cardholder data continue to be a threat to consumer confidence in payment cards, and a growing source of financial risk for the payment card industry," the report states.

In response, the report indicates that the payment card industry has made steady progress in establishing common security standards and best practices, with best-in-class retailers achieving "superior protection" via PCI DSS and even laggards making "encouraging gains."

Dan Berthiaume covers the retail space for eWEEK. For more industry news, check out's Retail Site.