HR trends shaping the future of work in 2025
Ethics and compliance
If your company accepts credit or debit card transactions, you’re likely familiar with the Payment Card Industry Data Security Standard (PCI-DSS). But how confident are you that your employees understand their role in keeping sensitive cardholder data secure? With 70% of consumers preferring to pay with credit and debit cards over cash when making purchases, […]
If your company accepts credit or debit card transactions, you’re likely familiar with the Payment Card Industry Data Security Standard (PCI-DSS). But how confident are you that your employees understand their role in keeping sensitive cardholder data secure?
With 70% of consumers preferring to pay with credit and debit cards over cash when making purchases, it’s the responsibility of businesses accepting this convenient form of customer payment to comply with rules protecting cardholder data. Annually training your employees on how to properly accept, transmit and store card transactions protects your business against fraud and data breaches, penalties and reputational harm.
PCI-DSS is a set of security standards designed to protect cardholder data, maintain the trust of your customers and the integrity of your brand. Enacted in 2024, the standards are set by major credit card companies, including Visa, MasterCard, JCB, American Express and Discover.
Any business that processes, stores or transmits credit card information must adhere to this standard, no matter the volume of transactions, the channel used to take card information (in-person, on the phone or online) or the size of the business.
In addition to setting payment security requirements for businesses, PCI-DSS requires merchants to “implement a formal security awareness program to make all personnel aware of the importance of cardholder data security” as well as educating personnel “upon hire and at least annually.”
“When a customer hands over a payment card to a business to make a purchase, it becomes the merchant’s responsibility to ensure the customer’s cardholder data will not be compromised,” said John Brushwood, Compliance Counsel at Traliant. “When merchants fail to keep up with PCI-DSS obligations and training, it increases the risk of credit card fraud and data breaches.”
Every employee who handles credit card transactions plays a role in safeguarding PCI-DSS data. But without proper training, how can they recognize risks or follow best practices?
This is where PCI training comes in. It educates all personnel about their roles and responsibilities in maintaining PCI DSS compliance and emphasizes the importance of vigilance and adherence to established security protocols.
So, what should PCI training for employees include? Here are some essentials:
A 2021 Verizon Payment Security Report found that 72% of companies failed to comply with PCI-DSS year-round. Businesses that fail to implement and adhere the proper PCI security measures and protocols not only risk exposing their customers to threats but can also face their own share of repercussions, including fines, transaction fees, and potentially, the revocation of card processing privileges for merchants.
Payment processors and credit card companies charge PCI non-compliance fines to make up for the potential losses caused by merchants’ lack of payment security. If non-compliant, a business can face fines of $5,000 to $100,000 per month or be stripped of payment processing services. Further, businesses liable for any fraud that takes place must compensate customers for losses, as well as the cost of credit monitoring fees, identity theft insurance and card replacement.
For HR and legal compliance professionals, PCI-DSS training is an investment in your organization’s security culture. Here are four reasons why merchants should ensure employees complete annual PCI-DSS training:
By investing in comprehensive PCI training for employees, you help secure your business against data breaches and make compliance a seamless part of your workplace culture.
With the right tools and resources, your HR and legal teams can ensure that every employee is confident in their ability to safeguard cardholder data—protecting your company’s reputation and bottom line.
Traliant’s PCI-DSS training explains the 12 key standards for protecting cardholder data and ensuring compliance. Through engaging, realistic scenarios and interactive exercises, employees will learn to identify potential payment card fraud, understand the steps to prevent it and help ensure the security of payment card transactions.