CyberSek
Compliance Training/PCI DSS
Global — card brands · Security Awareness Training

PCI DSS
Employee Awareness Training

PCI DSS Requirement 12.6 mandates security awareness training for everyone who handles cardholder data. CyberSek delivers it with the QSA-ready records your audit requires.

Req 12.6
Training Mandatory for All Staff
12.6.3.1
New Phishing Training (v4.0)
At Hire
Then Annual + CDE Access
CyberSek Platform Preview
Add CyberSek PCI DSS training
dashboard screenshot here
8+
Modules
100%
Completion Tracked
Auto
Audit Records
Understanding PCI DSS

What is Payment Card Industry Data Security Standard v4.0?

PCI DSS is the global standard for any organisation that stores, processes or transmits payment card data. Compliance is a condition of accepting card payments, enforced by Visa, Mastercard, American Express, Discover and JCB.

Requirement 12.6 mandates a security awareness programme for all personnel. PCI DSS v4.0, effective March 2025, added Requirement 12.6.3.1 — explicit phishing awareness training. Training is required at hire, annually, and when staff get access to the Cardholder Data Environment.

Non-compliance results in monthly fines, mandatory forensic investigations after breaches, and suspension of card processing — which is existential for most businesses. CyberSek gives you the training and records QSA auditors need.

Training Video 1
PCI DSS Explained — For Everyone Who Handles Payments
Paste your video URL here
PCI DSS Explained — For Everyone Who Handles Payments
A clear introduction to PCI DSS for all payment-handling staff — what cardholder data is, why it’s protected, and what every employee must do.
Why Awareness Training Matters

What Happens Without
PCI DSS Employee Awareness?

Most compliance failures trace back to employees who weren’t trained. Here’s what’s at stake.

Card processing suspension can end the business
Losing card payment processing is catastrophic for most merchants. Monthly fines are the warning before suspension arrives.
Phishing training is now a v4.0 requirement
Requirement 12.6.3.1 is a new mandate in PCI DSS v4.0. QSAs specifically test for it. Not having it is an automatic finding from March 2025.
Payment staff are prime targets
Call centre, accounts payable and customer service staff are deliberately targeted by fraudsters. Their training directly reduces card data theft.
Forensic investigation costs after breach
A card data breach triggers mandatory PCI forensic investigations costing tens of thousands before fines and remediation even begin.
Reputational damage with card brands
Repeated compliance failures are noted by card brands. Merchants with persistent issues face stricter requirements and higher scrutiny.
CyberSek in Action
Add screenshot of PCI DSS training module
from CyberSek dashboard here
What employees learn:
Employees learn what cardholder data is, why it’s targeted, how to handle it safely, how to spot phishing aimed at payment staff, and what to do if a potential compromise occurs.
How CyberSek Helps

PCI DSS Awareness Training — Simple, Trackable, Audit-Ready

CyberSek provides the employee awareness training PCI DSS Requirement 12.6 mandates. We give payment-handling staff the knowledge they need and the records your QSA will ask for. We do not assess or certify PCI DSS compliance.

PCI DSS Requirement 12.6 compliant programme with QSA-ready completion records per employee
Phishing awareness training satisfying the new Requirement 12.6.3.1 in v4.0
Role-based modules for call centre, accounts payable, e-commerce, and developer teams
New hire automation — Requirement 12.6 mandates training at hire, not just annually
Annual calendar with automated reminders so compliance never lapses between audits
Completion certificates exportable per employee for your QSA audit package
Training Library

PCI DSS Awareness Modules

2–5 minute video modules. Completion tracked automatically. Certificate issued per employee. Reports ready for auditors.

PCI DSS Basics for All Staff
What cardholder data is, why it’s targeted globally, and what compliance means for every employee
Phishing Targeting Payment Processes
How attackers target card-handling staff specifically — with real scenarios and recognition skills
Social Engineering in Payment Environments
Voice phishing, pretexting, and impersonation attacks targeting accounts payable and call centres
Safe Cardholder Data Handling
Screen privacy, clean desk, printing CHD, secure disposal, and everyday handling procedures
Secure Coding Awareness for CDE Developers
OWASP Top 10 and secure development habits for developers who build or maintain payment systems
Incident Recognition and Escalation
Spotting a potential card data compromise and the exact internal escalation steps to take
Third-Party and Vendor Awareness
Supply chain attack awareness and considerations when third parties access your payment environment
Remote Access Security for Payment Systems
Securing remote connections to payment environments and the unique risks they create
Training Video 2
Phishing and Social Engineering Targeting Payment Staff
Paste your video URL here
Phishing and Social Engineering Targeting Payment Staff
Real attack scenarios targeting accounts payable, call centre, and e-commerce teams — how they work and practical skills to stop them.
Compliance Evidence Generated
Add screenshot of completion certificates
and compliance reports here
Completion Certificate
Per employee, per module
Compliance Report
Export-ready for auditors
Policy Acknowledgement
Timestamped + IP recorded
Team Coverage View
See who is pending instantly
FAQ

PCI DSS Training Questions

Does CyberSek certify us for PCI DSS?
Does every employee need PCI DSS training?
What changed for training in v4.0?
How long must we keep training records?

Train Your Team on
PCI DSS Today

Short, engaging videos your employees will actually watch — plus completion records, policy acknowledgements, and reports your compliance team needs.

7-day free trial. No credit card. Deploy to your whole team in under 10 minutes.

Start Free Trial Talk to Sales
Also available: ISO 27001 · GDPR · HIPAA · NIS2 · SOC 2 · DPDPA