- Visually engaging animated explainers
- Concise, structured micro-learning modules
- Scenario-based interactive decision-making exercises
- Compliance-aligned regulatory examples
- Integrated knowledge checks and quizzes
- Comprehensive final assessment with certification
Learning Objectives
By the end of PCI DSS v3.2 Cashier & Payments Handler Compliance Training, learners will be able to:
- Explain the six PCI DSS goals and their purpose
- Identify and securely handle sensitive cardholder information
- Apply best practices to prevent and detect fraudulent transactions
- Perform Code-10 authorisation calls when card fraud is suspected
Why PCI DSS v3.2 Cashier and Payments Handler Compliance eLearning Training?
Directly mitigates financial loss from card fraud and chargebacks
The training equips frontline staff to identify fraudulent card-present and card-not-present transactions, perform card authentication checks, and initiate Code-10 authorisations, significantly reducing fraud-related chargebacks that merchants are contractually liable to absorb.
Addresses the single biggest cause of payment data breaches: human error
The course explicitly tackles social engineering risks (phishing, pretexting, baiting, tailgating) and unsafe handling behaviours, which industry evidence consistently links to the majority of data breaches, making training a critical preventive control rather than a theoretical requirement.
Protects customer trust and brand reputation at the point of payment
Payment handlers are the final line of defence in safeguarding cardholder data. Training ensures cards remain visible, PINs are shielded, receipts are securely stored, and sensitive data is never verbally repeated or transmitted insecurely - directly reinforcing customer confidence.
Clarifies individual accountability through role-based controls
The course reinforces PCI requirements such as unique user IDs, access control, secure logins, and transaction traceability, enabling employers to clearly map actions to individuals and demonstrate governance and oversight in the event of investigations.
Scales compliance consistently across distributed retail and payment environments
With structured, scenario-based instruction for cashiers, payment handlers, and supervisors, the training ensures consistent PCI-aligned behaviour across locations, shifts, and teams, reducing variability and control gaps.
Laws & Regulations Addressed in PCI DSS v3.2 Cashier and Payments Handler Compliance eLearning Training:
| Legislation / Concept | Relevance in the Course |
|---|---|
| Payment Card Industry Data Security Standard (PCI DSS v3.2) | The course operationalizes PCI DSS requirements for employees who handle card payments by training them on secure handling of cardholder data, fraud prevention, access controls, social-engineering risks, and incident response (including Code-10 calls), enabling organisations to meet PCI DSS compliance obligations and reduce fraud, chargebacks, penalties, and data-breach risk. |
Course's Screenshots
Course Structure
Learning elements
Format & accessibility
Fully responsive interface across desktop, tablet, and mobile -complete with a learner dashboard, progress tracking, automated reminder prompts, and seamless integration with your existing LMS or HR systems.
Certificate
On successful completion and passing the assessment, learners can generate a completion certificate as proof of training (configurable per org).
Target Audience
The course is tailored for:
- Cashiers and frontline staff handling card-present transactions
- Employees processing card-not-present (phone, email, or online) payments
- Retail, hospitality, and service staff with access to PoS systems
- Payment handlers responsible for verifying card authenticity and preventing fraud
- Employees authorised to store, access, or manage cardholder data and transaction receipts
- Supervisors and managers overseeing payment operations and escalation (e.g., Code-10 calls)
Case Studies: Real Consequences of Non-Compliance
PCI DSS awareness training is mandatory for organisations that handle cardholder data. Under PCI DSS Requirement 12.6, organisations must provide security awareness training to personnel who process, store, or transmit cardholder data, ensuring employees understand payment-data risks and follow secure handling practices as part of ongoing PCI DSS compliance.
Below are real cases where orgs faced financial penalties, regulatory action, or severe business impact due to failures that PCI DSS training is specifically designed to help reduce the risk of:
- Home Depot (2014 – Payment Card Breach)
Home Depot suffered a breach affecting approximately 56 million payment card numbers after attackers exploited weaknesses in point-of-sale systems. Investigations highlighted inadequate controls and monitoring at the payment-handling level. The company paid over USD 200 million in settlements, remediation costs, and card-brand penalties - costs that PCI DSS-aligned employee practices are intended to mitigate. - British Airways (2018 – Payment Data Compromise)
British Airways was fined £20 million by the UK ICO following a breach that exposed customer payment data. While GDPR was the enforcement mechanism, investigations highlighted weaknesses in payment data protection controls and monitoring - areas directly addressed through PCI DSS training and secure payment-handling practices.
Course Outline
PCI Council and PCI DSS Goals
Why should I know or follow the PCI DSS Guidelines?
Customer Payments Handler
- Card-Present
- Card-Not-Present
PCI DSS Requirements
Social Engineering
Types of Social Engineering:
- Phishing
- Pretexting
- Baiting
- Tailgating
Code – 10 Calls
Do’s and Don’ts
Total Duration: 45 Mins
FAQs
PCI DSS requires organisations to ensure that employees who handle cardholder data understand secure payment-handling practices, fraud risks, and data-protection responsibilities to prevent breaches, penalties, and chargebacks.
The PCI Council, formally known as the Payment Card Industry Security Standards Council (PCI SSC), is the body formed in 2005 by major card brands - Visa, Mastercard, American Express, Discover, and JCB - to develop and maintain the PCI Data Security Standard (PCI DSS). The Council establishes security guidelines for organisations that store, process, or transmit cardholder data, helping ensure consistent and secure payment practices across the global payment ecosystem.
Yes. PCI DSS awareness training is mandatory in practice under Requirement 12.6 for organisations that accept, process, store, or transmit cardholder data, and is enforced through card-brand and acquiring-bank compliance obligations.
Cashiers, payment handlers, and any staff involved in card-present or card-not-present transactions, as well as supervisors overseeing payment operations, should complete this training.
The course reduces fraud, chargebacks, and data-breach risk by training employees to securely handle card data, recognise social-engineering attacks, and escalate suspicious activity appropriately.
Yes. Completion records provide documented evidence of employee awareness and due diligence, which is routinely expected during PCI DSS audits, forensic investigations, and bank reviews.
Lack of training can lead to PCI non-compliance findings, increased transaction fees, financial penalties, mandatory forensic audits, reputational damage, or suspension of card-processing privileges.
Yes. The course uses practical scenarios such as card authentication, declined transactions, Code-10 calls, and social-engineering attempts to reinforce correct behaviour at the point of payment.
The IT security team is responsible for implementing and maintaining PCI DSS technical controls (such as firewalls, system security, monitoring, and testing), while this training ensures employees correctly follow those controls in daily payment operations - together forming a complete, auditable PCI DSS compliance framework.
PCI DSS expects security awareness training to be ongoing. Most organisations deliver this training at onboarding and refresh it annually or whenever payment-handling processes change.
Yes, we have a separate course called Succeed PCI DSS that covers the application to Merchants, Processors, Service Providers and Acquirers outlining the PCI DSS definitions and requirements.
The delivery is fully flexible. If you have an in-house LMS, we can provide the course as a SCORM-compliant package. If not, we offer a seamless SaaS-based hosting option for easy access and deployment.
SucceedLEARN is a product of Succeed Technologies®, a dynamic organization that aims to revolutionize how people learn online and simplify Compliance eLearning for organizations across the globe.