PCI DSS Requirement 12.6 isn't a generic PowerPoint presentation. Effective PCI security awareness means different things for a front-desk receptionist, an office manager, an IT administrator, and a business owner. ThreeShield delivers PCI training that speaks to what each person actually does - so it sticks, and so it actually reduces your risk.
A dental receptionist and a server administrator both touch systems in your cardholder data environment - but their security training needs are completely different.
Dental practices, clinics, and medical offices accepting card payments. Covers front desk, billing staff, and office managers. Addresses the specific social engineering attacks targeting medical offices - including insurance fraud calls and fake vendor payment requests. Satisfies both PCI DSS and Alberta HIA / HIPAA security awareness requirements simultaneously.
CPA firms, bookkeepers, and financial advisors that process client payments. Wire fraud and invoice manipulation attacks specifically target accounting staff - training addresses the actual scenarios your team faces. Includes both PCI DSS and CPA Canada framework awareness requirements.
Merchants, restaurants, hotels, and retail businesses with point-of-sale environments. Training covers physical security of card terminals, skimming device identification, staff-facing social engineering (fake card processor calls, "system update" scams), and proper handling procedures for declined cards and chargebacks.
System administrators, developers, and IT support staff with access to cardholder data environments. Covers network segmentation, secure coding practices for payment applications, log monitoring, and the technical requirements of PCI DSS that IT teams are accountable for. Includes PCI DSS v4.0.1 customized approach for developers.
Decision-makers who set policy and respond to incidents. Covers compliance obligations, breach notification requirements under PCI DSS and Canadian privacy law, cyber insurance implications, and how to recognize and respond to payment fraud. Includes vendor and QSA assessment process overview.
Staff processing payments or accessing cardholder data outside your main location. Covers secure remote access requirements, mobile device handling, public Wi-Fi risks, and the specific PCI DSS controls required for remote card-not-present processing environments.
At least annual security awareness training for all personnel. ThreeShield delivers and documents the annual training program with evidence suitable for SAQ completion and QSA review.
Training content must be reviewed and updated at least annually to reflect current threats. PCI DSS v4.0.1 is explicit that training must address the actual threat landscape - not a static presentation from three years ago.
PCI DSS v4.0.1 added a specific requirement for phishing and social engineering awareness. ThreeShield's training includes phishing simulation as an optional add-on to verify that awareness training is actually changing behavior.
Personnel must acknowledge acceptable use policies at least annually. ThreeShield provides policy acknowledgment documentation that satisfies PCI DSS requirement 12.6.3.2 as part of the training engagement.
Generic security awareness training satisfies a checkbox. Role-specific PCI training actually reduces the likelihood that your staff will be the reason a cardholder data breach happens. ThreeShield delivers both - and the documentation to prove it.
Book PCI DSS Training Book a Time Online →Also covers PCI DSS full compliance program · SAQ completion support · QSA audit preparation