Payment Card Industry Security Standards Council

The Payment Card Industry Security Standards Council (PCI SSC) was formed by American Express, Discover Financial Services, JCB International, MasterCard and Visa Inc. on September 7, 2006, with the goal of managing the ongoing evolution of the Payment Card Industry Data Security Standard.

The Payment Card Industry Data Security Standard (PCI DSS) consists of twelve significant requirements including multiple sub-requirements, which contain numerous directives against which businesses may measure their own payment card security policies, procedures and guidelines.

To address rising cybersecurity risks to the payment ecosystem, the PCI SSC currently manages 15 standards for payment security, which are variously applicable to payment card issuers, merchants and service providers, vendors and solution providers, and acquirers and processors. More recently, the PCI SSC has collaborated with EMVCo, to provide the security requirements, testing procedures and assessor training to support the EMV 3-D Secure v2.0 standard.

Membership and participation
Members of the PCI Security Standards Council include an Executive Committee of six major payment brands: American Express, Discover Financial Services, JCB International, MasterCard, Visa Inc., and UnionPay. The executives and management of the PCI SSC are supported by 30 companies comprising the Board of Advisors, and other stakeholder advisory groups such as assessor companies and regional boards.

Interested parties can participate in the development of the PCI security standards through member registration as a Participating Organization. Currently, there are more than 700 Participating Organizations from more than 60 countries. These participants are organized into Special Interest Groups, which are tasked with recommending revisions to and the further development of the various security standards maintained by the PCI SSC.