About Us

Who We Are

The PCI Security Standards Council (PCI SSC) is a global forum for the ongoing development, enhancement, storage, dissemination and implementation of security standards for account data protection. Our role is to enhance global payment account data security by developing standards and supporting services that drive education, awareness, and effective implementation by stakeholders. We achieve this with a strategic framework to guide our decision-making process and ensure that every initiative is aligned with our mission and supports the needs of the global payments industry.

The four pillars of our strategic framework include:

icon1

Increase industry participation and knowledge

icon2

Evolve security standards and validation programs

icon3

Secure emerging payment channels

icon4

Increase standards alignment and consistency

Payment Security Standards and Resources

We help secure global payment data with payment security standards and resources that are industry-driven, forward-looking, and collaborative. PCI SSC standards and resources help protect the people, processes, and technologies across the payment ecosystem to help secure payments worldwide. We help secure payments by:

Industry-Driven_10a899

Industry-Driven

Our standards and resources are powered with feedback from the industry. This input is crucial to reflect industry needs and challenges and continue to keep global payments safe.

Through Participation with the Council Stakeholders Can:

Forward-Thinking

Forward-Looking

Staying ahead of threats is key. Our standards and resources are developed considering both emerging and established payment technologies and threats.

By Focusing on the Future, We:

Collaborative

Collaborative

The Council facilitates industry knowledge sharing to help protect global payments.

The Council Fosters Industry Collaboration Through:

Industry-Driven

Our standards and resources are powered with feedback from the industry. This input is crucial to reflect industry needs and challenges and continue to keep global payments safe.

Through Participation with the Council Stakeholders Can:

icon-industry-driven-1.png
forward-looking-large-1.png

Forward-Looking

Staying ahead of threats is key. Our standards and resources are developed considering both emerging and established payment technologies and threats.

By Focusing on the Future, We:

Collaborative

The Council facilitates industry knowledge sharing to help protect global payments.

The Council Fosters Industry Collaboration Through:

Group-2-1.png

PCI SSC Organizational Structure

The PCI SSC is led by a policy-setting Executive Committee composed of representatives from the Founding Members and Strategic Members.

A Board of Advisors, representing and elected by Participating Organizations, provides input to the organization and feedback on the evolution of the PCI Standards. In addition, the Roadmap Roundtable Group (RRG) works with PCI SSC and the Executive Committee to provide input and direction on PCI SSC strategic initiatives.

Day-to-day management of the Council’s activities is led by the PCI SSC Leadership Team, which reports to the Executive Committee.

PCI-Governance

Who Follows PCI Standards?

The PCI Data Security Standard (PCI DSS) and other applicable PCI Standards are intended for entities that store, process or transmit payment account data, entities accepting or processing payment transactions, and for developers and manufacturers of software and devices used in those transactions.

Does the PCI Security Standards Council enforce compliance?

No. The Council’s role is to develop and maintain standards. We do not monitor the implementation of standards. Whether an entity is required to comply with or validate compliance to a PCI SSC standard is at the discretion of organizations that manage compliance programs, such as a payment brand, acquirer, or other entity. Visit the FAQ page for more information.