About Us

About Us

Who We Are

The PCI Security Standards Council (PCI SSC) is a global forum for the ongoing development, enhancement, storage, dissemination and implementation of security standards for account data protection. Our role is to enhance global payment account data security by developing standards and supporting services that drive education, awareness, and effective implementation by stakeholders. We achieve this with a strategic framework to guide our decision-making process and ensure that every initiative is aligned with our mission and supports the needs of the global payments industry.

The four pillars of our strategic framework include:

icon1

Increase industry participation and knowledge

icon2

Evolve security standards and validation programs

icon3

Secure emerging payment channels

icon4

Increase standards alignment and consistency

Payment Security Standards and Resources

We help secure global payment data with payment security standards and resources that are industry-driven, forward-looking, and collaborative. PCI SSC standards and resources help protect the people, processes, and technologies across the payment ecosystem to help secure payments worldwide. We help secure payments by:

  • Managing Global Payment Security Standards
  • Validating and Listing Products and Solutions that Meet PCI SSC Standards and Program Requirements
  • Training, Testing, and Qualifying Security Professionals and Organizations
  • Providing Free Best Practices and Payment Security Resources
Industry-Driven_10a899

Industry-Driven

Our standards and resources are powered with feedback from the industry. This input is crucial to reflect industry needs and challenges and continue to keep global payments safe.

Through Participation with the Council Stakeholders Can:

  • Provide Strategic Input into Direction of the Council
  • Contribute Feedback on Standards
  • Stand For and Elect the Council’s Board of Advisors
  • Ensure Guidance and Training Keeps Pace with Threat Landscape
Forward-Thinking

Forward-Looking

Staying ahead of threats is key. Our standards and resources are developed considering both emerging and established payment technologies and threats.

By Focusing on the Future, We:

  • Encourage Flexibility to Adapt to Changing Threats
  • Promote and Accommodate Technology Innovation
  • Support Continuous Security
Collaborative

Collaborative

The Council facilitates industry knowledge sharing to help protect global payments.

The Council Fosters Industry Collaboration Through:

  • Global Events Designed for the Industry to Share Knowledge and Network
  • Hosting Special Interest Groups that Tackle Industry Identified Payment Security Challenges

Industry-Driven

Our standards and resources are powered with feedback from the industry. This input is crucial to reflect industry needs and challenges and continue to keep global payments safe.

Through Participation with the Council Stakeholders Can:

  • Provide Strategic Input into Direction of the Council
  • Contribute Feedback on Standards
  • Stand For and Elect the Council’s Board of Advisors
  • Ensure Guidance and Training Keeps Pace with Threat Landscape
icon-industry-driven-1.png
forward-looking-large-1.png

Forward-Looking

Staying ahead of threats is key. Our standards and resources are developed considering both emerging and established payment technologies and threats.

By Focusing on the Future, We:

  • Encourage Flexibility to Adapt to Changing Threats
  • Promote and Accommodate Technology Innovation
  • Support Continuous Security

Collaborative

The Council facilitates industry knowledge sharing to help protect global payments.

The Council Fosters Industry Collaboration Through:

  • Global Events Designed for the Industry to Share Knowledge and Network
  • Hosting Special Interest Groups that Tackle Industry Identified Payment Security Challenges
Group-2-1.png

Stakeholder Community

Broad industry participation is critical to the Council’s mission to help secure payment data globally.

Join the Council today through one of our many participation avenues:

Principal Participating Organizations

Principal Participating Organizations

The Principal Participating Organization level of participation is for organizations that want a seat at the table, a deeper level of collaboration with the Council on key initiatives as well as access to exclusive, Principal Member-only events.

Learn More
Associate Participating Organizations

Associate Participating Organizations

The Associate Participating Organization level of participation is for organizations that want to have regular dialogue with key stakeholders and have the opportunity to provide guidance and expertise on Council initiatives.

Learn More
Individual Participants

Individual Participants

Individual participation is for individuals who may not be able to join at the organizational level but would like access to selected Council publications, resources, and other benefits.

Learn More
Affiliate Members

Affiliate Members

Affiliate membership is open to regional and national organizations that define standards and influence adoption by their constituents who process, store or transmit payment data.

Learn More
Strategic Members

Strategic Members

Strategic membership is open to multinational payment acceptance brands with demonstrated commitment to PCI Security Standards.

Learn More
LEARN ABOUT OTHER WAYS TO GET INVOLVED

PCI SSC Organizational Structure

The PCI SSC is led by a policy-setting Executive Committee composed of representatives from the Founding Members and Strategic Members.

A Board of Advisors, representing and elected by Participating Organizations, provides input to the organization and feedback on the evolution of the PCI Standards. In addition, the Roadmap Roundtable Group (RRG) works with PCI SSC and the Executive Committee to provide input and direction on PCI SSC strategic initiatives.

Day-to-day management of the Council’s activities is led by the PCI SSC Leadership Team, which reports to the Executive Committee.

PCI-Governance
Board of Advisors

Board of Advisors

The Board of Advisors represents PCI SSC Participating Organizations worldwide to ensure global industry involvement in the development of PCI Security Standards. As strategic partners, they bring market, geographical and technical insight into PCI SSC plans and projects.

Learn More
Executive Committee

Executive Committee

Policy-setting committee, composed of representatives from the Founding Members, Strategic Members, and employees of the Council.

View the Executive Committee Members
Founding Members

Founding Members

The Council was founded in 2006 by American Express, Discover, JCB International, MasterCard and Visa Inc. Founding Members share equally in ownership, governance, and execution of the organization’s work. Each incorporates the PCI Data Security Standard (PCI DSS) as part of the technical requirements for their respective data security compliance programs. Founding Members also recognize assessors qualified by the PCI SSC.

View the Founding Members
Global Executive Assessor Roundtable

Global Executive Assessor Roundtable

The Global Executive Assessor Roundtable is a forum for senior leadership of PCI Assessor companies to provide advice, feedback, and guidance to the PCI SSC, representing the perspectives of the PCI assessor community.

Learn More
PCI SSC Leadership Team

PCI SSC Leadership Team

Day-to-day management of the Council’s activities is led by the PCI SSC Leadership Team, which reports to the Executive Committee.

View the Leadership Team
Regional Engagement Board

Regional Engagement Board

Regional Engagement Boards serve as advisors to the PCI SSC on payment data security issues in specific geographies and markets.

Learn More
Roadmap Roundtable Group

Roadmap Roundtable Group

The Roadmap Roundtable Group (RRG) is open to Principal Participating Organizations. This group works together with the PCI SSC Senior Team and Executive Committee to provide input and direction to PCI SSC strategic initiatives.

Learn More
Technology Guidance Group

Technology Guidance Group

The Technology Guidance Group (TGG) provides opportunities for Principal Participating Organizations to share knowledge and experience regarding technological developments and direction in the payments industry.

Learn More

Who Follows PCI Standards?

The PCI Data Security Standard (PCI DSS) and other applicable PCI Standards are intended for entities that store, process or transmit payment account data, entities accepting or processing payment transactions, and for developers and manufacturers of software and devices used in those transactions.

Does the PCI Security Standards Council enforce compliance?

No. The Council’s role is to develop and maintain standards. We do not monitor the implementation of standards. Whether an entity is required to comply with or validate compliance to a PCI SSC standard is at the discretion of organizations that manage compliance programs, such as a payment brand, acquirer, or other entity. Visit the FAQ page for more information.

Icon

Careers at PCI SSC

Icon
Icon

Policies

Icon
Icon

Contact Us

Icon