The PCI Security Standards Council touches the lives of hundreds of millions of people worldwide. A global organization, it maintains, evolves and promotes Payment Card Industry standards for the safety of cardholder data across the globe.
We serve those who work with and are associated with payment cards. This includes: merchants of all sizes, financial institutions, point-of-sale vendors, and hardware and software developers who create and operate the global infrastructure for processing payments.
There are two priorities for our work:
“Over the course of several years now, the PCI Security Standards Council has done a laudable job at defining and evolving a cohesive set of standards, as well as at listening and adapting over time to the feedback from merchants, banks, payment processors, service providers, and technology providers.”
- Derek Brink, Vice President and Research Fellow, Aberdeen Group
The Council was founded in 2006 by American Express, Discover, JCB International, Mastercard and Visa Inc. They share equally in ownership, governance, and execution of the Council's work.
From customers to merchants and financial institutions, the security of cardholder data affects everybody. Discover how securing cardholder data can help preserve customer trust, ensure compliance, and benefit your organization in the long term.
Maintaining payment security is required for all entities that store, process or transmit cardholder data. Guidance for maintaining payment security is provided in PCI security standards. These set the technical and operational requirements for organizations accepting or processing payment transactions, and for software developers and manufacturers of applications and devices used in those transactions.
Following guidance in the PCI Data Security Standard helps keep your cyber defenses primed against attacks aimed at stealing cardholder data.
Most small merchants can use a self-validation tool to assess their level of cardholder data security. The Self-Assessment Questionnaire includes a series of questions for each applicable PCI Data Security Standard requirement. There are different SAQs available for a variety of merchant environments.