About Us

PCI Security Standards Council

We strengthen global payment security with payment security standards and resources that are:

Industry-Driven

Forward-Looking

Collaborative

Payment Security Standards and Resources

PCI SSC standards and resources help protect the people, processes, and technologies across the payment ecosystem to help secure payments worldwide.

We Help Secure Payments By:

Industry-Driven

Our standards and resources are powered with feedback from the industry. This input is crucial to reflect industry needs and challenges and continue to keep global payments safe.

Through Participation with the Council Stakeholders Can:

icon-industry-driven-1.png
forward-looking-large-1.png

Forward-Looking

Staying ahead of threats is key. Our standards and resources are developed considering both emerging and established payment technologies and threats.

By Focusing on the Future, We:

Collaborative

The Council facilitates industry knowledge sharing to help protect global payments.

The Council Fosters Industry Collaboration Through:

Group-2-1.png

PCI SSC Organizational Structure

The PCI SSC is led by a policy-setting Executive Committee composed of representatives from the Founding Members and Strategic Members.

A Board of Advisors, representing and elected by Participating Organizations, provides input to the organization and feedback on the evolution of the PCI Standards.

Day-to-day management of the Council’s activities is led by the PCI SSC Leadership Team, which reports to the Executive Committee.

Who Follows PCI Standards?

The PCI Data Security Standard (PCI DSS) and other applicable PCI Standards are intended for entities that store, process or transmit payment account data, entities accepting or processing payment transactions, and for developers and manufacturers of software and devices used in those transactions.

Does the PCI Security Standards Council enforce compliance?

No. The Council’s role is to develop and maintain standards. We do not monitor the implementation of standards. Whether an entity is required to comply with or validate compliance to a PCI SSC standard is at the discretion of organizations that manage compliance programs, such as a payment brand, acquirer, or other entity. Visit the FAQ page for more information.