The PCI Security Standards Council is a global open body formed to develop, enhance, disseminate and assist with the understanding of security standards for payment account security.
The Council maintains, evolves, and promotes the Payment Card Industry Security Standards. It also provides critical tools needed for implementation of the standards such as assessment and scanning qualifications, self-assessment questionnaires, training and education, and product certification programs.
The Council's founding members, American Express, Discover Financial Services, JCB International, MasterCard, and Visa Inc., have agreed to incorporate the PCI Data Security Standard (PCI DSS) as part of the technical requirements for each of their data security compliance programs. Each founding member also recognizes the Qualified Security Assessors and Approved Scanning Vendors qualified by the PCI Security Standards Council.
All five payment brands, along with Strategic Members, share equally in the Council's governance, have equal input into the PCI Security Standards Council and share responsibility for carrying out the work of the organization. Other industry stakeholders are encouraged to join the Council as Strategic or Affiliate members and Participating Organizations to review proposed additions or modifications to the standards. Participating Organizations may include merchants, banks, processors, hardware and software developers, and point-of-sale vendors.
Note that enforcement of compliance with the PCI DSS and determination of any non-compliance penalties are carried out by the individual payment brands and not by the Council. Any questions in those areas should be directed to the payment brands.
The PCI Security Standards Council is led by a policy-setting Executive Committee, composed of representatives from the five founding global payment brands and Strategic Members.
The Standards and Operations Committees drive activity across various work domains. The committees are comprised of participants from the founding and Strategic Membership and employees of the Council.
The Standards Committee is responsible for maintaining PCI Standards and all other Council technical work product, and developing and managing new Working Groups, Special Interest Groups and Taskforces on technical matters.
The Operations Committee is responsible for managing the Council’s day-to-day operational functions and provides recommendations, suggestions and guidance to the Executive Committee regarding corporate and operational matters.
Learn more here about how you can participate and the benefits of joining PCI SSC.
A Working Group is created to perform a specific range of work, such as the development and/or maintenance of a Standard and supporting materials of that standard. Working Groups operate under the direction of the Standards Committee and are open to Founding, Strategic and Affiliate Members.
A Taskforce is created to work on specific PCI Standards initiatives that require additional commitment of time and resources and which may impact multiple Working Groups or standards. The Taskforce provides recommendations, guidance, research, and subject matter expertise to be used in the development of Council programs, PCI Standards, or guidance. A Taskforce is directed by the related Chairs of the Working Group(s) and/or Special Interest Group, and may be comprised of Founding, Strategic and Affiliate members, appointed subject matter experts and members of the Council community.
Special Interest Groups are elected by the Participating Organization members and leverage industry members business and technical experience in assisting the Council in analyzing payment card industry challenges with respect to securing cardholder data. Each SIG is formed to address a specific industry or technological challenge, and recommend changes, clarifications or improvements to corresponding PCI Standards and supporting programs.