Who we are
The PCI Security Standards Council (PCI SSC) is a global forum that brings together payments industry stakeholders to develop and drive adoption of data security standards and resources for safe payments worldwide. Learn more.
The PCI SSC mission is to enhance global payment account data security by developing standards and supporting services that drive education, awareness, and effective implementation by stakeholders. We achieve this with a strategic framework to guide our decision-making process and ensure that every initiative is aligned with our mission and supports the needs of the global payments industry.
The four pillars of our strategic framework include:
- Increase industry participation and knowledge in the PCI Standards development process and stakeholder support for standards implementation. This ensures that standards and resources reflect and address industry needs and challenges.
- Evolve security standards and validation programs to support a range of environments, technologies and methodologies for achieving security. This ensures standards and resources that support and enable safe commerce and the flexibility to use different approaches to meet those standards.
- Secure emerging payment channels via development of PCI Standards and resources to support broader payment acceptance. This enables safe commerce in new and emerging card and card-based payment channels such as mobile and internet-of-things.
- Increase standards alignment and consistency of PCI Standards to minimize redundancy and support effective implementation.
Collaborating with the Council
Securing payment data is not a solo act. It takes a community. View the Get Involved Overview for information on collaboration opportunities and how you can play an active part in the PCI SSC community. Watch this video to learn more about how collaboration is instrumental to the Council’s mission.
The Council was founded in 2006 by American Express, Discover, JCB International, MasterCard and Visa Inc. Founding Members share equally in ownership, governance, and execution of the organization’s work. Each incorporates the PCI Data Security Standard (PCI DSS) as part of the technical requirements for their respective data security compliance programs. Founding Members also recognize assessors qualified by the PCI SSC.
Enforcement of compliance with the PCI DSS and determination of any non-compliance penalties is not part of the Council’s scope of activities. Any questions in those areas should be directed to the payment brands or the entity responsible for payment processing.
The Management Committee drives activity across various work domains. It is comprised of participants from the Founding Members and Strategic Members and employees of the Council.
The Management Committee is responsible for:
- Maintaining PCI Standards and all other Council technical work products;
- Developing and managing new Working Groups, Special Interest Groups and Taskforces on technical matters;
- Managing the Council’s day-to-day operational functions;
- Providing recommendations, suggestions and guidance to the Executive Committee regarding corporate and operational matters.
Day-to-day management of the Council’s activities is led by the PCI SSC Leadership Team, which reports to the Executive Committee.
Payments industry participation is critical to the Council’s mission to help secure payment data globally. Toward this end, industry stakeholders are encouraged to join the Council as Strategic Members, Affiliate Members, and Participating Organizations. A key benefit of membership is the opportunity to contribute to the ongoing maintenance and development of PCI Security Standards. View the Get Involved Overview for more information on these membership opportunities and benefits.