Text size Increase Font-SizeDecrease Font-SizeReset Font-Size

Welcome to the PCI Security Standards
Council's resources for financial institutions!

How the Council Supports You

The major global payment brands require that every entity -- including financial institutions as well as merchants and service providers -- that stores, processes, or transmits payment card data, in every channel – including catalog and online retailers as well as brick-and-mortar businesses -- must be in compliance with the PCI Data Security Standard (PCI DSS).

Though the payment brands themselves determine, validate and enforce their PCI DSS compliance and reporting requirements, the PCI Security Standards Council provides a broad range of education, information and other resources on this website to assist with compliance efforts for your organization, your merchants, and your service provider partners.

Specific tools available (see links below) include A Prioritized Approach to the PCI DSS, the Internal Security Assessor Program and other training programs for acquirers and their customers, lists of qualified security professionals and approved vendors/products, and more. The Council is always open to feedback about what additional resources would be useful to financial institutions – learn how to get involved and communicate your ideas to us.

How the Council Supports Merchants -- Your Customers

The Council offers significant resources specifically to merchants pursuing compliance with PCI Security Standards. This support for merchant education also benefits financial institutions, whose customers are the merchants.

Whatever the requirements from individual banks, processors/service providers or payment brands that merchants must fulfill, the information offered by the Council makes it clear how vital it is for merchants to comply, then helps them start on the road to compliance. We have also segmented the resources to better serve the needs of different-sized businesses, from small storefronts to large corporations.

Protecting Cardholder Data Is Good For Your Business

  • Get Involved
    How you can influence the direction of PCI standards through your active involvement

  • Information Supplements
    Documents related to the security framework of the Payment Card Industry Data Security Standard (PCI DSS)

PCI SSC Merchant Resources
Comprehensive PCI Security Standards information focused on merchants' needs. Learn more

Small Merchants Only
Guide to PCI DSS compliance information, developed and collected especially for small businesses. Learn more

PCI Security Standards are technical and operational requirements set by the PCI Security Standards Council (PCI SSC) to protect cardholder data. The Council is responsible for managing the security standards, while compliance with the PCI Security Standards is enforced by the payment card brands. The standards apply to all organizations that store, process or transmit cardholder data – with guidance for software developers and manufacturers of applications and devices used in those transactions.

If you are a merchant that accepts payment cards, you are required to be compliant with the PCI Data Security Standard. You can find out your exact compliance requirements only from your payment brand or acquirer. However, before you take action, you may want to obtain background information and a general understanding of what you will need to do from the information and links here.
The PCI Security Standards Council encourages all businesses that store payment account data to comply with the PCI DSS to help lower their brand and financial risks associated with account payment data compromises. The PCI Security Standards Council does not manage compliance programs and does not impose any consequences for non-compliance. Individual payment brands, however, may have their own compliance initiatives, including financial or operational consequences to certain businesses that are not compliant.
No, the PCI Security Standards Council does not replace the individual brands' compliance programs. The individual participating payment brands separately determine what entities must be compliant, including any brand-specific enforcement programs.
Due to the fact that the PCI Security Standards Council is not present to assess the entire cardholder environment, we cannot determine whether specific solutions and their implementation meet any of the PCI DSS requirements. For information on specific solutions and products that aid in achieving compliance, please consult with a Qualified Security Assessor.

The PCI Security Standards Council (the "Council") provides a variety of tools, questionnaires, guidance, FAQs, training resources and other materials and information to assist organizations seeking to achieve compliance with its standards (the "Standards"). Third party products and services are also available, but the Council does not endorse or recommend any such third party products or services, and advises all organizations seeking to achieve compliance to become familiar with the Standards and related requirements before purchasing third party products or services. Ultimately, all applicable requirements must be met in order to achieve compliance, regardless of whether or what third party products or services are used.