PCI Security


The PCI Security Standards Council touches the lives of hundreds of millions of people worldwide. A global organization, it maintains, evolves and promotes Payment Card Industry standards for the safety of cardholder data across the globe.

Who We Serve

We serve those who work with and are associated with payment cards. This includes: merchants of all sizes, financial institutions, point-of-sale vendors, and hardware and software developers who create and operate the global infrastructure for processing payments.

What We Do

There are two priorities for our work:

  • Helping merchants and financial institutions understand and implement standards for security policies, technologies and ongoing processes that protect their payment systems from breaches and theft of cardholder data.
  • Helping vendors understand and implement standards for creating secure payment solutions.

“Over the course of several years now, the PCI Security Standards Council has done a laudable job at defining and evolving a cohesive set of standards, as well as at listening and adapting over time to the feedback from merchants, banks, payment processors, service providers, and technology providers.”
- Derek Brink, Vice President and Research Fellow, Aberdeen Group

The Council was founded in 2006 by American Express, Discover, JCB International, Mastercard and Visa Inc.  They share equally in ownership, governance, and execution of the Council's work.

Useful Links

Security Matters

From customers to merchants and financial institutions, the security of cardholder data affects everybody. Discover how securing cardholder data can help preserve customer trust, ensure compliance, and benefit your organization in the long term.

Get the details

The PCI Security Standards

Maintaining payment security is required for all entities that store, process or transmit cardholder data. Guidance for maintaining payment security is provided in PCI security standards. These set the technical and operational requirements for organizations accepting or processing payment transactions, and for software developers and manufacturers of applications and devices used in those transactions.

See the standards

How to Secure

Following guidance in the PCI Data Security Standard helps keep your cyber defenses primed against attacks aimed at stealing cardholder data.

Learn how to secure

Assessing the Security of Your Cardholder Data

Most small merchants can use a self-validation tool to assess their level of cardholder data security. The Self-Assessment Questionnaire includes a series of questions for each applicable PCI Data Security Standard requirement. There are different SAQs available for a variety of merchant environments.

Take the self assessment