Text size Increase Font-SizeDecrease Font-SizeReset Font-Size

What Is the PCI Security Standards Council?

The Payment Card Industry Security Standards Council, or PCI SSC – often termed simply “the Council” – is an open global forum, launched in 2006, that develops, maintains and manages the PCI Security Standards, which include the Data Security Standard (DSS), Payment Application Data Security Standard (PA-DSS), and PIN Transaction Security (PTS) Requirements.

Our standards cover everything from the point of entry of card data into a system, to how the data is processed, through secure payment applications. We seek to protect and educate industry players such as merchants, processors, financial institutions, and any other organizations that store, process, and transmit cardholder data, around the world.

The Council works to educate stakeholders about the PCI Security Standards, operates programs to train and qualify security professionals in assessing and achieving compliance with PCI Security Standards, and promotes awareness of the need for payment data security to the public.

The Council’s five founding global payment brands -- American Express, Discover Financial Services, JCB International, MasterCard, and Visa Inc. – have incorporated the PCI DSS as the technical requirements for their data security compliance programs. Each founding member also recognizes the practitioners and companies – Qualified Security Assessors and Approved Scanning Vendors -- certified by the PCI Security Standards Council as being qualified to validate compliance to the PCI DSS, making the Council a centralized resource for access to standards and services approved by all five payment brands.

Finally, there is an important differentiator that merchants should know about. The Council does NOT validate or enforce any organization’s compliance with its PCI Security Standards, nor does it impose penalties for non-compliance. These areas are governed by the payment brands and their partners. If you, as a merchant, have questions about requirements for compliance with any PCI Security Standard, deadlines for or reporting of compliance, only the payment brands can supply the answers, not the Council. Start with these links:


Back to Top

The PCI Security Standards Council (the "Council") provides a variety of tools, questionnaires, guidance, FAQs, training resources and other materials and information to assist organizations seeking to achieve compliance with its standards (the "Standards"). Third party products and services are also available, but the Council does not endorse or recommend any such third party products or services, and advises all organizations seeking to achieve compliance to become familiar with the Standards and related requirements before purchasing third party products or services. Ultimately, all applicable requirements must be met in order to achieve compliance, regardless of whether or what third party products or services are used.