Secure Software


Secure Software Standard

The Secure Software Standard offers security requirements for software vendors and developers to ensure the secure design and management of payment software, and to protect the integrity of payment transactions and the confidentiality of all payment card data that is stored, processed, or transmitted in association with payment transactions. Secure software used as part of a payment transaction flow are essential to facilitate reliable and accurate payment transactions.

Important Information


Intended Audience

Software vendors that develop payment software to support or facilitate payment transactions.


Secure Software Standard Documents

Find all of the related documents in the PCI SSC Document Library.


Listings & Professionals

PCI SSC encourages merchants and service providers to use the PCI SSC listing in selecting a PCI-listed validated software product that meets their needs.

PCI Secure Software Assessors are qualified and trained by PCI SSC to perform independent assessments against the PCI Secure Software Standard and in accordance with the Secure Software Program Guide.


Training Information

The Payment Card Industry Professional is an individual, entry-level certification in payment security information and provides you with the understanding to help your organization build a secure payment environment. Becoming a PCIP demonstrates a level of understanding that can provide a strong foundation for a career in the payments security industry.

Perform assessments of payment software in accordance with the Secure Software Requirements and Assessment Procedures

Knowledge Training courses are designed to bridge the knowledge gap between organizations and assessors by providing learning opportunities for individuals to take the same training and exam as the Assessor. Upon successful completion of training, learners will be given an acknowledgement of completion as well as the option to complete the exam and receive a digital badge.

Get your team trained together! We are pleased to offer all our PCI training programs as either in-person or remote Instructor-led eLearning. Learn directly from an instructor with hands-on experience in the field of payments security. Your organization will receive all the benefits of an instructor-led training class, at a time and place most convenient for you and your staff.

Compliance programs for all PCI SSC standards are managed by the payment brands. Questions about which entities need to validate compliance to any PCI SSC standard, or whether use of a PCI-listed product is required and for which entities, should be referred to the payment brands. Contact information for the payment brands is in FAQ #1142.