Payment Card Industry Security Standards Council


The Payment Card Industry Security Standards Council was originally formed by American Express, Discover Financial Services, JCB International, MasterCard and Visa Inc. on 7 September 2006, with the goal of managing the ongoing evolution of the Payment Card Industry Data Security Standard. The council itself claims to be independent of the various card vendors that make up the council.
The PCI Council formed a body of security standards known as the Payment Card Industry Data Security Standard, and these standards consist of twelve significant requirements including multiple sub-requirements which contain numerous directives against which businesses may measure their own payment card security policies, procedures and guidelines.
They also manage the Payment Application Data Security Standard, formerly referred to as the Payment Application Best Practices. More recently, they have collaborated with EMVCo, to provide the security requirements, testing procedures and assessor training to support the EMV 3-D Secure v2.0 standard.

Membership and participation

Members of the PCI Security Standards Council currently consist of the five major payment brands: Visa, MasterCard, American Express, Discover, and JCB. The executives and management of the PCI SSC are also filled by employees of the aforementioned payment brands.
Interested parties can participate in the development of the PCI security standards through registration as a Participating Organization. These participants are organized into Special Interest Groups which are tasked with recommending revisions to and the further development of the various security standards maintained by the council.