The Payment Card Industry Security Standards Council (PCI SSC) is an organization that develops and maintains the Payment Card Industry Data Security Standard (PCI DSS) and other security standards for the payment card industry. The PCI SSC was established in 2006 as a collaborative effort between major payment card brands such as Visa, Mastercard, American Express, Discover, and JCB.
The primary mission of the PCI SSC is to enhance the security of payment card data and promote the adoption of consistent security practices across the industry. The council is responsible for setting the standards and requirements that organizations must follow to protect cardholder data and maintain secure payment card environments.
In addition to the PCI DSS, the PCI SSC also develops and manages other security standards, including the Payment Application Data Security Standard (PA-DSS) for software vendors and the Point-to-Point Encryption (P2PE) standard for secure card data transmission.
The PCI SSC provides guidance, education, and support to organizations in their efforts to achieve and maintain compliance with the security standards. They offer training programs, resources, and certification programs for individuals and companies involved in the payment card industry. The council also works closely with payment card brands, acquirers, and other stakeholders to ensure the ongoing effectiveness and relevance of the security standards.
By establishing and maintaining these industry standards, the PCI SSC aims to protect cardholder data, prevent fraud, and maintain the trust and confidence of consumers in electronic payment transactions. Compliance with the standards is typically required for organizations that handle payment card data, and non-compliance can result in penalties, fines, and restrictions on payment card processing.