About the PCI Security Standards Council

The PCI Security Standards Council is an open global forum, launched in 2006, that is responsible for the development, management, education, and awareness of the PCI Security Standards, including the Data Security Standard (PCI DSS), Payment Application Data Security Standard (PA-DSS), and PIN Transaction Security (PTS) requirements.

The Council's five founding global payment brands - American Express, Discover Financial Services, JCB International, MasterCard, and Visa Inc. - have agreed to incorporate the PCI DSS as the technical requirements of each of their data security compliance programs. Each founding member also recognizes the QSAs, PA-QSAs and ASVs certified by the PCI Security Standards Council.

All five payment brands, along with Strategic Members, share equally in the Council's governance, have equal input into the PCI Security Standards Council and share responsibility for carrying out the work of the organization. Other industry stakeholders are encouraged to join the Council as Strategic or Affiliate members and Participating Organizations to review proposed additions or modifications to the standards.

On this website you'll find useful information about the PCI Security Standards Council, the PCI DSS requirements for merchants, vendors and security consulting companies, and the Council's certification and merchant support services, all created to mitigate data breaches and prevent payment cardholder data fraud.

Note that enforcement of compliance with the PCI DSS and determination of any non-compliance penalties are carried out by the individual payment brands and not by the Council. Any questions in those areas should be directed to the payment brands.
  • Changes to PCI DSS and What It Means for You

    February 20, 2018

    Are you compliant with PCI DSS Version 3.2? Restaurants, retailers, hotels, doctors' and lawyers' offices, and many more, all need to watch for PCI DSS updates to remain compliant.

    Read More
  • What you should know about PCI DSS 3.2

    April 26, 2016

    PCI DSS 3.2 is scheduled for release at the end of April. Have you thought about how this update can affect your business? Will you still be PCI compliant?

    Read More
  • PCI 3.0 – A Wake Up Call for SAQ C Merchants

    September 29, 2014

    Most merchants who have been validating their PCI compliance for a few years now probably know which SAQ type applies to them. In PCI 2.0, it has been fairly simple. And now we are facing PCI 3.0.

    Read More
  • Why Comply with PCI Security Standards

    January 01, 2014

    Why should you, as a merchant, comply with the PCI Security Standards? At first glance, especially if you are a smaller organization, it may seem like a lot of effort, and confusing to boot. But not only is compliance becoming increasingly important, it may not be the headache you expected.

    Read More