Make a Difference in our Industry
Your organization is invited to become a PCI SSC stakeholder and help influence the direction of PCI SSC Standards. As a Participating Organization, you have a right and an obligation to help reduce threats to payment security.
It’s only with your help and active engagement that we can drive security standards to higher levels of strength and adoption.
Partnering for Global Payment Security
The Payment Card Industry Security Standards Council (PCI SSC) leads a global, cross-industry effort to increase payment security by providing industry-driven, flexible and effective data security standards and programs to help businesses detect, mitigate and prevent cyberattacks and breaches. Global industry collaboration is critical to this mission. Payment security is everyone’s responsibility. It can’t fall to one entity – bank, card brand or retailer – to secure the whole system. Every entity that stores, processes or transmits cardholder data must play a role. The PCI SSC provides an open forum for the industry to come together to develop security standards and programs that help secure payment data globally. From merchants and service providers to payment device manufacturers and software developers, financial institutions and processors — we seek involvement by all sectors of the industry.
Join Us and Make Your Voice Heard
- Participating Organizations have the opportunity to have their voices heard about our standards via the Request for Comment (RFC) process. Additionally, Participating Organizations can attend community meetings, receive exclusive Council communications, such as advance review of drafts of standards and supporting materials, and regular dialogue with key stakeholders. With more than 750 organizations from across industries and around the world, including retailers, airlines, hotels, banks, technology companies, payment processors and industry associations, these organizations play a key role in both influencing the ongoing development of PCI Security Standards and programs, and in helping ensure that PCI Security Standards are implemented globally to secure payment data. Don’t miss out – becoming a Participating Organization could become a competitive advantage for your company.
- The PCI SSC Board of Advisors is a 29-member Executive Committee liaison board elected by the more than 750 PCI Participating Organizations around the globe to ensure industry involvement in the development of PCI Security Standards at the Executive Committee level. As strategic partners, they bring market, geographical and technical insight into PCI SSC plans and projects. Some companies include: Amazon, Walmart, Target, Starbucks, British Airways, AccorHotels, Microsoft, PayPal.
- PCI SSC Strategic Members, who represent multinational acceptance marks with demonstrated commitment to PCI Security Standards. Strategic Members play a directive role in Council activities, including serving on the Council’s Executive Committee.
- The PCI SSC Technical Advisory Board is a technical liaison board that brings subject matter technical expertise from a broad range of stakeholders to the security standards process. This newly formed body provides guidance and recommendations to the PCI SSC at the Executive and Management Committee levels on technical matters related to payment security.
- The PCI SSC Regional Engagement Boards provide region specific leadership at the Executive and Management Committee levels. The first Regional Engagement Board started in Latin America. The Regional Engagement Board – Brazil represents the perspectives of PCI SSC Participating Organizations and constituents in Brazil, providing feedback and guidance to the PCI SSC on payment security standards, program development and adoption in the region. The PCI SSC plans to create more Regional Engagement Boards in other parts of the world in the future.
- PCI SSC Affiliate Members, who represent regional and national payments organizations, help define standards and influence their adoption. Currently eight organizations serve as Affiliate Members representing a global footprint of payment systems. Affiliate Members actively participate on the various PCI SSC Working Groups playing an important part in the standards development process. Affiliate class membership is open to regional and national organizations that define standards and influence adoption by their constituents who process, store, or transmit cardholder data. This category offers the opportunity to serve on PCI working groups and play an active role in the standards development process.
- The PCI SSC Global Executive Assessor Roundtable is an Executive Committee level advisory board comprised of senior executives from PCI assessor companies. The PCI SSC trains and validates thousands of accessors that help ensure the correct adoption and implementation of PCI Security Standards. Assessors provide input on the development of PCI Security Standards and programs and PCI SSC holds regular sessions to engage with the assessment community. The Global Executive Assessor Roundtable provides formal inputs at the Executive Committee level.
- PCI SSC Task Forces provide high level advice and even help draft our standards. These task forces are comprised of members from our over 750 Participating Organizations (POs) worldwide. A great example of their work is the Small Merchant Task Force which drive the creation of PCI SSC’s small merchant dedicated webpage and small merchant materials that address the problem areas of passwords, patching and remote access.
- PCI SSC Special Interest Groups (SIGs) are community-driven initiatives that focus on payment security challenges related to PCI Security Standards. SIG work may provide clariﬁcation on speciﬁc requirements within a PCI Security Standard, examine how PCI Security Standards work within any given industry or environment, or any other area that supports the Council’s mission of raising awareness and increasing adoption of PCI Security Standards. SIGs are chosen by a direct vote of the Participating Organizations (including Strategic and Afﬁliate Members) that represents merchants, ﬁnancial institutions and payment processors – the organizations that are implementing PCI Security Standards. Recent SIG topics include: Securing E-Commerce and Third-Party Security Assurance.
- The PCI SSC has established working relationships with industry associations around the world including the U.S. Chamber of Commerce, National Restaurant Association (NRA), European Card Payment Association (ECPA), Retail Solutions Provider Associations (RSPA), International Air Transport Association (IATA) American Hotel and Lodging Association (AHLA) and Camera Brasileira de Comercio Electronico, and many others.
- The PCI SSC has partnered with vertical industry stakeholders such as the Accredited Standards Committee X9 (ANSI X9) and EMVCo.
- PCI SSC holds community meetings and forums throughout the world with various payment industry stakeholders to both educate and solicit valuable feedback. Our events and forums have included: North America Community Meeting, Europe Community Meeting, Asia-Paciﬁc Community Meeting. Middle-East and Africa Forum, Latin America Forum, Acquirer Forum, QSA/PFI feedback forums.
How PCI SSC Turns Feedback into Action:
- Merchants suggested the PCI SSC develop training to help in-house security personnel assess their security risks and PCI DSS compliance – they got it! The Internal Security Assessor (ISA) program was born.
- The industry – particularly small merchants – wanted guidance on how best to understand and address their greatest security challenges – they got it! The PCI SSC put together easy to understand information and tools aimed at helping the small merchant.
- The marketplace asked for changes to the Qualiﬁed Integrators and Resellers (QIR) Program to improve training and increase the number of QIRs available to merchants – they got it! The PCI SSC made the new changes and the program is underway.
PCI SSC Community Events & Industry Programs
Annual Community Meetings are a primary expression of the Council’s goal to create a global collaboration for payment security. Community meetings are held in global regions such as North America, Europe, Latin America, Middle East and Africa, and Asia/Pacific. Each meeting attracts leaders from across the security, payments, financial institutions, retail, and technology fields. The agendas combine informative sessions led by industry specialists with networking breaks and opportunities to connect with your peers. Community Meetings are also key feedback forums for the Council — an opportunity to let us know about your successes and challenges, ideas and suggestions regarding PCI standards and supporting programs.
One benefit of becoming a member of the PCI Security Standards Council is access to exclusive communications. All Participating Organizations receive the Council’s weekly communication, The PCI Monitor. Members also receive exclusive access to quarterly webinars.
What Others Say
We are very pleased with the pricing changes that the PCI SSC is making to the PO Program. The revised pricing structure will hopefully lead to even greater participation from organizations in South Africa and throughout the continent. We applaud the PCI SSC for responding to industry feedback and developing this thoughtful and inclusive policy.
Walter Volker, CEO, Payment Association of South Africa (PASA)
The PCI SSC Board of Advisors is comprised of representatives that have a wide range of expertise and experience across the payment industry. Through open, direct dialog and collaboration, the Board provides the PCI SSC feedback on payment security topics and raises critical payment security topics for consideration and action.
Jeff Monts, Operational Risk Manager and Senior Vice President, Wells Fargo - PCI SSC Board of Advisor Member 2015-2017
Joining the council provides MagicCube with two great advantages, especially with regard to PIN on Glass specifications: We are able to gain greater insight into the goals of the PCI organization as well as additional clarity on its objectives early in the process. Secondly, the PCI's process opens the door for new innovative security technologies, allowing us to contribute to the final specifications
Sam Shawki, CEO and Co-Founder, MagicCube
Our selection for the Qualified Security Assessor seat on the PCI SSC Brazil Regional Engagement Board is a real honour and testament to our commitment, knowledge and reputation in the field.
Guilherme Scheibe, Managing Consultant for Foregenix Latin America
When developing SmartCheckout, PCI DSS certification was a mandatory requirement. But it ended up being more important than just the product. The maturity level we reached in the process of becoming compliant helped in defining us as a company. Today as a global digital commerce solution, joining PCI Security Standards Council as a Participant Organization presents us with a great opportunity to contribute to the improvement of the standards in parallel with the many great companies who are also part of the program.
Andre Uchoa, Chief Security Officer and Enterprise Architect, VTEX
Without the PCI Security Standards Council setting the standards, and providing the frameworks via the standards, where would we be?
Tracey Long, Senior Payment Data Security Manager, Worldpay -PCI SSC Board of Advisor Member 2015-2017
The PCI Special Interest Groups (SIGs) are one of the best ways to make the PCI DSS stronger and merchants more secure.
Joseph Pierini, Vice President of Technical Services PSC, Part of NCC Group
The PCI SSC Board of Advisors provides valuable, specific industry-sector knowledge in order to contribute towards wide ranging discussions that ultimately influence the direction and focus of payment security and the outputs of the PCI SSC