Payment Card Industry Security Standards Council
The term is sometimes more specifically used to refer to the Payment Card Industry Security Standards Council, a council originally formed by American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International on September 7, 2006, with the goal of managing the ongoing evolution of the Payment Card Industry Data Security Standard. The council itself claims to be independent of the various card vendors that make up the council.
The PCI Council formed a body of security standards known as the PCI Data Security Standards, (PCI DSS), and these standards consist of 12 significant requirements including multiple sub-requirements which contain numerous directives against which businesses may measure their own payment card security policies, procedures and guidelines. By complying with qualified assessments (see QSA) of these standards, businesses can become accepted by the PCI Standards Council as compliant with the 12 requirements, and thus receive a compliance certification and a listing on the PCI Standards Council website. Compliance efforts and acceptance must be completed on a periodic basis. (See PCI DSS.)
Membership and Participation
Members of the PCI Security Standards Council currently consist of the five major payment brands: Visa, MasterCard, American Express, Discover, and JCB. The executives and management of the PCI SSC are also filled by employees of the aforementioned payment brands.
Interested parties can participate in the development of the PCI security standards through registration as a Participatory Organization. These participants are organized into Special Interest Groups which are tasked with recommending revisions to and the further development of the various security standards maintained by the council.