DOWNLOAD PCI SSC’S GLOBAL
PAYMENT SECURITY ENGAGEMENT
INITIATIVE OVERVIEW

Partnering for Global Payment Security

The Payment Card Industry Security Standards Council (PCI SSC) leads a global, cross-industry effort to increase payment security by providing industry-driven, flexible and effective data security standards and programs to help businesses detect, mitigate and prevent cyberattacks and breaches. Global industry collaboration is critical to this mission. Payment security is everyone’s responsibility. It can’t fall to one entity - bank, card brand or retailer - to secure the whole system. Every entity that stores, processes or transmits cardholder data must play a role. The PCI SSC provides an open forum for the industry to come together to develop security standards and programs that help secure payment data globally.

From merchants and service providers to payment device manufacturers and software developers, financial institutions and processors -- we seek involvement by all sectors of the industry.

Join Us and Make Your Voice Heard

• Participating Organizations have the opportunity to have their voices heard about our standards via the Request for Comment (RFC) process. Additionally, Participating Organizations can attend community meetings, receive exclusive Council communications, such as advance review of drafts of standards and supporting materials, and regular dialogue with key stakeholders. With more than 750 organizations from across industries and around the world, including retailers, airlines, hotels, banks, technology companies, payment processors and industry associations, these organizations play a key role in both influencing the ongoing development of PCI Security Standards and programs, and in helping ensure that PCI Security Standards are implemented globally to secure payment data. Don't miss out – becoming a Participating Organization could become a competitive advantage for your company.
• The PCI SSC Board of Advisors is a 29-member Executive Committee liaison board elected by the more than 750 PCI Participating Organizations around the globe to ensure industry involvement in the development of PCI Security Standards at the Executive Committee level. As strategic partners, they bring market, geographical and technical insight into PCI SSC plans and projects.  Some companies include: Amazon, Walmart, Target, Starbucks, British Airways, AccorHotels, Microsoft, PayPal.
• PCI SSC Strategic Members, who represent multinational acceptance marks with demonstrated commitment to PCI Security Standards. Strategic Members play a directive role in Council activities, including serving on the Council's Executive Committee.
• The PCI SSC Technical Advisory Board is a technical liaison board that brings subject matter technical expertise from a broad range of stakeholders to the security standards process.  This newly formed body provides guidance and recommendations to the PCI SSC at the Executive and Management Committee levels on technical matters related to payment security.
• The PCI SSC Regional Engagement Boards provide region specific leadership at the Executive and Management Committee levels.  The first Regional Engagement Board started in Latin America.  The Regional Engagement Board - Brazil represents the perspectives of PCI SSC Participating Organizations and constituents in Brazil, providing feedback and guidance to the PCI SSC on payment security standards, program development and adoption in the region.  The PCI SSC plans to create more Regional Engagement Boards in other parts of the world in the future.
• PCI SSC Affiliate Members, who represent regional and national payments organizations, help define standards and influence their adoption.  Currently eight organizations serve as Affiliate Members representing a global footprint of payment systems. Affiliate Members actively participate on the various PCI SSC Working Groups playing an important part in the standards development process. Affiliate class membership is open to regional and national organizations that define standards and influence adoption by their constituents who process, store, or transmit cardholder data. This category offers the opportunity to serve on PCI working groups and play an active role in the standards development process.
• The PCI SSC Global Executive Assessor Roundtable is an Executive Committee level advisory board comprised of senior executives from PCI assessor companies.  The PCI SSC trains and validates thousands of accessors that help ensure the correct adoption and implementation of PCI Security Standards.  Assessors provide input on the development of PCI Security Standards and programs and PCI SSC holds regular sessions to engage with the assessment community.  The Global Executive Assessor Roundtable provides formal inputs at the Executive Committee level.
• PCI SSC Task Forces provide high level advice and even help draft our standards. These task forces are comprised of members from our over 750 Participating Organizations (POs) worldwide.  A great example of their work is the Small Merchant Task Force which drive the creation of PCI SSC’s small merchant dedicated webpage and small merchant materials that address the problem areas of passwords, patching and remote access.
• PCI SSC Special Interest Groups (SIGs) are community-driven initiatives that focus on payment security challenges related to PCI Security Standards.  SIG work may provide clarification on specific requirements within a PCI Security Standard, examine how PCI Security Standards work within any given industry or environment, or any other area that supports the Council's mission of raising awareness and increasing adoption of PCI Security Standards. SIGs are chosen by a direct vote of the Participating Organizations (including Strategic and Affiliate Members) that represents merchants, financial institutions and payment processors – the organizations that are implementing PCI Security Standards. Recent SIG topics include:  Securing E-Commerce and Third-Party Security Assurance.

Industry Partnerships:

• The PCI SSC has established working relationships with industry associations around the world including the U.S. Chamber of Commerce, National Restaurant Association (NRA), European Card Payment Association (ECPA), Retail Solutions Provider Associations (RSPA), International Air Transport Association (IATA) American Hotel and Lodging Association (AHLA) and Camera Brasileira de Comercio Electronico.
• The PCI SSC has partnered with vertical industry stakeholders such as the Accredited Standards Committee X9 (ANSI X9) and EMVCo.  PCI SSC is currently working with ANSI X9 on the important issue of PIN acceptance security standards. https://www.pcisecuritystandards.org/pdfs/PCI_X9_Press_Release_Feb_14_2018_FINAL.PDF
• PCI SSC holds community meetings and forums throughout the world with various payment industry stakeholders to both educate and solicit valuable feedback.  Our events and forums include: North America Community Meeting, Europe Community Meeting, Asia-Pacific Community Meeting. Middle-East and Africa Forum, Latin America Forum, Acquirer Forum, QSA/PFI feedback forums.

How PCI SSC Turns Feedback into Action:

• Merchants suggested the PCI SSC develop training to help in-house security personnel assess their security risks and PCI DSS compliance – they got it! The Internal Security Assessor (ISA) program was born. 
• The industry – particularly small merchants - wanted guidance on how best to understand and address their greatest security challenges – they got it!  The PCI SSC put together easy to understand information and tools aimed at helping the small merchant.
• The marketplace asked for changes to the Qualified Integrators and Resellers (QIR) Program to improve training and increase the number of QIRs available to merchants – they got it!  The PCI SSC made the new changes and the program is underway.