← Back to Organizations

PCI Security Standards Council

Global forum for payment card security standards

industry-consortium

Organization Overview and Mission

The PCI Security Standards Council (PCI SSC) is a global forum dedicated to enhancing payment card security. Established in 2006, the Council brings together various stakeholders from the payment industry, including merchants, banks, and payment processors, to develop and promote security standards that protect cardholder data. Their mission is to improve the security of payment card transactions and to foster collaboration among all entities involved in the payment ecosystem.

Their Role in the Migration/Technology Ecosystem

In the rapidly evolving landscape of digital payments, organizations often migrate from legacy systems to modern solutions. The PCI SSC plays a crucial role in this process by providing security standards that organizations must comply with when handling payment card data. Their work ensures that as businesses transition to new technologies, they do so without compromising security.

Key Publications and Contributions

The PCI SSC has produced several foundational documents that guide organizations in implementing secure payment solutions:

  • Payment Card Industry Data Security Standard (PCI DSS): A comprehensive framework outlining security requirements for any entity that stores, processes, or transmits cardholder data.
  • Payment Application Data Security Standard (PA-DSS): Guidelines for software vendors to ensure that payment applications are secure and compliant.
  • Point-to-Point Encryption (P2PE) Standard: A standard aimed at protecting cardholder data through encryption, reducing the risk of data breaches.

These publications serve as essential resources for organizations aiming to comply with security regulations during migrations.

Standards or Best Practices They Maintain

The PCI SSC maintains several key standards that are vital for any organization involved in payment processing:

  • PCI DSS: Focuses on securing cardholder data through a series of security requirements, including encryption, access controls, and regular monitoring.
  • PA-DSS: Emphasizes the importance of secure development practices for payment applications, ensuring they do not store sensitive authentication data post-authorization.
  • P2PE and Tokenization Standards: Help organizations protect cardholder data while enabling more flexible payment solutions.

How Their Work Helps Migration Teams

For migration teams, especially those transitioning to cloud-based or new payment systems, following PCI SSC guidelines can significantly reduce the risks associated with data breaches and regulatory non-compliance. Here are some ways their work assists migration teams:

  • Framework for Compliance: Provides clear standards that help teams understand what is needed to protect cardholder data during and after migration.
  • Risk Mitigation: By adhering to PCI standards, organizations can mitigate risks associated with data breaches and avoid costly penalties.
  • Guidance on Implementation: The Council offers implementation guides and resources that assist teams in effectively applying security measures.

Certifications or Programs They Offer

The PCI SSC offers several certifications and programs that enhance the security posture of organizations:

  • PCI DSS Certification: Organizations can achieve certification by demonstrating compliance with PCI DSS requirements.
  • PCI Qualified Security Assessor (QSA): Professionals trained and certified to help organizations assess and comply with PCI DSS.
  • PCI Approved Scanning Vendor (ASV): Companies authorized to conduct external vulnerability scans to ensure compliance with PCI DSS.

These certifications provide assurance to stakeholders that organizations are serious about payment security.

How to Engage with Their Resources

Engaging with PCI SSC resources is straightforward and can be highly beneficial:

  1. Visit the Website: Access PCI Security Standards Council for a wealth of information regarding standards, publications, and updates.
  2. Download Standards: Organizations can download the PCI DSS and other standards for free to guide their security measures.
  3. Attend Training and Events: PCI SSC hosts events and training sessions that offer insights into best practices and compliance strategies.
  4. Join Community Discussions: Participate in forums and discussions to share experiences and learn from other professionals in the industry.
  5. Engage with Qualified Professionals: Utilize QSAs and ASVs to assess your compliance and ensure your migration strategies align with PCI standards.

By leveraging the resources and standards provided by the PCI Security Standards Council, organizations can ensure a secure and compliant transition during their software migrations, enhancing overall trust in their payment processes.