The founding of the PCI Security Standards Council, LLC, marks a significant milestone in the payment industry's efforts to secure payment account data in a globally consistent manner. Ultimately this means that more than a billion global payment card users will benefit from a higher level of security protection against data theft and fraud.
"The payment brands that founded the Council are committed to ensuring the ongoing development of data security standards that are both efficient and effective," said Seana Pitt, chairperson, PCI Security Standards Council. "The creation of this Council is a significant step forward in protecting cardholder information and it underscores the critical nature of this effort."
By establishing the independent Council to manage the PCI Data Security Standard for the payments industry, the founding members are developing a system that is more accessible and efficient for all stakeholders including merchants, processors, point-of-sale (POS) vendors and financial institutions.
Specifically, the PCI Security Standards Council will:
* Develop and maintain a global, industry-wide technical data security standard for the protection of accountholder account information;
* Reduce costs and lead times for Data Security Standard implementation and compliance by establishing common technical standards and audit procedures for use by all payment brands;
* Provide a list of globally available, qualified security solution providers via its Web site to help the industry achieve compliance;
* Lead training, education, and a streamlined process for certifying Qualified Security Assessors (QSAs) and Approved Scanning Vendors (ASVs), providing a single source of approval recognized by all five founding members;
* Provide a transparent forum in which all stakeholders can provide input into the ongoing development, enhancement and dissemination of data security standards.
"Ensuring the security of electronic payments is of paramount importance to all stakeholders, not just the payment brands," continued Pitt.
To that end, the PCI Security Standards Council invites all parties with a role to play in securing payment account data - including merchants, payment devices and services vendors, processors, financial institution and others - to participate in the new organization.
Participating organizations will be able to recommend changes, provide input on future initiatives, have access to and the ability to comment on drafts of potential changes to security standards in advance, as well as influence the organization's overall direction. In addition, participating organizations will be able to elect or serve as a member of the PCI Security Standards Council's Board of Advisors.
The PCI Security Standards Council will serve as an advisory group and manage the underlying PCI security standards, and each payment card brand will remain responsible for its own compliance programs.
As its first action, the PCI Security Standards Council also announced today the PCI Data Security Standard version 1.1. The new standard addresses evolving security threats and recommends that merchants and vendors take action to fortify application and network level security. It provides a framework for ongoing PCI compliance.
For more detailed information on PCI DSS 1.1, the Council's organizational structure and how to join, please click here.
About PCI Security Standards Council
The mission of the PCI Security Standards Council is to enhance payment account security by fostering broad adoption of PCI security standards. For more information, please click here.
For further information contact:
Text 100 for PCI Security Standards Council