The Payment Card Industry (PCI) Security Standards Council (SSC) plays an important role in the segment of data protection. This open global forum was founded by five global brands.
- JCB International
- Visa Inc.
- MasterCard Worldwide
- American Express
- Discover Financial Services
Apart from these founding members, there are also Strategic Members, Affiliate Members and Participating Organizations that are included in the forum. PCI SSC lays down security standards necessary for data security related to financial transactions.
Being an open forum, the security standards are of course open for discussion to participating members. Any recommended updates can be forwarded for review by members, and PCI community meetings then decide whether the updates are required to be incorporated or not. An example of this is how the two-year standards development lifecycle was modified to a three-year cycle in 2010, based on relevant feedback.
Among the most important security standards introduced by PCI are:
- PCI Data Security Standard (PCI DSS)
- Payment Application Data Security Standard (PA DSS)
- PIN Transaction Security (PTS)
These and other security standards such as Quality Security Assessor (QSA), Payment Application Quality Security Assessor (PA QSA) and Approved Scanning Vendors (ASV) help in preventing data breaches and provides security to cardholder’s information.
Data centers, data compliance and PCI SSC
PCI SSC deals with Data Security Compliance programs and therefore prescribes the security standards to be followed by data centers, too.
Data compliance enforcement is not the obligation of PCI SSC. This is the prerogative of the card companies. Card companies rely on data centers to follow the various Data Security Compliance programs as announced by PCI SSC, so that their business and financial interests are well protected. In the event of non-compliance, these payment brands may impose penalties on the erring parties.
The main aim of the various standards developed by PCI SSC is to prevent data theft and eventually data fraud, both of which have the potential to cause severe damage, financial and otherwise to the cardholders as well as the card company.