September 12, 2006

American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International on Sept. 7 announced the formation of an independent council designed to manage the ongoing evolution of the Payment Card Industry Data Security Standard, which focuses on improving payment account security through the transaction process. The founding of the PCI Security Standards Council (Wakefield, Mass.) will lead to higher security protection against data theft and fraud for more than one billion global payment card users, according to a joint release.

"The main point here is that we want to make this simpler for everyone," says Seana Pitt, chairwoman, PCI Security Standards Council and VP of global merchant policy and data quality at American Express. The council, which first met in January, was established to "drive adoption and awareness of the standards," Pitt says.

Pitt also emphasized the council's desire to engage more stakeholders. "Ensuring the security of electronic payments is of paramount importance to all stakeholders, not just the payment brands," she relates. The council has invited merchants, payment device and service vendors, processors, and financial institutions to participate in the new organization and to play a role in securing payment account data.

Participating organizations will be able to recommend changes, provide input on future initiatives, have access to and the ability to comment on drafts of potential changes to security standards in advance, and influence the organization's overall direction.

"The payment brands that founded the council are committed to ensuring ongoing development of data security standards that are both efficient and effective," Pitt explains. "The creation of this council is a significant step forward in protecting cardholder information and it underscores the critical nature of this effort."

By establishing the independent council to manage the PCI data security standard for the payments industry, the founding members are developing a system that is more accessible and efficient for all stakeholders including merchants, processors, point-of-sale vendors and financial institutions.

Specifically, the PCI Security Standards Council will:

  • Develop and maintain a global, industry-wide technical data security standard for the protection of accountholder information.
  • Reduce costs and lead times for the Data Security Standard implementation and compliance by establishing common technical standards and audit procedures for use by all payment brands.
  • Provide a list of globally available, qualified security solutions providers via its Web site to help the industry achieve compliance.
  • Lead training, education and a streamlined process for certifying qualified security assessors (QSA) and approved scanning vendors (ASV), providing a single source of approval recognized by all five founder members.
  • Provide a transparent forum in which all stakeholders can provide input into the ongoing development, enhancement and dissemination of data security standards.