9. Payment Card Industry (PCI) Security Standards

The Payment Card Industry Security Standards Council (PCI SSC) is a global forum for the ongoing development, enhancement, storage, dissemination, and implementation of security standards for account data protection. The Council was founded in 2006 by American Express, Discover, JCB International, MasterCard, and Visa Inc. Founding Members share ownership, governance, and execution of the organization’s work equally. PCI Security Standards are developed specifically to protect payment account data throughout the payment lifecycle and to enable technology solutions that devalue this data and remove the incentive for criminals to steal it. They include standards for merchants, service providers, and financial institutions on security practices, technologies, and processes, and standards for developers and vendors for creating secure payment products and solutions. Currently, there are a total of 15 PCI Security Standards applying to different steps in the payment process.

Compliance with the PCI Data Security Standard and other applicable PCI Standards may be necessary for entities that store, process, or transmit cardholder data. PCI Standards are for entities accepting or processing payment transactions and for software developers and manufacturers of applications and devices used in those transactions. PCI SSC does not receive copies of compliance assessment reports, nor is it involved in and has no information about penalties or fines for non-compliance. Each payment brand has its own scheme rules and processes for ensuring cardholder data security. These payment brands also establish rules defining the approach their customers must undertake for adopting, implementing, and complying as appropriate with the range of PCI Standards. Also, PCI SSC is not involved in any aspect of a forensic investigation and does not receive copies of forensic reports produced as part of an investigation.
Cybermatic PCI qualified professionals with decades of worldwide practical experience and industry knowledge and best practices would be your trusted partner to help your organization comply with the PCI Security Standards requirements and implement a sustainable process by providing the below PCI services:

  • PCI Security Standards Consultation: Whether your organization is a merchant, service provider, developer or vendor for creating secure payment products and solutions, we can guide, train and help you to adopt proper PCI security standards for your firm.
  • PCI DSS Controls Gap Analysis: CayberMatic examines your company’s cardholder data environment (CDE) to determine compliance with 12 PCI DSS control requirements and help you to bridge the gaps. Our professionals help you to understand how ready it is for your PCI audit or self-assessment questionnaire (SAQ) and to identify any inadequate controls that impact your PCI DSS compliance.

More details about the PCI SSC can be found on their official website at: