US card issuers American Express, Discover Financial Services, MasterCard and Visa, along with Japan's JCB, are forming an independent council that will manage the on-going development of the Payment Card Industry (PCI) data security standards.
The PCI standard focuses on improving payment account security throughout the transaction process. Download the document now 175 kb (Adobe Acrobat Document)
By establishing the council, the founding members say they are developing a system that is more accessible and efficient for all stakeholders including merchants, processors, point-of-sale vendors and financial institutions.
Seana Pitt, chairperson, PCI Security Standards Council, says: "The creation of this council is a significant step forward in protecting cardholder information and it underscores the critical nature of this effort."
Specifically the council will develop and maintain a global industry-wide technical data security standard for the protection of account data as well as establish common technical standards and audit procedures for use by all payment brands.
The council will also lead training, education, and a streamlined process for certifying qualified security assessors (QSA) and approved scanning vendors (ASV), providing a single source of approval recognized by all five founding members and will also supply information on globally available, qualified security solution providers on its Web site.
All stakeholders will also use the council to provide input into the ongoing development, enhancement and dissemination of data security standards.
The council is inviting merchants, payment devices and services vendors, processors, financial institution and others to participate in the organisation.
Participating firms will be able to recommend changes, provide input on future initiatives, have access and the ability to comment on drafts of potential changes to security standards in advance, as well as influence the organization's overall direction. In addition, participating organizations will be able to elect or serve as a member of the council's board of advisors.
As its first action, the PCI Security Standards Council has announced PCI Data Security Standard version 1.1 which addresses evolving security threats and recommends that merchants and vendors take action to fortify application and network level security. It provides a framework for ongoing PCI compliance: