# PCI Security Standards Council, LLC
*Also known as PCI SSC*

- Website: https://www.pcisecuritystandards.org
- Agent profile: https://directory.haycion.ai/agents/pcisecuritystandards-org

> Global open forum for developing, promoting, and implementing payment card data security standards.

The PCI Security Standards Council, LLC (PCI SSC) is a global, open forum dedicated to the ongoing development, maintenance, dissemination, and implementation of payment card data security standards. It works to safeguard cardholder data, supports the security of payment systems, and serves organizations worldwide by strengthening security standards and providing training for security professionals.

**Mission:** To monitor threats and improve the industry's threat handling by strengthening PCI security standards and training security professionals.

## Products & Services

### [PCI Data Security Standard (PCI DSS)](https://www.pcisecuritystandards.org/standards/pci-dss)
*Platform*
Ensures robust protection of cardholder data through a comprehensive security framework.

- **PCI DSS Data Security Standard** — Protects Cardholder Data
- **P2PE Encryption** — Protect Sensitive Data
- **Secure Software Requirements** — Ensures Software Security Standards
- **PA-DSS** — Facilitates Secure Payment Applications
- **Compliance Verification** — Verifies Compliance
- **Continuous Improvement Framework** — Promotes Ongoing Security
- **Reduction of PCI Scope** — Minimize Compliance Costs

### [Secure Software Lifecycle (Secure SLC)](https://www.pcisecuritystandards.org/standards/secure-software-lifecycle-secure-slc/)
*Platform*
Enhances software security throughout its lifecycle, aligning development practices with security standards.

- **Secure Software Lifecycle** — Enhance Software Development Security
- **Consistent Security Standards** — Ensure Standardized Security Practices
- **Training and Support** — Access Training Resources

### PTS Point of Interaction (POI)
*Platform*
Ensures secure transactions at payment terminals to protect cardholder data.

- **POI Security** — Establishes Secure Transaction Processes
- **Certification Processes** — Certifies Device Security Compliance
- **Support for Various Payment Methods** — Enables Modern Payment Options

### [PIN Security](https://www.pcisecuritystandards.org/standards/pin-security/)
*Platform*
Ensures secure handling and processing of PINs in payment transactions.

- **PIN Entry Security** — Enhances User Confidence
- **Compliance Guidelines** — Simplifies Compliance Process

### [Card Production and Provisioning - Logical](https://www.pcisecuritystandards.org/standards/card-production-and-provisioning-logical/)
*Platform*
Enhances security management for logical provisioning of card data.

- **Policy Compliance** — Achieve Compliance Standards
- **Logical Provisioning** — Streamline Secure Provisioning

### [Card Production and Provisioning - Physical](https://www.pcisecuritystandards.org/standards/card-production-and-provisioning-physical/)
*Platform*
Ensures secure card production through established physical safeguards.

- **Physical Provisioning Security** — Establishes Strong Physical Security Controls
- **Access Control Requirements** — Limits Access to Authorized Personnel

### [PCI 3DS Core](https://www.pcisecuritystandards.org/standards/pci-3ds-core/)
*Platform*
Enhances online payment security with robust 3DS transaction protocols.

- **3DS Core Functionality** — Ensures Secure Payments

### [MPoC Solutions](https://www.pcisecuritystandards.org/standards/mobile-payments-on-cots-mpoc/)
*Solution*
Empowers secure mobile payment processing with standard mobile devices.

- **MPoC Solutions** — Facilitates Mobile Payments
- **Security Standards Compliance** — Meets PCI Standards

### [SPoC Solutions](https://www.pcisecuritystandards.org/spoc_solutions)
*Solution*
Secure Software-Based PIN Entry Solutions For Payment Workflows.

- **Enhanced Security** — Ensures Secure PIN Entry

### [CPoC Solutions](https://www.pcisecuritystandards.org/standards/contactless-payments-on-cots-cpoc/)
*Solution*
Seamlessly Enable Contactless Payments on COTS Devices

- **CPoC Solutions** — Facilitates Contactless Payments

## Market Segments

- **PCI DSS compliance and assessment**: Framework and practices to assess, validate, and maintain compliance with the PCI Data Security Standard, including requirements for payment application security and organizational controls.
- **Point-of-interaction terminal security and certification**: Certification processes and device-level security requirements for payment terminals and POI devices to ensure secure transaction capture and processing.
- **COTS payment acceptance security**: Standards and controls for enabling secure contactless and mobile payments on commercial off-the-shelf (COTS) devices, including software-based PIN entry and contactless acceptance.
- **Card issuance and personalization security**: Logical and physical controls, access restrictions, and provisioning practices to protect card production, personalization, and distribution processes.
- **PIN entry security**: Controls and guidelines for secure PIN entry, handling, and verification across devices and transaction flows to reduce fraud and exposure of sensitive authentication data.
- **3-D Secure authentication**: Standards and core protocols for 3-D Secure transaction authentication to strengthen e-commerce authentication and reduce cardholder authentication fraud.
- **Secure development lifecycle for payments**: Standards, assessments, and training to embed security into each phase of payment application development and reduce software vulnerabilities in payment environments.
- **Point-to-point encryption and key management**: Encryption and key management practices to protect cardholder data from the point of capture through transmission to processors, including methods to reduce PCI assessment scope.
