The Payment Card Industry Security Standards Council was originally formed by American Express, Discover Financial Services, JCB International, MasterCard and Visa Inc. on 7 September 2006, with the goal of managing the ongoing evolution of the Payment Card Industry Data Security Standard. The council itself claims to be independent of the various card vendors that make up the council.
The PCI Council formed a body of security standards known as the Payment Card Industry Data Security Standard (PCI DSS), and these standards consist of twelve significant requirements including multiple sub-requirements which contain numerous directives against which businesses may measure their own payment card security policies, procedures and guidelines.
They also manage the Payment Application Data Security Standard (PA-DSS), formerly referred to as the Payment Application Best Practices (PABP). More recently, they have collaborated with EMVCo, to provide the security requirements, testing procedures and assessor training to support the EMV 3-D Secure v2.0 standard.
Validated Payment Applications are used by merchants to process electronic payments. Validation occurs after payment applications have been assessed for compliance by Payment Application Qualified Security Assessors using the Payment Application Data Security Standard. Their evaluation of the application and their documentation of such compliance is provided in a corresponding Report on Validation. The Council urges merchants to use approved payment applications in their payment environments.
Dara Security is an award-winning security-focused company, founded by leaders in the information security industry. Dara Security has worked with numerous retail organizations, e-Commerce sites, payment application software vendors, financial institutions, medical organizations, and many other businesses. As seasoned providers of information security services, our engagements involve standards such as: