The Ultimate Guide to Credit Cards
Wednesday, July 17, 2024

How The PCI Security Standards Council® Lays the Groundwork for Safer Digital Payments

Pci Security Standards Council Lays The Groundwork For Safer Payments
Adam West

Written by: Adam West

Adam West
Adam West

Adam corresponds with finance experts to publish industry news coverage related to helping consumers achieve greater financial literacy and improved credit. He has more than 12 years of storytelling, editing, and design experience in print and online journalism and is most knowledgeable in the areas of credit scores, financial products and services, and the banking industry.

See full bio »

Edited by: Lillian Guevara-Castro

Lillian Guevara-Castro
Lillian Guevara-Castro

Lillian Guevara-Castro brings more than 30 years of editing and journalism experience to the CardRates team. She has written and edited for major news organizations, including The Atlanta Journal-Constitution and the New York Times, and she previously served as an adjunct journalism instructor at the University of Florida. Today, Lillian edits all CardRates content for clarity, accuracy, and reader engagement.

See full bio »
Advertiser Disclosure

In a Nutshell: When five of the world’s largest credit card vendors combined their security programs into one in 2004, it created the Payment Card Industry Data Security Standard (PCI DSS). Not long after, it became clear that an organization was needed to manage constantly evolving PCI standards, and the Payment Card Industry Security Standards Council was born in 2006. Since its inception more than a decade ago, the Council has focused on reducing business owners’ risk of cyber theft by monitoring standards of accepting digital payments. The Council has gone further to help entrepreneurs by establishing a small business task force to help educate SMB owners to better protect their customers’ sensitive data. //

It’s no secret that businesses across the globe are experiencing the effects of an increasingly cashless society. Just over a decade ago, checks were the predominant type of non-cash payment in the US. One by one, starting in 2007, non-prepaid debit card, then credit card, and then ACH payments (with debit transfers and credit transfers combined) overtook checks.

The 2016 Federal Reserve Payments Study showed that in 2015, US non-cash payments, including debit card, credit card, ACH, and check payments, totaled more than 144 billion transactions with a value of almost $178 trillion. That number increased at an annual rate of 5.3% by number or 3.4% by value from 2012 to 2015 and is expected to grow even more over the next five years with the proliferation of mobile payments.

On one hand, digital payments relieve the business owner of the burden of handling large amounts of cash. But with that benefit comes many potential potholes on the road to success. Cyber theft is considered to be the fastest-growing crime in America with 69% of Americans concerned about the theft of their private information when making a purchase.

The Payment Card Industry (PCI) Security Standards Council was originally formed in 2006 by leading credit card vendors — American Express, Discover Financial Services, JCB International, Mastercard, and Visa Inc. — with the goal of managing the Payment Card Industry Data Security Standard. It’s grown in the last decade to become the gold standard in cyber security, with member businesses spanning nearly every major country in the world.

PCI Security Standards Council Logo

The Council board releases regular security advisements and works to remain ahead of trends in cyber security. Each of the Council’s founding payment brands has its own compliance programs that individually determine infractions and penalties for companies that do not follow the standards. The Council itself does not pass judgments or levy penalties for non-compliant businesses.

PCI compliance is one of the toughest sets of standards in the payment processing field today, but it’s also a safeguard for business owners to keep their interests, and reputations, secure.

Keeping Businesses and Customers Happy with Each Swipe

According to the Council, 60% of all SMBs have experienced some sort of data breach, with the average cost of repairing the breach reaching $20,752. Because small companies typically have small security budgets, 71% of hackers target businesses with fewer than 100 employees. One such breach can completely cripple a business and destroy any goodwill or trust customers have with the proprietor.

It’s with those numbers in mind that the Council created the PCI Small Merchant Taskforce in 2015. Its resources include a guide to safe payments, common payment systems, questions to ask your vendors, and a glossary of payment and information security terms. All of the resources are available to download for free.

While the Council was founded by most of the major credit card companies, it has more than their best interests at heart. As the amount of money spent through credit and debit cards continues to grow each year, so do the number of crimes targeting payment information. If the fear of theft slows down the use of credit and debit cards, it not only hurts your business, it hurts the credit card industry as a whole. Hence, the Council sees itself as a resource to protect worldwide security, starting with the members of your office.

PCI Training and Qualification Programs Ensure Customer Data is Protected

How secure is your business? Most companies can’t afford to hire a PCI professional to patrol its cyber real estate in the cloud. To cut down on costs, while maximizing security benefits, PCI has instituted the PCI Standards Training Program, which taps independent trainers to help businesses learn what is needed to become compliant.

Screenshot of some courses available in the PCI Standards Training Program

These are some examples of courses available through the PCI Standards Training Program.

The program enlists authorized institutions to train, test, and qualify organizations and individuals who assess and validate compliance so merchants successfully implement PCI standards and solutions. While many businesses see compliance as a once-a-year event, the growth of threats has turned the need to focus on security into a round-the-clock task.

The Training Council, which disseminates most of its offers and information through social media outlets, also sponsors PCI Community Meetings, with training sessions, keynote speakers, and a strong focus on security issues that businesses face today. This year’s community meeting will take place September 12-14 in Orlando.

A Worldwide Organization that Focuses on Collaboration

Despite a heavy concentration of American board members, business partners, and office locations, the Council is very much a worldwide organization. A recent conference in South Africa focused on making payments safer for the global payment card industry. The aim of the conference was to find ways to make the harvesting of sensitive data a less profitable crime.

“With the rapid growth in the multitude of ways to make payments, now, more than ever, we must join forces to devalue payment data and make payments safer,” PCI SSC General Manager Stephen Orfei told attendees. “We need to make solutions readily available and easier to use for merchants. Global collaboration and information sharing will continue to be critical.”

The rise of cybercrime in Africa and the Middle East has exploded in recent years to nearly surpass the incident numbers seen in America.

“It is vital for the global business community to adopt strong security standards and technology solutions, and to train and educate their people,” International Director Jeremy King said. “PCI Standards and programs deliver a business solution to cyber crime, not just an IT solution, by bringing together a powerful combination of people, processes, and technologies.”

Working Together to Protect Digital Payments

Many of the security initiatives in place today will be outdated by this time next year. It’s the nature of cyber security to always stay one step ahead of thieves. That’s why a council like the one created to uphold PCI standards is important to businesses of any size. Despite the complexity of compliance, and the headaches such certifications can cause, it dwarfs the pain that a single breach of customer information can bring.

The global security body the Council has created works to maintain high standards to keep your business and theirs safe, while giving peace of mind to the consumers who trust you with their sensitive data.

Based on projections, more than $200 trillion in digital transactions will take place this year alone. It only takes one glitch in security to bring down your life’s work overnight. The PCI Security Standards Council is doing its part to make sure that doesn’t happen to you.

Advertiser Disclosure is a free online resource that offers valuable content and comparison services to users. To keep this resource 100% free, we receive compensation for referrals for many of the offers listed on the site. Along with key review factors, this compensation may impact how and where products appear across (including, for example, the order in which they appear). does not include the entire universe of available offers. Editorial opinions expressed on the site are strictly our own and are not provided, endorsed, or approved by advertisers.