The focal point is the PCI Data Security Standard (PCI DSS), which provides a framework that is easily implemented to develop a robust card payment security process — including prevention, detection and appropriate reaction to security incidents. The Council also provides training to professional firms and individuals so that they can assist organizations with their compliance efforts. These organisations are given Qualified Security Assessor status meaning that PCI has ensured that they are able to help you with your card payment security needs the PCI Data Security Standard (PCI DSS), which provides an actionable framework for developing a secure card payment process — including prevention, detection and appropriate reaction to security incidents.

Card Production Security Assessor (CPSA) Companies are security organizations that have been qualified by the Council to validate an entity’s adherence to the PCI Card Production Logical Security and/or Physical Security Standards. CPSA Employees are individuals who are employed by a CPSA Company and have satisfied all requirements to perform PCI Card Production Security Assessments as described in the CPSA Qualification Requirements.

Organisations qualified by PCI SSC to validate P2PE Applications on behalf of vendors are referred to as payment application qualified security assessor P2PE companies (PA-QSA (P2PE) companies). The quality, reliability, and consistency of a QSA (P2PE) company and/or PA-QSA (P2PE) company’s work provide confidence that the P2PE Solution, P2PE component and/or P2PE application has been validated for P2PE compliance

Organisations certified by the PCI Security Standards Council (PCI SSC) to assess compliance with the PCI PIN Security Requirements and Testing Procedures. These standards focus on protecting PIN data during payment transactions by ensuring secure management, encryption, and transmission processes. We evaluate compliance, provide guidance to address vulnerabilities, and help businesses maintain global security standards, fostering trust in the payment ecosystem and protecting cardholder data by bridging the gap between compliance and robust security practices.