At the PCI Security Standards Council (PCI SSC) one of our core values is participation. We strongly believe that the only way that we can tackle the cybersecurity challenge is by collaborating and working together as a community. This is why since our inception in 2006, we have created many venues for cooperation and transparency such as the Participating Organization, Strategic Regional Member, and Affiliate Member programs.
The Participating Organization Program was implemented in 2006 and as of today we have more than 800 companies representing merchants, banks, processors, hardware and software developers, and point-of-sale vendors, from about 50 countries. They participate regularly in requests for comments on our technical work, drive the Special Interest Groups (SIGs) that provide the PCI SSC with understanding and guidance on particular topics or technologies, and nominate themselves to run for election to our Board of Advisors.
Strategic Regional Membership is open to associations that represent national payment schemes at a regional level (such as LAC, Europe, MEA, and APAC). We implemented this tier in 2016 and shortly thereafter welcomed the European Card Payment Association (ECPA), which in turn has a membership of 11 European national schemes and three payment associations. The ECPA plays an active role within the PCI SSC. Their representatives participate on our technical working groups and the Management Committee, and meets regularly with other governance groups within the PCI SSC, including the Board of Advisors and the Executive Committee.
Affiliate Membership is open to regional and national organizations that define standards and influence adoption by their constituents who process, store or transmit cardholder data. Affiliate Members serve on our technical working groups, thus playing an active role in the standards development process. The Affiliate Member Program was implemented in 2012 and in 2013 we welcomed Interac Association (Canada), Cartes Bancaires (France), Australian Payments Clearing Association (Australia), PAN-Nordic Card Association (Sweden), Dutch Payments Association (The Netherlands), and Bancomat (Italy). The great news is that Elo (Brazil) joined the program in early 2017 and just over the last few weeks, NPCI (India) and NSPK (Russia) completed their application process and will be onboarded soon.
This is an impressive level of participation that benefits the industry as a whole and we will continue nurturing it. Along with the PCI Security Standards and global infrastructure (assessors, labs, professionals, and listings), together as a PCI community we can continue to help secure payment data.
Mauro Lance is Chief Operating Officer at the PCI Security Standards Council.
