Guest Column | April 7, 2009

Payment Card Industry (PCI) Standards - An Overview


Written by: Sean Kramer, CEO, Element Payment Services

In response to a growing number of data security breaches, the major payment card brands came together to form the Payment Card Industry Security Standards Council. Over the last few years, this council has developed a set of security requirements for all businesses that handle payment cards. They apply to merchants, as well as software developers and manufacturers of applications used for payment card transactions.

The three major standards PCI SSC has developed are Payment Card Industry Data Security Standard (PCI DSS), for merchants and processors, Payment Application Data Security Standard (PA DSS), for developers and integrators, and PIN Entry Device Security Requirements (PCI PED), for manufacturers.

The goal of PCI standards is to protect payment cardholder data. According to Privacy Rights Clearinghouse, a non-profit consumer information and advocacy group, over 245 million data records of U.S. residents have been exposed due to security breaches since January 2005.

The standards are reviewed on a regular basis to ensure they are up to date with current security concerns. The PCI SSC’s participating organizations and board of advisors provide feedback during this review period. For instance, the first version of PCI DSS was released in September 2006 and in October 2008, a revised version was released (Version 1.2).

The five payment card brands that founded the PCI SSC are American Express, Discover, JCB, MasterCard and Visa. Organizations in the industry—merchants, payment devices and services vendors, processors, financial institutions and others—are eligible for PCI SSC membership as participating organizations. They influence the direction of PCI standards through involvement in community meetings and advance review of drafts of standards and supporting materials.

About Element Payment Services, Inc. (
Headquartered in Phoenix, Arizona, Element Payment Services Inc. provides fully integrated PCI DSS compliant payment processing solutions to merchants through partnerships with leading business management software providers. Element’s membership on the PCI SSC allows it to stay ahead of the ever-changing PCI security requirements. Element’s expertise is reflected in its support for end-to-end encryption of customer data, its ability to store sensitive customer data off-site and even its business model, which eliminates third-parties and middlemen who could compromise cardholder data and add unnecessary cost to the payment chain.
Secure, innovative and reliable payment solutions allow Element’s customers to easily comply with industry security requirements such as PCI DSS, PA-DSS (PABP). For more information, visit