The PCI SSC
The Payment Card Industry Security Standards Council, or PCI SSC, is an open global forum that was launched back in 2006. It comprises 5 different global payment brands:
American Express, Discover Financial Services, JCB International, MasterCard, and Visa Inc. All of these companies agreed that they would implement the PCI DSS (Data Security Standards) and use them as their requirements for security compliance.
What does the PCI SSC do?
The PCI SSC is the entity that will approve and certify QSA’s (Qualified Security Assessors) and ASV’s (Approved Scanning Vendors). ASV’s are companies that offer services like Server Scan, including automated scans for vulnerabilities that generate PCI certificates and scan reports, and other security tests such as penetration testing. These approved companies undergo a rigorous testing process that is strictly monitored by the PCI SSC, and also have to pay costly annual fees in order to maintain their standing as a certified QSA or ASV. This allows them to pass PCI certification or certificates in the form of scan reports or other forms on to you, in order for you to prove your compliance with the PCI DSS.
What does the PCI SSC require for PCI compliance?
The PCI SSC will almost always require that you receive quarterly scanning from an ASV. If you’re not sure what requirements you need to comply with, the PCI SSC recommends checking with your acquiring bank. They will have the most clear information on what your company must specifically do to become PCI compliant. If you would like to get a general idea, take a look at our guidelines here.