About Us: FAQ

Is the PCI Security Vendor Alliance affiliated with the PCI Security Standards CouncilT?
No. The PCI Security Alliance is an independent group of companies who see tremendous value in the standards managed by the council, but the PCI SA is not formally a member of the PCI Security Standards CouncilT. Individual companies who are members of the SA may be members of the council. The PCI Security Alliance will collaborate in the work of the PCI Security Standards CouncilT as needed.

Why are the PCI Data Security Standards so important?
The members of the PCI SA have reviewed all of various national, state and industry data security and privacy regulations, and we have concluded that the PCI DSS represent the absolute most comprehensive set of data security and privacy requirements available anywhere, and are a set of guidelines for protecting confidential data throughout the value chain of ANY industry. That is, even though the PCI DSS are aimed at a single industry, and focus specifically on credit card data, we believe these same standards are applicable to the protection of all classes of sensitive or confidential data, in all industries where such data is collected, communicated, processed or retained. One of the objectives of the PCI SA is to help our customers adapt and extend the PCI DSS to embrace other data elements.

Why was the PCI Security Alliance formed?
Merchants, financial institutions, card processors and other organizations that must comply with the PCI Data Security Standards standard must implement a wide variety of security products and services in order to achieve compliance. The members of the PCI Security Alliance seek to build awareness of just what is required to deliver a comprehensive PCI DSS solution. Collectively, the members of the PCI SA offer merchants, financial institutions and card processors a wide range of alternative products to help them achieve PCI DSS compliance. As the Alliance grows, its membership will provide multiple options to help organizations achieve compliance with all the PCI DSS requirements.

What is the cost to become a member of the PCI Security Alliance?
The goal of the members of the PCI SA is to assemble enough vendors from all of the security and privacy sectors to be able to deliver a comprehensive, yet flexible, set of PCI DSS offerings that address all 12 of the PCI DSS requirements. There are several levels of membership available. See our membership page for details on the annual membership fees and the benefits of membership at each level.

Does the PCI Security Alliance publish the PCI Data Security Standard?
No. The PCI Data Security Standard is published by the PCI Security Standards CouncilT. More information on the standards themselves are available on the PCI Security Standards CouncilT website, at www.pcistandardscouncil.org.

Where is the PCI Security Alliance located?
The PCI Security Alliance office is located at 48377 Fremont Blvd., Suite 117, Fremont, CA 94538, USA.

Where should media inquiries or interview requests regarding the PCI SA be directed?
For media inquiries or to request an interview, please contact Florencia Dazzi, PCI SA Executive Director at: Phone: (510) 492-4027; Fax: (510) 492-4001; Email: info@pcialliance.org.

Does the PCI Security Alliance provide information on security breaches and other regulatory compliance developments?
The members of the PCI Security Alliance follow changes in regulatory compliance very closely. When developments affect the mission of the PCI SA they will be posted on the PCI SA website. However, the PCI SA does not specifically maintain a "compliance news" blog or other compliance news website.

Does the PCI Security Alliance enforce compliance?
No, the PCI Security Vendor Alliance helps merchants and other PCI industry participants achieve compliance, but enforcement of compliance is the responsibility of the individual brands' compliance programs.

What is the Payment Card Industry (PCI) Data Security Standard (Data Security Standards)?
The PCI Data Security Standard represents a common set of industry tools and measurements to help ensure the safe handling of sensitive information. Initially created by aligning Visa's Account Information Security (AIS)/Cardholder Information Security (CISP) programs with MasterCard's Site Data Protection (SDP) program, the standard provides an actionable framework for developing a robust account data security process - including preventing, detecting and reacting to security incidents. More information can be obtained from the Web sites of the individual card brands.

Does the PCI SA determine whether or not a merchant or processor is PCI Data Security Standards compliant?
No. The members of the PCI SA deliver products and services to help an enterprise achieve compliance. The final determination of compliance is made by the individual credit card brands. The card companies may (or may not) accept the recommendation of a certified assessor, for Level 1 merchants or processors. For Level 2, 3 and 4 merchants or processors, a self-assessment is submitted for review to the credit card company. The different card brands may follow different review procedures and have different criteria. The level of the merchant or processor is determined by their annual card processing transaction volume. For more information on compliance and the criteria for determining the levels, see the FAQ at www.pcisecuritystandards.org, or visit the Web sites of the individual card brands.

Where can I get details of the PCI Data Security Standards requirements?
The PCI DSS and all supporting documentation can be found at www.pcisecuritystandards.org.