PCI is an independent, self-funded organization, and creates and manages security standards for card payments.

The Payment Card Industry (PCI) is formed by the card schemes but not funded or operated by them, and standards must still pass through an executive committee of PCI brands.

Who needs PCI compliance?

All companies that process, store or transmit credit card information need to comply with the PCI Security Standards Council's (SSC) regulations. This includes merchants, service providers with regards to storing data, to terminal vendors that develop PIN devices which need to maintain a certain level of PCI security.

What can UL do for me?

UL is accredited to perform all approval programs:

  • PCI PTS (PIN Transaction Security) point-of-interaction devices and HSM. It applies to both PIN and non-PIN devices with cryptographic processes to protect the PIN and other sensitive data. SRED is for cardholder data.
  • PCI DSS (PCI Data Security Standard) covers the protection of cardholder data in operational environment.
  • PCI PA-DSS (PCI Payment Application Data Security Standard) covers commercial software, specifically “payment applications” to support PCI DSS compliance.
  • PCI P2PE (Point-to-Point Encryption) approval of solutions that use encryption to protect cardholder data. Allows merchants to reduce their PCI DSS validation scope.
  • PCI PA P2PE applies for payment applications.
  • PCI ASV (Approved Scanning Vendor) low-cost remote scanning of Internet-facing IP addresses to report on known vulnerabilities. Merchants pass ASV scans quarterly to pass PCI DSS.
  • PCI PIN Security standard covers secure key management, and processing of PIN data for both online and offline payment card transaction processing.

In addition, UL offers PCI DSS, PCI PA-DSS. PCI PIN, and PCI PTS training courses. Check out our PCI training schedule.

For more information about our PCI evaluations, audits, advisory and training services, please leave your contact details below.