Who is responsible for setting the standards for PTS?

The Payment Card Industry Security Standards Council (PCI SSC) is the organization responsible for developing and maintaining the Payment Card Industry Point of Interaction (PCI PTS) standards. These standards are designed to ensure the security of payment transaction devices, such as payment terminals and card readers.

The PCI SSC was established by major credit card brands, including Visa, MasterCard, American Express, Discover, and JCB. It takes feedback from a broad range of stakeholders in the payment industry to create effective security standards that address emerging threats and technological advancements.

The PTS standards focus on protecting cardholder data during transactions and ensuring that payment devices are compliant with security practices that mitigate the risk of data breaches. Organizations that handle card transactions must adhere to these standards to maintain the trust of consumers and protect sensitive financial information.

In contrast, organizations like ISO (International Organization for Standardization), NIST (National Institute of Standards and Technology), and IEEE (Institute of Electrical and Electronics Engineers) may develop standards related to various aspects of technology and information security, but they do not specifically set the standards for PTS. The PCI SSC specifically focuses on secure payment processing, making it the authoritative body for the PTS standards.