Which entity defines and maintains the PCI DSS?

The Payment Card Industry Security Standards Council is the entity responsible for defining and maintaining the Payment Card Industry Data Security Standard (PCI DSS). This organization was founded specifically to enhance payment card transaction security and to protect cardholder data across the global payment ecosystem.

The Council consists of major credit card companies such as Visa, MasterCard, American Express, Discover, and JCB, which work together to establish a unified standard that all organizations involved in payment card processing must adhere to. The objective is to ensure a uniform level of security, thus mitigating the risk of data breaches and fraud in payment transactions.

In contrast, the other entities listed do not have a mandate to develop or uphold the PCI DSS. For instance, the Federal Trade Commission is primarily focused on consumer protection and fair trade practices, while NIST is known for its standards and guidelines but is not directly responsible for PCI DSS. Payment Gateway Providers offer services that facilitate payment processing but do not define security standards themselves. Therefore, the Payment Card Industry Security Standards Council is the authoritative source for the PCI DSS regulations that businesses must follow.