Five Leading Payment Brands Unite to Strengthen Global Data Security

New Independent Organization to Develop and Maintain Security Standards

WAKEFIELD, MA -- (AllPayNews) -- September 07, 2006 -- American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International today jointly announced the formation of an independent council designed to manage the ongoing evolution of the Payment Card Industry (PCI) Data Security Standard, which focuses on improving payment account security throughout the transaction process. The founding of the PCI Security Standards Council, LLC, marks a significant milestone in the payment industry's efforts to secure payment account data in a globally consistent manner. Ultimately this means that more than a billion global payment card users will benefit from a higher level of security protection against data theft and fraud.

"The payment brands that founded the Council are committed to ensuring the ongoing development of data security standards that are both efficient and effective," said Seana Pitt, chairperson, PCI Security Standards Council. "The creation of this Council is a significant step forward in protecting cardholder information and it underscores the critical nature of this effort."

By establishing the independent Council to manage the PCI Data Security Standard for the payments industry, the founding members are developing a system that is more accessible and efficient for all stakeholders including merchants, processors, point-of-sale (POS) vendors and financial institutions.

Specifically, the PCI Security Standards Council will:

-- Develop and maintain a global, industry-wide technical data security
standard for the protection of accountholder account information;

-- Reduce costs and lead times for Data Security Standard implementation
and compliance by establishing common technical standards and audit
procedures for use by all payment brands;

-- Provide a list of globally available, qualified security solution
providers via its Web site to help the industry achieve compliance;

-- Lead training, education, and a streamlined process for certifying
Qualified Security Assessors (QSA) and Approved Scanning Vendors (ASV),
providing a single source of approval recognized by all five founding
members; and

-- Provide a transparent forum in which all stakeholders can provide
input into the ongoing development, enhancement and dissemination of data
security standards.

"Ensuring the security of electronic payments is of paramount importance to all stakeholders, not just the payment brands," continued Pitt.
To that end, the PCI Security Standards Council invites all parties with a role to play in securing payment account data -- including merchants, payment devices and services vendors, processors, financial institution and others -- to participate in the new organization.

Participating organizations will be able to recommend changes, provide input on future initiatives, have access and the ability to comment on drafts of potential changes to security standards in advance, as well as influence the organization's overall direction. In addition, participating organizations will be able to elect or serve as a member of the PCI Security Standards Council's Board of Advisors.

The PCI Security Standards Council will serve as an advisory group and manage the underlying PCI security standards and each payment card brand will remain responsible for their own compliance programs.

As its first action, the PCI Security Standards Council also announced today the PCI Data Security Standard version 1.1. The new standard addresses evolving security threats and recommends that merchants and vendors take action to fortify application and network level security. It provides a framework for ongoing PCI compliance.

For more detailed information on PCI DSS 1.1, the Council's organizational structure and how to join, please visit www.pcisecuritystandards.org.

About PCI Security Standards Council

The mission of the PCI Security Standards Council is to enhance payment account security by fostering broad adoption of PCI Security Standards. For more information, please visit www.pcisecuritystandards.org.

For further information contact:
Text 100 for PCI Security Standards Council
212-871-4083
pci@text100.com

For brand specific inquiries please contact:

American Express
Christine Elliott
212-640-0622
christine.s.elliott@aexp.com

Discover Financial Services
Leslie Beyer
224-405-5154
lesliebeyer@discoverfinancial.com

JCB
Lib DeVeyra
213-896-3718
lib.DeVeyra@jcbusa.com

MasterCard Worldwide
Christina Rae
914-249-4606
christina_rae@mastercard.com

Visa International
Michelle Brown
650-432-4277
globalmedia@visa.com

The following quotes are attributable to the individual payment brands:
American Express

"Continuing American Express' tradition of superior customer service and protection, we are proud to be a founding member of the PCI Security Standards Council," said Susan Hillel, senior vice president, Global Network Operations, American Express. "We are delighted to join our colleagues across the payments industry to increase further awareness and adoption of data security standards."

Discover Financial Services

"Data security is a top priority for Discover. To this end, we are committed to the development and support of a single security standard in the payments industry," said Rob Tourt, vice president of network services for Discover Financial Services. "We recognize that merchants want a single standard that works for all brands. A universal standard will help increase data security, reduce the risk of system compromises, and achieve shared goals for overall payments integrity. Discover Network is proud to be a founding member of the PCI Security Standards Council and fully supports its mission to achieve this objective."

JCB

"The safety and security of cardmembers' personal information is of utmost importance to JCB," said Tac Watanabe, senior vice president, Global Infrastructure & Technologies, JCB Co., Ltd. "The creation of the PCI Security Standards Council and the cross recognition of PCI Data Security Standards by the five major payment card brands are monumental initial steps in achieving our ultimate goal of preventing the exposure of cardmembers' information through system breaches and other vulnerabilities in the payment infrastructure. JCB is committed to minimizing financial losses and inconvenience to all stakeholders in the payment chain including cardmembers."

MasterCard Worldwide

"For 40 years, the security of cardholders' personal information has been a priority for MasterCard Worldwide. MasterCard is dedicated to working with the payments industry and uniting together to strengthen data security. The formation of the new PCI Security Standards Council represents our combined commitment to helping financial institutions and merchants protect their customers' data," said Bruce Rutherford, vice president, Advanced Payments, MasterCard Worldwide.

Visa International

"Keeping cardholder information secure has always been a cornerstone of Visa's business. Visa has been a champion of the position that every entity that handles payment card information must adhere to the highest data protection standards. However, we have also long maintained that no single organization or entity can do this on its own. Visa therefore welcomes the opportunity to join with other key payment brands in launching the PCI Security Standards Council as a way to strengthen data security standards globally for all stakeholders within the payment chain," said Brian Buckley, senior vice president, International Risk Management, Visa International.

--------------------------------------------------------------------------------

For further information contact:
Text 100 for PCI Security Standards Council
212-871-4083
Email Contact

SOURCE: PCI Security Standards Council