The PCI Security Standards Council released its first annual report.

New Delhi [India], February 16: The PCI Security Standards Council (PCI SSC), the global body that sets payment card security standards, has increased its focus on India and South Asia as the region’s digital payments ecosystem grows rapidly, according to its first annual report released this week.

The report emphasizes greater representation in governance, including a record 64-member Global Board of Advisors for the 2025-2027 term, aimed at increasing geographic and market diversity. The PCI Security Standards Council has highlighted the launch of the India-South Asia Regional Engagement Board (REB) in August 2025, a major step in localizing global payment security standards for one of the world’s fastest-growing payments markets.

Indian and South Asian firms now have a more direct channel to decide how future PCI standards are drafted and revised. The newly formed India-South REB comprises key Indian and regional players in banking, fintech, payment processing, and technology, including NPCI, HDFC Bank, Google, Cred, Zeta, and others. The REB will advise the PCI SSC on regional risks, implementation challenges, and fraud patterns specific to India and South Asia.

Gina Goben, Executive Director of the PCI Security Standards Council, said, “As payment technologies continually evolve and transaction volumes grow, collaboration across the global payments ecosystem is more important than ever. This first annual report showcases the collaborative efforts of our participating organizations, partners, and stakeholders to advance payment security for businesses and consumers everywhere.” India has emerged as a key market for global payment security bodies due to the large scale of transactions conducted through digital methods such as UPI, cards, wallets, and embedded payments.

Aniket Bhosale, Partner at technology consulting firm Ernst & Young LLP, said, “The PCI SSC 2025 Annual Report demonstrates an approach that aligns with the increasingly complex payments environment. The report brings greater clarity through its product-family approach and stronger alignment across standards, guidance, and training. The Council’s increased global engagement and new regional collaborations reinforce the industry-led momentum needed to keep the payments environment robust as threats and technologies evolve.” The PCI SSC Annual Report highlights that active engagement from India, South Asia, and the Middle East demonstrates the power of community-driven collaboration in advancing payment security. Nitin Bhatnagar, Regional Director for India, South Asia, and the Middle East, said, “I sincerely thank the payment industry stakeholders in these regions for their continued contribution and support.”

The PCI SSC report shows rapid growth in transaction volume, speed, and complexity worldwide. The pace of change in payments continues to accelerate, and threats are increasing as new technologies, new payment devices, and third-party integrations expand the attack surface for fraud and cybercrime.

For India, where mobile-led payments dominate, the PCI Security Standards Council said that 2025 sees increased focus on mobile payment security, e-commerce safeguards, and software security standards.

The PCI Security Standards Council released guidance on the use of artificial intelligence in the payment environment, including principles for using AI in PCI assessments. This move comes at a time when Indian banks and fintechs are increasingly using AI for fraud detection, underwriting, and customer onboarding.

It also created an e-commerce guidance task force to align security standards with real-world implementation challenges faced by merchants and payment processors.

The PCI Security Standards Council stated that it will continue to expand regionally, with participation and training programs in emerging markets, including India, in 2026, its 20th anniversary year.

For more information about the annual report, visit the PCI SSC website.

About the PCI Security Standards Council The PCI Security Standards Council (PCI SSC) leads a global, cross-industry effort to advance payment security by providing industry-driven, flexible, and effective data security standards and programs that help businesses detect, mitigate, and prevent cyberattacks and breaches. Connect with the PCI SSC on LinkedIn. Join the conversation on Instagram and (formerly Twitter) @PCISSC. Subscribe to the PCI Perspectives blog. Listen to the Coffee with the Council podcast.