The PCI Security Standards Council (PCI SSC), the global body that sets payment card security standards, has sharpened its focus on India and South Asia as the region's digital payments ecosystem continues to scale rapidly, according to its first-ever annual report released this week.

The report highlights broader representation in governance, with a record 64-member global Board of Advisors for the 2025-2027 term, aimed at increasing geographical and market diversity. The PCI Security Standards Council highlights the launch of the India-South Asia Regional Engagement Board (REB) in August 2025, marking a significant step in localizing global payment security standards for one of the world’s fastest-growing payments markets.

Indian and South Asian firms now have a more direct channel into how future PCI standards are drafted and revised. The newly formed India-South REB includes key Indian and regional players across banking, fintech, payments processing and technology, including NPCI, HDFC Bank, Google, Cred, Zeta, among others. The REB will advise PCI SSC on regional risks, implementation challenges and evolving fraud patterns unique to India and South Asia.

Gina Gobeyn, Executive Director, PCI Security Standards Council said, "As payment technologies continue to evolve and transaction volumes grow, collaboration across the global payments’ ecosystem is more critical than ever. This first annual report reflects the collective effort of our Participating Organizations, partners, and stakeholders to advance payment security for businesses and consumers everywhere."

India has emerged as a critical market for global payment security bodies due to the sheer scale of transactions flowing through digital rails such as UPI, cards, wallets and embedded payments.

"The PCI SSC 2025 Annual Report reflects an approach that is continually aligning with an increasingly complex payments landscape. The report brings more clarity through its product-family approach and stronger alignment across standards, guidance, and training. The Council's expanded global engagement and new regional collaboration, reinforces the industry-led momentum needed to keep payment environments resilient as threats and technologies evolve," said Aniket Bhosle, Partner, Technology Consulting Ernst & Young LLP.

"Active engagement from India, South Asia, and the Middle East, as highlighted in the PCI SSC Annual Report, demonstrates the power of community-driven collaboration in advancing payment security. I sincerely thank the payment industry stakeholders across these regions for their continued contribution and collaboration," added Nitin Bhatnagar, Regional Director India, South Asia and Middle East.

The PCI SSC report flags a sharp rise in transaction volumes, speed and complexity globally. The pace of change in payments continues to accelerate, and threats evolve as emerging technologies, new payment devices and third-party integrations are expanding the attack surface for fraud and cybercrime.

For India, where mobile-led payments dominate, PCI Security Standards Council said 2025 saw heightened focus on mobile payment security, e-commerce safeguards and software security standards.

The PCI Security Standards Council introduced guidance on the use of artificial intelligence in payment environments, including principles for using AI in PCI assessments, a move that comes as Indian banks and fintechs increasingly deploy AI for fraud detection, underwriting and customer onboarding.

It also set up an E-commerce Guidance Task Force to align security standards with real-world implementation challenges faced by merchants and payment processors.

PCI Security Standards Council said it will continue expanding regional participation and training programs in emerging markets, including India, as it heads into its 20th anniversary year in 2026.