Spotlight On: Salesforce, a New Principal Participating Organization
Welcome Salesforce, a new Principal Participating Organization (PPO) at the PCI Security Standards Council! In this special spotlight edition of our PCI Perspectives Blog, Salesforce’s Director of Security Compliance, James Huang, introduces us to his company and how they are helping to shape the future of payment security.
Tell us about your company.
Salesforce is the #1 AI CRM, helping companies connect with their customers in a whole new way. We pioneered cloud-based CRM in 1999, and today we’re leading the shift to trusted, agentic AI. With Agentforce, Salesforce enables organizations to deploy autonomous AI agents that act on unified, real-time data across their systems, helping every employee deliver more personalized, efficient, and secure customer experiences. Our trusted platform powers AI, data, and CRM applications across sales, service, marketing, commerce, and IT, so every team can work smarter and drive meaningful business outcomes.
Why did your company decide to become a Principal Participating Organization?
Meeting security standards is just the beginning for Salesforce. We’re committed to proactively partnering with industry leaders to stay ahead of evolving threats and help protect the entire payment ecosystem. That’s why we became a Principal Participating Organization (PPO). This role gives us a seat at the table to share real-world insights, guide the development of security standards, and help ensure they reflect the latest challenges and technologies. Through our robust security, compliance, and AI-driven initiatives, we bring deep expertise to strengthen both the industry and the PCI standards that safeguard our customers’ payment data.
Which benefits are you most looking forward to as a Principal Participating Organization?
We’re excited to engage in the evolving risk landscape and the innovative strategies being developed to address today’s challenges. As industries continue to transform, we look forward to collaborating with leading experts from around the world to confront emerging threats together. We’re particularly focused on identifying opportunities to strengthen technologies, requirements, and processes that help organizations stay agile and resilient in the face of change. As a Principal Participating Organization (PPO), we’re eager to contribute to the PCI program—sharing insights, offering feedback, and advancing best practices in risk management and compliance.
Why is it important for companies to get more involved with the PCI Security Standards Council, especially at the Principal Participating Organization level?
Participating in PCI as a Principal Participating Organization (PPO) is key to staying ahead of evolving security threats, keeping pace with the latest standards, and building customer trust in today’s increasingly digital and high-risk payment environment. This involvement empowers organizations to identify and reduce threats to payment systems while exploring innovative solutions to manage risk. It also supports the implementation of stronger internal controls to protect sensitive customer data. Serving on the Council provides access to valuable PCI resources and training, helping organizations stay informed on emerging threats, new security technologies, and regulatory developments.
What are some payment security topics that you’re interested in collaborating on?
We’re excited to collaborate and contribute to the ongoing advancement of security within the PCI program. Key areas of focus include identifying efficiencies across frameworks like SOC 2 and ISO, enhancing cardholder data protection and encryption strategies, refining engagement models for third-party service providers, and strengthening risk management and incident response procedures.
