The Payment Card Industry Data Security Standard (PCI DSS) was created in response to the rapid growth of credit card transactions in the 1990s causing thousands of small companies to start storing credit card data and processing consumer transactions on unprotected networks. Since many of these small businesses didn’t know how to properly secure these credit card transactions, it also led to a rapid increase in data theft and a growing concern from banks and credit card companies about ways to protect their brand and consumer accounts. In an effort to resolve the growing concern around payment card fraud and cybercrime in general, industry leaders such as Visa, MasterCard, and American Express got together and created a global security standard to protect online card payments.
The PCI DSS standard was established to set basic guidelines and requirements around how businesses must create a safer cardholder data environment, using basic requirements to drive minimum requirements around security that would lead to more secure business systems. As the standard evolved and procedures more refined, PCI DSS became an internationally accepted standard for all merchants and service providers.
PCI DSS History
PCI DSS was introduced in December 2004, after Visa and other brands had introduced their own standards. These brand-specific standards weren’t well received by merchants and service providers, since these were small companies that didn’t need the confusion of multiple standards.