Thursday September 20, 2018
PCI Discussion Forum
PDF Print E-mail
PCI Oversight and History

The PCI DSS is a set of 12 high-level requirements and 221 sub-requirements covering major information security domains such as data encryption, patching, system hardening, physical security, auditing, logging, and application security. While the PCI DSS is made up of industry accepted practices, it still has some areas that could be open to interpretation that requires an in-depth understanding.
  • PCI SSC- The regulatory body for PCI is the PCI Security Standards Council, or PCI SSC. The PCI SSC is a collaborative agreement between five members of credit card lending including: Visa, MasterCard, American Express, Discover Financial Services, and JCB International. The PCI SCC is committed to the development, awareness, and education of PCI. The PCI SSC is also responsible for setting PCI standards to which merchants are to comply.
  • PCI History
    • 2004 -PCI Data Security Standards effectively started in when MasterCard, Visa, American Express, Discover, and JCB created and collaborated payment card practices. The companies referred with each other's standards to create a concise and singular set of compliance standards.
    • January 2005- The PCI SSC has estimated that 234 million records with sensitive data have been breached, thus noting the need for a regulatory body.
    • June, 30, 2005- Regulations took effect and were monitored collectively by the five PCI SSC founders.
    • 2008 - Particular instances have included breaches at large companies such as TJX, Shell, and Hannaford. The recent breach at Hannaford occurred in 2008, which has led to the development and implementation of PCI DSS version 1.2.

Sensitive Data Breach Incidents
Sensitive Data Breach Incidents


Tools and Calculators

Gap Assessment Tool
Take this assessment to gain greater insight into the challenges you are facing

Business Resources