September 28, 2017
Every business owner should learn the history of PCI DSS (Data Security Standard). This is knowledge that you need to make sure that every transaction you conduct with customers and business partners is fully secured. The DSS has been specifically engineered and established for just this purpose. It has evolved over the past 13 years to meet rising security challenges from increasingly sophisticated cyber-criminals. However, its basic function - to ensure proper security for business credit card transactions - remains the same as when it was first introduced.
The history of PCI begins in the late 1990s, at a time when losses due to credit card fraud began totaling over $750 million a year. The industry was also reeling due to the first major wave of phishing, hacking and other web-based criminal schemes. It was obvious to the industry that some new measure of protection was needed to combat the perilous rise in fraud activity. At this time, Visa introduced the Cardholder Information Security program, which was a precursor to the PCI DSS.
History was made when the five major credit card companies - Visa, MasterCard, American Express, Discover, and JCB - came together to create a revolutionary new online credit card payment protection system. After several years of various prototypes, the very first version of PCI, known as PCI DSS 1.0, was released to the industry in December 2004.
The purpose of PCI DSS 1.0 was to standardize online credit card payment systems to close all existing loopholes that hackers and phishers could exploit. The system was immediately hailed by the industry as a massive breakthrough, one that offered potential for incremental improvement in the future.
The PCI DSS system has continued to evolve and improve over the years to meet the ever-heightening need for secure web-based credit card transactions. A new law passed in 2005 mandated that all merchants who processed 20,000 or more credit card transactions per year were required to be PCI DSS-compliant. Since this time, the reach of PCI DSS regulations has expanded to cover businesses operating in every corner of the globe. PCI DSS has become the required standard for online credit card transaction security.
2016 saw the introduction of PCI DSS 3.2, the latest model to be introduced. This latest model contains newly updated and revised security protocols that ensure that it will perform at the highest possible standard. The system offers more flexibility in certain key areas, such as stricter in-house passwords and more stringent quality control when it comes to password protection and data security. While PCI DSS 3.2 represents the highest level achieved in this series so far, business owners should note that it is only a matter of time before it is duly replaced by a still more effective system.
The development of PCI DSS over its history shows that things constantly change with time. And the payments industry is thankful for these security standards.We know that you may have more questions concerning data protection and cyber-security. Contact us if you require more info concerning PCI DSS and the latest developments in this quickly evolving world of payments security.