Essential Guide

Browse Sections
This content is part of the Essential Guide: PCI 3.0 special report: Reviewing the state of payment card compliance
Get started Bring yourself up to speed with our introductory content.

The history of the PCI DSS standard: A visual timeline

The origins of the PCI Data Security Standard date back to the late 1990s. Explore key events in the history of PCI DSS, from Y2K to PCI DSS 3.0.

The origins of the Payment Card Industry Data Security Standard (PCI DSS) date back further than many believe, to the dawn of the Internet era. Despite its humble beginnings, the PCI DSS has come a long way, with many dramatic and traumatic twists and turns over the years.

As part of our special report on PCI DSS 3.0, SearchSecurity has created this visual timeline, which documents the key events in the history of PCI DSS from the late 1990s to today. After you review the timeline, we hope you'll tell us what you think is the most significant event in the long history of the payment card compliance mandate.

PCI DSS timeline

SearchSecurity wants your feedback. What is the most significant event in the history of the PCI DSS? Are there critical events not listed on our timeline? Leave a comment below. Also visit our special report on PCI DSS 3.0 for additional information detailing many of the events listed above.

Editorial credits
Writer: Eric B. Parizo
UX/visual designer: Brian Linnehan
Visual content editor: Sarah Evans
Copy editor: Francesca Sales
Producer: Lindsay Chase

Image credits top to bottom: Thinkstock, PCI, First Data, Fotolia, Fotolia, wikipedia, Thinkstock.

This was last published in November 2013

Dig Deeper on PCI Data Security Standard

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

Great history lesson on PCI - I like how it is presented in this graphical format! It will be interesting to track the adoption of PCI 3.0, especially since it and the related OWASP Top 10 explicitly address components. And that makes sense since the average application now consists of 80% or more open source components. While components, agile and DevOps have helped speed application delivery, if components are not managed effectively, they put your organization at risk. PCI 3.0 now reflects this reality.

For a detailed whitepaper on PCI 3.0 with an overview about the requirements that impact your application security approach for components, go here -


Mark Troester
PCI started well before 1999 with banks working at developing their own security standards. I know, I was part of that at Citibank.

Thank you.
Tom Hutchings