A: PCI is all about protecting card holder data. Prior to 2006, all of the major card brands (Visa, Mastercard, Discover, American Express and JCB) each had their own security requirements. In 2006, they decided there needed to be consistency in security requirements across the playing field. As a result, they created a group called the PCI Security Standards Council. The Council was tasked with creating a single, system-wide standard that would apply to all merchants, members and service providers globally.
The Council created a set of standards called the Payment Card Industry's Data Security Standards (PCI-DSS). The PCI-DSS states that PCI Data Security Requirements apply to all members, merchants and service providers that store, process or transmit cardholder data.
Every merchant who processes, stores or transmits cardholder data is subject to PCI and must demonstrate compliance. This is a world-wide initiative.