A: PCI is all about protecting cardholder data. Prior to 2006, all of the major card brands (Visa, Mastercard, Discover, American Express and JCB) each had their own security requirements. In 2006, they decided there needed to be consistency in security requirements across the playing field. As a result, they created a group called the PCI Security Standards Council. The Council was tasked with creating a single, system-wide standard that would apply to all merchants, members, and service providers globally.
The Council created a set of standards called the Payment Card Industry's Data Security Standards (PCI-DSS). The PCI-DSS states that PCI Data Security Requirements apply to all members, merchants, and service providers that store, process or transmit cardholder data.
Every merchant who processes, stores, or transmits cardholder data is subject to PCI and must demonstrate compliance. This is a world-wide initiative.
For information on how to become compliant, please see the "How Do I become Compliant" article or click here.