A Thing
The Green SheetGreen Sheet

The Green Sheet Online Edition

April 28, 2008 • Issue 08:04:02


PCI Timeline


Visa Inc.'s original PIN Entry Device (PED) requirements are established.


POS PEDs need to be evaluated by a Visa-recognized laboratory by Jan. 1.

On July 15, Visa and MasterCard Worldwide decide on a single standard for PED approval and call it the Payment Card Industry (PCI) alignment initiative.

By December, Visa and MasterCard officially introduce the PCI Data Security Standard (DSS), a combination of Visa's Cardholder Information Security Program and MasterCard's Site Data Protection program.


In June, the PCI Security Standards Council (SSC) is established.

Hypercom Corp. introduces P1300 PIN, the first handheld PED to meet PCI DSS standards, in September.

By October, the standard for software products becomes Visa's Payment Application Best Practices (PABP) regulations.


A revised PCI DSS (version 1.1) is released in September.

The following month, Visa enhances enforcement of PCI DSS, threatening fines against level 1 and 2 merchants still not in compliance.

In November, Visa projects 65 percent of level 1 merchants will be compliant by the end of 2006.

At the end of the year, the PCI Compliance Acceleration Program is implemented.


Eight data security companies form the Payment Card Industry Security Vendor Alliance in February.

Compliance numbers in March reveal that level 1 merchants are 35 percent compliant, level 2 merchants are 26 percent compliant, level 3 merchants are 51 percent compliant and level 4 merchants are "low."

Texas codifies PCI DSS into state law in May.

Compliance numbers improve in July: level 1 merchants are 40 percent compliant; level 2 merchants are 33 percent compliant; and level 3 merchants are 52 percent compliant.

Minnesota adopts PCI guidelines for state law in August.

California tries to enact data security legislation, but Gov. Arnold Schwarzenegger vetoes the proposed consumer data protection bill, citing overlap with PCI DSS.

In November, PIN Entry Device Security Requirements (PA DSS) replaces PABP.

All payment terminals sold in North America after Dec. 31 must be both PCI and PED compliant.


PCI PED takes effect Jan. 1; all new automated teller machines must have a PCI-certified encrypting PIN pad.

An updated version of the Self Assessment Questionnaire (version 1.1) is released in February.

PCI PED II requirements take effect in April, and PA DSS version 1.1 is unveiled.


By July 1, old POS equipment predating Visa PEDs needs to be upgraded to meet Visa's and MasterCard's PED standards. end of article

The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

Prev Next

Current Issue

View Archives
View Flipbook

Table of Contents

Company Profile
New Products
A Thing