GS Logo
The Green Sheet, Inc

Please Log in

A Thing
View Archives

View PDF of this issue

Care to Share?

Table of Contents

Lead Story

PCI: Is it working?


Industry Update

FACTA shatters credit, debit card myths

Frontier takes nose dive

Diners Club on Discover's menu

Wish for dying kids takes flight


Interchange fees and ATM usage

Travis K. Kircher

PCI Timeline

Industry Leader

Anna Solomon –
Parent, president, payments advocate


Going green ain't always cheap

Patti Murphy
The Takoma Group

IP yea, dial-up nay

Scott Henry

Smack those hackers down

Ben Goretsky
USA ePay


Street SmartsSM:
Go from middlin' to marvelous

Jason Felts
Advanced Merchant Services

Factors of FACTA compliance

David Mertz
Compliance Security Partners LLC

POS hardware: Lemon or dream machine?

Dale S. Laszig
DSL Direct LLC

Marketing in compliance

Nancy Drexler

Strategizing for ISO growth

Lane Gordon

Company Profile

U.S. Merchant Systems

New Products

Cut out the transaction fat

Slim CD
Company: Slim CD Inc.

Customer stickiness with a single swipe

Company: Chockstone Inc.


MLS reloaded



Resource Guide


A Bigger Thing

The Green Sheet Online Edition

April 28, 2008  •  Issue 08:04:02

previous next


PCI Timeline


Visa Inc.'s original PIN Entry Device (PED) requirements are established.


POS PEDs need to be evaluated by a Visa-recognized laboratory by Jan. 1.

On July 15, Visa and MasterCard Worldwide decide on a single standard for PED approval and call it the Payment Card Industry (PCI) alignment initiative.

By December, Visa and MasterCard officially introduce the PCI Data Security Standard (DSS), a combination of Visa's Cardholder Information Security Program and MasterCard's Site Data Protection program.


In June, the PCI Security Standards Council (SSC) is established.

Hypercom Corp. introduces P1300 PIN, the first handheld PED to meet PCI DSS standards, in September.

By October, the standard for software products becomes Visa's Payment Application Best Practices (PABP) regulations.


A revised PCI DSS (version 1.1) is released in September.

The following month, Visa enhances enforcement of PCI DSS, threatening fines against level 1 and 2 merchants still not in compliance.

In November, Visa projects 65 percent of level 1 merchants will be compliant by the end of 2006.

At the end of the year, the PCI Compliance Acceleration Program is implemented.


Eight data security companies form the Payment Card Industry Security Vendor Alliance in February.

Compliance numbers in March reveal that level 1 merchants are 35 percent compliant, level 2 merchants are 26 percent compliant, level 3 merchants are 51 percent compliant and level 4 merchants are "low."

Texas codifies PCI DSS into state law in May.

Compliance numbers improve in July: level 1 merchants are 40 percent compliant; level 2 merchants are 33 percent compliant; and level 3 merchants are 52 percent compliant.

Minnesota adopts PCI guidelines for state law in August.

California tries to enact data security legislation, but Gov. Arnold Schwarzenegger vetoes the proposed consumer data protection bill, citing overlap with PCI DSS.

In November, PIN Entry Device Security Requirements (PA DSS) replaces PABP.

All payment terminals sold in North America after Dec. 31 must be both PCI and PED compliant.


PCI PED takes effect Jan. 1; all new automated teller machines must have a PCI-certified encrypting PIN pad.

An updated version of the Self Assessment Questionnaire (version 1.1) is released in February.

PCI PED II requirements take effect in April, and PA DSS version 1.1 is unveiled.


By July 1, old POS equipment predating Visa PEDs needs to be upgraded to meet Visa's and MasterCard's PED standards.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

North American Bancard | USAePay | Board Studios