The Payment Card Industry (PCI) came about during the early days when the Internet was becoming popular for commerce, and businesses began accepting credit cards for online sales. The card issuers began to see fraud occurring and realized that additional security measures were needed to manage the potential risk. Initially, credit card issuers developed and imposed their own set of security standards on businesses that used their cards for online transactions. However, it quickly became clear that working together was more likely to receive widespread adoption than having each issuer impose their own requirements on the businesses. In 2004, a group represented by American Express, Discover Financial Services, JCB International, Mastercard, and Visa was formed to develop a single set of standards. In December, 2004 the PCI Data Security Standards (DSS) 1.0 was created and shared publicly. At that time, all merchants who accepted credit cards, plus payment processors (i.e., entities that process payments on behalf of merchants), were required to comply with the standards.
In 2006, the PCI founders created a quasi-independent organization to continue driving the standards and increase compliance. The PCI Security Standards Council was created and updated the standards to 1.1, which included requirements for online application review and firewall deployments.
Since 2006, revisions to the standards have occurred every 1-2 years. The current version is PCI DSS 3.2.1, which was released in May 2018.