Welcome to PCI Journey

This is a site that discusses the challenges and opportunities presented by PCI DSS compliance, and presents options for how to manage these.

Check out the set of Resources we maintain, and read our Blog articles.

What this site is

This site aims to provide an easier introduction to the world of PCI DSS compliance than you might get reading some of the dry PDFs on the card brand and PCI Security Standards Council sites.

It is not fully comprehensive, and definitely should not be relied on as your source of truth for all things PCI.

What this site is not

I’m writing as an industry professional who’s worked with PCI DSS for many years. I think the PCI DSS and related standards do some things, and suit some scenarios, very well. Others, much less well. These articles try to deal with the world of PCI DSS as it is, not as some people might wish it to be.

Where opinions are expressed here, don’t expect a bunch of PCI SSC or card brand bashing. There won’t be any. Plenty of other outlets exist for people venting about those, or you can start your own blog!