About PCI Journey

Let’s talk about PCI Journey: who am I? And what this site is all about?


About Pete

PCI Pete

Pete is an experienced payments industry professional, having spent over 15 years dealing with PCI DSS and card brand compliance issues in various roles. Currently he is responsible for PCI DSS compliance at an international service provider.

This site exists to share some of that accumulated knowledge, and to answer questions frequently asked in forums by people starting out on their PCI Journey.

What this site is

This site aims to provide an easier introduction to the world of PCI DSS compliance than you might get reading some of the dry PDFs on the card brand and PCI Security Standards Council sites.

It is not fully comprehensive, and definitely should not be relied on as your source of truth for all things PCI.

What this site is not

I’m writing as an industry professional who’s worked with PCI DSS for many years. I think the PCI DSS and related standards do some things, and suit some scenarios, very well. Others, much less well. These articles try to deal with the world of PCI DSS as it is, not as some people might wish it to be.

Where opinions are expressed here, don’t expect a bunch of PCI SSC or card brand bashing. There won’t be any. Plenty of other outlets exist for people venting about those, or you can start your own blog!

Why should you care about PCI Journey?

PCI DSS is massively important to the consumer payments ecosystem, but very little content is written about it in public. Everyone in the space uses the knowledge barrier to sell you services. Ultimately you’ll learn that most interactions with PCI DSS compliance do have a cost. It’s just the cost of doing business in this space.

But you should be able to learn basic information about PCI DSS compliance for free. After all, the standards are freely available. The goal for the card brands is for everyone who may be subject to these to fully comply. This site offers pointers and suggestions for where to start, and what to consider as you start on your journey towards PCI DSS compliance.

Advertising on this site

Why does this site have lots of ads? I’m not trying to sell you anything, and I don’t expect this site to be a source of revenue. My time spent writing these articles is free, and frankly is rather theraputic! However, my hope is that advertising will help offset the cost of hosting this WordPress site.

You can learn more about my chosen advertising platform Ezoic.


Standard disclaimers apply: nothing in this site is intended to be legal advice, or formal guidance on how to address specific compliance issues. I’m not your QSA, and I’m not doing your risk assessment. If you are in any way unsure about some aspect of PCI DSS, consider retaining a QSA and asking them for guidance.

All product names, logos, and brands are property of their respective owners. All company, product and service names used in this site are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.

Nothing on this site constitutes legal advice. The contents of this site are for general information purposes only. Whilst we endeavour to ensure that the information on this site is correct, no warranty, express or implied, is given as to its accuracy and we do not accept any liability for error or omission.

We shall not be liable for any damage (including, without limitation, damage for loss of business or loss of profits) arising in contract, tort or otherwise from the use of, or inability to use, this site or any material contained in it, or from any action or decision taken as a result of using this site or any such material.