"The primary driver for the PCIDSS in 2001 were the data breaches which caused banks to issue new cards; merchants were negatively damaged with fraud and financial losses stemming back to the issuing bank. Visa said there needs to be a level of security to prevent this from happening, to increase trust online, but also to minimize costs associated with breaches by limiting the number of times they occur."

Goldberg added some organizations may complain about compliance, but none of the measures are "over the top".