It’s amazing what the carrot of $20 million in incentives—or the stick of millions in potential fines—can do for an IT-security standard.
On Dec. 12, 2005, Visa USA announced that it would either handsomely reward or seriously punish scores of major banks and card processors, depending on how well they prodded 1,200 U.S. retailers to comply with the Payment Card Industry Data Security Standard (quickly abbreviated to PCI compliance).
