Industry pundits have spent copious amounts of their time bashing PCI and complaining that is does not work and therefore should be abandoned. In this document, the Council maps out a long-term pragmatic and strategic plan for PCI compliance. PCI gained critical mass with the release of version 1.1 in September 2006. Version 1.2 was released in October 2008. PCI is a multi-year effort, detailed in the PCI Lifecycle Process. The overarching issue is that security and good security in particular, takes time.”]
Source: https://www.csoonline.com/article/2124077/pci-debate-ignores-planned-improvement-cycle.html