The document provides a history of the PCI Data Security Standard (DSS) and discusses some key aspects of PCI compliance and validation. It describes how compliance means meeting all DSS requirements at a given time and validation involves a review to determine compliance. Some common reasons for data breaches are discussed, such as issues with quality security assessments (QSAs) and companies hiding things or falsifying documentation. Case studies are presented of companies that both achieved and failed PCI compliance. Concerns around data breaches costing companies money and competitive positioning are also covered.