PCI-DSS is a global "standard". It'll be a really interesting case study some day. On one hand it HAS uplifted the lowest common denominator security standards to a common, not too awful level. On the other, there's a massive industry dedicated to extracting money from retailers and others who take CC payments and getting them the right bit of paper whilst making no real difference to a shonky security posture.
Or so I hear.