PCI Security Standards Council invites industry input during next phase of standards development
Date: Fri, 11/04/2011 - 16:27
Official feedback period from November 2011 to April 2012 will solicit comments and experiences of members and wider community on PCI DSS and PA-DSS for improved payment security
The PCI Security Standards Council (PCI SSC), a global, open industry standards body providing management of the Payment Card Industry Data Security Standard (PCI DSS), PIN Transaction Security Requirements (PTS) and the Payment Application Data Security Standard (PA-DSS), announced the launch of its formal feedback period on version 2.0 of the PCI DSS and PA-DSS, inviting Participating Organizations and assessors to provide suggestions and commentary on the development of the next PCI Standards.
The PCI Council works on a three-year lifecycle to update the PCI Standards. Feedback from Participating Organizations representing merchants, banks, processors, vendors, security assessors and those across the payment chain is the foundational element of this process. The feedback period takes place a full year after the new versions of the DSS and PA-DSS were released, giving organizations the opportunity to provide input based on their experiences in implementing the standards. As of December 31, 2011, version 1.2.1of the PCI DSS and PA-DSS is retired and all validation efforts for compliance must follow version 2.0.
Beginning today, PCI stakeholders can submit input through a new online tool that automates and makes feedback easier to supply. All feedback will be reviewed by the Council and included in discussion for the next iteration of the PCI Standards.
In the Council’s last feedback cycle, hundreds of comments were received, with more than 50 percent coming from outside the U.S.
“With the Council’s Participating Organization base having grown substantially in Europe over the last year, and particularly with increased global representation on our Board of Advisors, we’re really looking forward to receiving input from our stakeholders around the world,” said Jeremy King, European Director, PCI Security Standards Council. “In a changing payments environment, it’s this input that will help us maintain a global standard that ensures the protection of cardholder data remains paramount.”
Feedback submissions will be grouped into three categories - Clarifications, Additional Guidance and Evolving Requirements - and shared for discussion with Participating Organizations and the assessment community at the 2012 PCI Community Meetings.
"Our community is made up of experts from across the payments chain, around the world and from organizations of every size, each dealing with different aspects of the PCI process,” said Bob Russo, general manager, PCI Security Standards Council. “We rely on their feedback and unique experiences to help us continually improve these standards for the protection of cardholder data.”