PCI participating organizations finalize feedback on next version of PCI Security standards at global community meetings
Date: Fri, 10/22/2010 - 10:36
Yesterday, the PCI Security Standards Council (PCI SSC), a global, open industry standards body providing management of the Payment Card Industry Data Security Standard (PCI DSS), PIN Transaction Security (PTS) requirements and the Payment Application Data Security Standard (PA-DSS), announced that more than 1500 members of the PCI community from nearly 40 countries gathered in recent weeks to discuss the next version of the PCI DSS and PA-DSS, making these the most widely attended PCI SSC Community Meetings to date. Version 2.0 of the standards is set to be released on October 28.
Merchants, banks, processors, industry associations, and assessors representing 600 organizations worldwide met first in Orlando, Florida and then Barcelona, Spain for an advance look at the standards and the opportunity to provide a final round of feedback before the revisions become effective at the end of this month.
"We are excited to see that payment card security is maturing globally, as evidenced by the hundreds of stakeholders from organizations around the world who participated in these meetings and the development of the standards, “said Bob Russo, General Manager of the PCI Security Standards Council. “Feedback from our constituents is the lifeblood of the standards development process. The changes to the standards are a direct result of their input and underscore the strength of the standards as a framework for securing cardholder data.”
In addition to the opportunity to engage with Council representatives and members of the payment card brands on the forthcoming standards and the recent updates to the PTS requirements, the forum also provided attendees the chance to:
• Hear from industry experts, including forensic investigators and law enforcement agencies
• Receive updates from the Council’s Special Industry Groups (SIGs) on initiatives around scoping, virtualization, pre-authorization and wireless
• Discuss the Council’s evaluation of emerging technologies, including new guidance on EMV and point-to-point encryption
• Participate in Standards and Internal Security Assessor (ISA) training sessions
“I was especially impressed with the SIG team reports and the industry experts who spoke,” said Orlando Community Meeting attendee, Clifford Gregory, Senior Vice President of Ion Idea, a Participating Organization. “Every person who took the time to participate was of great help to me and to my company. “
The completion of the Annual Community Meetings marks the beginning of the Council’s new three year standards development lifecycle for the PCI DSS and PA-DSS, with the standards being published at the end of October and becoming effective January 1, 2011.