Article

PCI Standards to be updated on new three-year cycle

Robert Westervelt, News Editor

The Payment Card Industry Security Standards Council (PCI SSC) will update the Payment Card Industry Data Security Standards (PCI DSS) on a new three year cycle.

PCI DSS has been on a two year update cycle. The council made the changes to give merchants more time to implement the standards between iterations. In addition, the PIN Transaction Security (PTS) requirements and the Payment Application Data Security Standard (PA-DSS), will also be moved to a three year development cycle.

The changes also give merchants, banks, processors and vendors more time to submit feedback about propose changes and additional time to discuss feedback at two community meetings prior to finalizing any changes in year three.

"Moving the revision cycles to three year periods for all three existing standards ultimately means organizations have additional time to focus on making sure they have the appropriate processes and controls in place to secure cardholder data," Bob Russo, general manager of the Council said in a statement.

Russo did not rule out any mid-lifecycle changes. The council will evaluate technologies and threats and issue guidance materials or changes as necessary, he said.

The new 36-month lifecycle is broken into eight stages, allowing for a gradual, phased introduction of new versions of the standards to prevent organizations from becoming noncompliant when changes are published. The Council said the new time period also provides greater transparency

    Requires Free Membership to View

into the development process, encouraging more participation from stakeholders.

The last major update to PCI DSS was in 2008. In an interview conducted in March, Russo said he anticipated no major revisions to the PCI standard due in October. The council may provide guidance documents on so called end-to-end encryption technologies and the use of tokens to replace credit card numbers in merchant systems. A guidance document may also address the rising use of virtualization technologies in the payment process.

A draft revision of the new standard is available and the organization will gather any remaining feedback at its community meetings in September.

The Council will hold a webinar to discuss the lifecycle changes today at 3 p.m. ET and June 23 at 11 a.m. ET.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: