On Thursday, August 12, 2010, the Payment Card Industry Security Standards Council (PCI SSC) released a document highlighting proposed revisions to the PCI Data Security Standard (PCI DSS) and Payment Application-Data Security Standard (PA-DSS). These revisions will not include significant changes to the current standards, but seek to:
- Provide clarity on the requirements, scoping, and reporting;
- Improve flexibility for merchants to comply with the requirements;
- Address new and evolving risks;
- Incorporate industry best practices; and
- Eliminate redundancies.
The PCI SSC expects to provide a detailed summary of the changes and pre-release versions of the standards to internal participants in early September. PCI DSS 2.0 and PA-DSS 2.0 should be released to the public on October 28, 2010, and will become effective on January 1, 2011.
Merchants, payment card processors, and payment application developers should continue to watch these developments to ensure that their services remain compliant with the standards.