The PCI Council is scheduled to release version 3.0 of its Data Security Standard and Payment Application Data Security Standard in November with the new standards taking effect some time in January.
From Bank Technology News:
The new version will address several areas of growing concern, says Bob Russo, the council’s general manager. “The biggest area to address with version 3.0 is to make PCI compliance more business-as-usual, so merchants don’t have to think about it,” he notes.
Many merchants approach the PCI security standards as a compliance issue and with a mentality of “I check the box and I’m done with it; I don’t have to worry about it anymore,” Russo observes.
Merchants and payments players need to approach PCI as a security issue rather than a compliance issue, and be constantly diligent about being up to date with the standards, he remarks.
Of note in the new standards is how merchant handle mobile acceptance and payments. Merchants need to be aware of how cardholder data is exposed during those transactions and how to mitigate risks, the council said.
Click here to read more from Bank Technology News.