{"id":392,"date":"2013-08-16T12:54:51","date_gmt":"2013-08-16T12:54:51","guid":{"rendered":"http:\/\/www.nationaltransaction.com\/credit-card-merchant\/?p=392"},"modified":"2013-08-17T08:42:15","modified_gmt":"2013-08-17T08:42:15","slug":"pci-council-expected-changes-in-pci-dss-pa-dss","status":"publish","type":"post","link":"https:\/\/www.nationaltransaction.com\/credit-card-merchant\/pci-council-expected-changes-in-pci-dss-pa-dss\/","title":{"rendered":"PCI Council Expected Changes in PCI DSS & PA-DSS"},"content":{"rendered":"
\n
\"Computer<\/a>

Credit: Flickr<\/a><\/p><\/div>\n

Today\u00a0the PCI Security Standards Council (PCI SSC),<\/a>\u00a0an open, global forum for the development of electronic transaction security standards published\u00a0PCI Data Security Standard (PCI DSS) and Payment Application Data Security Standard (PA-DSS) 3.0 Change Highlights<\/i><\/a>\u00a0<\/i>as a preview of the new version of the standards coming in November 2013. The changes will help companies make PCI DSS part of their business-as-usual activities by introducing more flexibility, and an increased focus on education, awareness and transaction security as a shared responsibility with merchant account holders.<\/span><\/p>\n

The seven-page document is part of the Council\u2019s commitment to provide as much information as possible during the development process and eliminate any perceived surprises for organizations in their PCI credit card security planning. Specifically, the summary will help PCI Participating Organizations and the assessment community as they prepare to review and discuss draft versions of the standards at the\u00a02013 Community Meetings<\/a>\u00a0in September and October.<\/span><\/p>\n

Changes to the standards are made based on feedback from the Council\u2019s global constituents per the PCI DSS and PA-DSS\u00a0development lifecycle<\/a>\u00a0and in response to market needs. Key drivers for version 3.0 updates include: lack of education and awareness; weak passwords, authorization, verification and authentication challenges; third party payment security challenges; slow self-detection in response to malware and other threats; inconsistency in assessments.<\/span><\/p>\n

\u201cToday, most organizations have a good understanding of PCI DSS and its importance in securing credit card data during transactions, but implementation and maintenance remains a struggle \u2013 especially in light of increasingly complex business and payment technology environments,\u201d said Bob Russo, PCI SSC general manager. \u201cThe challenge for us now is providing the right balance of flexibility, rigor and consistency within the standards to help organizations make payment security business-as-usual. And that\u2019s the focus of the changes we\u2019re making with version 3.0.\u201d<\/span><\/p>\n

Based on feedback from the industry, in 2010 the Council moved from a two-year to a three-year standards development lifecycle. The additional year provides a longer period to gather feedback and more time for organizations to implement changes before a new version is released. Version 3.0 will introduce more changes than version 2.0, with several new sub-requirements. Proposed updates include:<\/span><\/p>\n