Retail Technology
| Log in | Subscribe
Subscribe | Log in
Retail Technology
Subscribe

The body in charge of administering the card payment data and systems security standards lengthens version controls

The body in charge of administering the card payment data and systems security standards lengthens version controls

 

The Payment Card Industry Security Standards Council (PCI SSC) has announced changes to its standards development lifecycle process, with implications for all members of the payment chain, including retailers.

 

As part of the regular lifecycle process, earlier this year, the PCI SSC introduced the newest iteration of the Payment Transaction Security (PTS) requirements, and in October will update the PCI Data Security Standard (PCI DSS) and Payment Application Data Security Standard (PA DSS), which covers validation requirements for applications used to process payment cards.

 

Focus on development lifecycles

 

But the development, feedback process and roll out of these new standards will now all be subject to longer cycles. The changes to the PCI standards will follow a defined 36-month lifecycle with eight stages, including publication on 1 January of year one, feedback and implementation processes, and the retirement of the old standard by the end of year two.

 

Bob Russo, Payment Card Industry (PCI) Security Standards Council general manager, told Retail Technology the lifecycle ensures a gradual, phased introduction of new versions of the standard in order to prevent organisations from becoming non-compliant when changes are published.

 

Giving merchants a break

 

“The industry spoke and we listened,” he said. “They, in particular merchants, wanted more time to ensure compliance. The standards are relatively mature now. So, after some research, we think the lifecycles changes will work.”

 

During the lifecycle, the Council will continuously evaluate evolving technology and threats, and if necessary, make mid-lifecycle changes to the standards or provide ongoing supplemental guidance about issues affecting merchants, banks, card brands, processors and vendors involved in processing payment card transactions.