WAKEFIELD, Mass. — The PCI Security Standards Council here announced Tuesday that all three of its standards will follow a three-year development lifecycle period.
Two of the standards — the PCI Data Security Standard and the Payment Application Data Security Standard — previously used a two-year development period, which ends with the release of updated versions in October 2010. The other standard — the PIN Transaction Security requirements — already used a three-year cycle that concluded with a new release (Version 3.0) last month.
The change is a result of ongoing feedback the council has received from merchants, banks, processors and vendors worldwide, requesting more time to implement the standards and establish strong payment security fundamentals within their organizations. As part of the extended lifecycle, stakeholders will not only have a longer period to apply the standards, but also to submit feedback, as well as the additional opportunity to discuss feedback at two community meetings prior to year three in the development process, said the council in a statement.
The three-year lifecycle also provides the council additional time to consider market dynamics, emerging threats and new technologies before issuing the next version of the standards. Throughout the lifecycle, the council will continuously evaluate evolving technology and threats, and if necessary, will make mid-lifecycle changes to the standards or provide supplemental guidance about these issues, the statement said.
“The PCI Security Standards Council relies heavily on feedback from our participating organizations and the PCI community to create standards that strengthen the security of payment card data, and the input we’ve received has been overwhelmingly in favor of lengthening the lifecycle,” said Bob Russo, general manager of the council. “Moving the revision cycles to three-year periods for all three existing standards ultimately means organizations have additional time to focus on making sure they have the appropriate processes and controls in place to secure cardholder data.”
Read More of Today's Headlines
