PCI DSS standards to face open comment

The PCI Security Standards Council (PCI SSC) is looking for feedback on its payment industry guidelines and plans to roll out an online tool to make providing input easier.

Member organizations have from July 1 to Nov. 1 to provide “detailed and actionable feedback" on the current version of the Payment Card Industry Data Security Standard (PCI DSS), according to an announcement Wednesday. The move is being made so that the council can gather information for revising future editions of the standards. Revisions based on the feedback may be released in the fall of 2010.

The standards up for comment are for versions 1.2 of the PCI DSS and Payment Application DSS.

The council also announced that it plans to hold two community meetings at which stakeholders have an opportunity to propose and discuss revisions to the next version of the standards. The meetings are planned for Las Vegas and Prague at the end of September and November, respectively. More information is available here.

The feedback from the meetings will be referred to the council's technical working group, which decides whether to recommend a revision or a new version.

Meanwhile, a new electronic feedback tool can make it easier for organizations to prepare feedback on the PCI DSS and PA DSS standards -- on up to five key areas of their choosing, according to the announcement. The form is expected to be distributed electronically on July 1 to members.