The second installment of the Payment Card Industry Data Security Standard (PCI DSS) is due out in the fall.PCI DSS
version 1.2, the first update since September 2006 when the PCISecurity Standards Council began driving
the standard, is due out inOctober and incorporated feedback from some 450 participatingorganization, the council announced Wednesday.
The council said it tapped into recommendations from retailers, securityproduct vendors, electronic funds transfer networks, point-of-saleapplication developers and banks.
The new version of the standard will contain a number of changes,including a more concentrated list of sub-requirements to avoidoverlapping; further clarification on reporting protocols; and expandedsections for glossary searches and frequently asked questions.
"We believe adoption of PCI DSS version 1.2 will increase cardholderdata security and minimize the risk of data breaches that can challengethe positive public perception of the security practices of merchantsand financial institutions involved in the payments chain," said BobRusso, general manager of the PCI council.
According to the latest figures from Visa, one of the five major globalcard brands which has agreed on the PCI DSS, 65 percent of level-onemerchants -- which process more than six million card transactions peryear -- have attained compliance with the standard.
The figures, released in October, also show that 43 percent oflevel-two retailers -- processing between one and six milliontransactions per year -- met the requirements.
At press time, a Visa spokesman was checking to see if the payment brand had any current stats.