The five leading payment card companies joined together today to update to announce the formation of an independent council to manage and enforce the Payment Card Industry (PCI) Data Security Standard.
Established by American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International, the new PCI Security Standards Council gives the industry a united front to consistently communicate PCI DSS policies and to roll out regular changes to the standard.
In fact, today the council announced its first action by unveiling the new PCI DSS version 1.1. The revisions announced today primarily address best practices surrounding application level security and the recognition of compensating controls, said Seana Pitt, chairperson for the council.
"There are places in the standard that will give more pathways and more avenues for a stakeholder to be able to implement other things other than the given requirement," Pitt said.
Pitt said that the council hopes to help the PCI data security standard evolve as the information security changes by working collaboratively with a variety of stakeholders responsible for improving cardholder data security
"One of the things that we have heard in the past is that merchants and processors would like a seat at the table to improve the standard going forward, making more applicable," she said. "So that is one of our key goals as we go to market with this new company."
In order to do this, the council will immediately begin a campaign to start recruiting a participating organization membership made up of businesses touched by payment processing, she said.
"We've kept our qualifications very broad," she said. "If you play in the payment processing space and you're dedicated to driving security and customer protection, we'd like you to come join us."
This includes banks, processors, merchants and gateway providers, among others, she said. From there these members will elect a board of advisors that will give counsel to the vested payment industry players when it comes to the standards.
"That is going to be a group of people that will work with our executive committee on helping influence the strategic direction and what's next for this organization," she said.
She hopes the organization can lay this groundwork in the next six months in order to begin the process of starting regular updates to the PCI standard.
"We're thinking that it will fall very naturally on a yearly release schedule, pending no emerging threats that are an ‘all hands on deck' situation," she said.