We notice you are visiting from a U.S. Internet provider. 
27/01/2010 -
Rumors have been swirling in the merchant services industry about what will and will not be included in the next version of the PCI DSS. Bob Russo, general manager of the PCI Security Standards Council - the organisation responsible for issuing and overseeing the PCI DSS - has just provided some clarification on the new version of the regulations, due to be released in mid-October.
Russo told SearchSecurity.com that the new version of the PCI DSS will contain clarifications but will not include major changes.
"There won't be any surprises," Russo told the news provider. "We're more likely to see guidance documents."
Russo noted that the PCI SSC has focused on guiding merchants through the proliferation of new security technology offerings, such as end-to-end encryption and tokenization. The council has enlisted the help of several special interest groups - such as a report from PricewaterhouseCoopers - to provide research on these emerging technologies.
"Unfortunately there are so many different technologies that merchants may have started down the path with that we need to be careful and study them before prescribing them in the standard," Russo told SearchSecurity.com.
The PCI SSC is now in the third stage of the PCI DSS revision process, which involves reviewing feedback from payment processing industry leaders.
