The organisation responsible for the Payment Card Industry Data Security Standard (PCI DSS) has begun the process of analysing and updating the rules that aim to protect the private details of millions of consumers and businesses around the world.
The PCI Security Standards Council announced that it would be reviewing the current standards and making amendments, although it confirmed that businesses would not need to take additional action once a decision is reached.
The council published a report as to how the threats to the payment card industry have changed and evolved in the recent past and explained how this would be reflected in the revamped PCI DSS.
A variety of industry areas are covered by the PCI DSS and the first set of changes are to be instigated by October, with alternations to PIN security on cards. The PCI Security Standards Council said that it was preparing those who would be affected by the changes as the launch date draws near.
The buzzword surrounding the updated PCI DSS is flexibility and the council believes that businesses, financial institutions and PCI suppliers will be able to scale their operations and defences to match the severity of the threat, in addition to having access to improved tools for reporting and detecting vulnerabilities.
Significantly, there will be no additional obligations enforced as a result of the PCI DSS revision, with a greater emphasis on the allocation and appreciation of responsibility.
The council’s Bob Russo said that the fact that the update was only going to make small adjustments to the current PCI DSS underlined the robustness of the existing security standards.
Mr Russo went on to say that the council was giving organisations plenty of notice ahead of the changes in order to accommodate any necessary alterations or updates to policy and systems.
Further to updating the PCI DSS, the council is set to chair events at which key groups will be able to express their opinions and become involved in the process of formulating future security strategies.