The PCI Security Counsel issued new guidance this week to help merchants secure their ecommerce infrastructures.
The new guidance document comes at a particularly interesting time for the PCI Council. 2013 is a release year for PCI standards.
New items will be discussed and presented at community meetings throughout 2013 prior to the release of the updated standards. The pre-release of the new PCI-DSS 3.0 standard is likely to happen in the September to November time frame. The new standard would then become effective on Jan. 1, 2014.
The PCI-DSS 2.0 standard will remain active for an additional year after the release of the PCI-DSS 3.0 standard.
“A lot of the exploits we’re seeing today are older exploits that should not still be happening,” said Bob Russo, general manager, PCI SSC. “This set of guidelines is an attempt by the community at large to make sure that people have guidance.”