Bob Russo, Payment Card Industry Security Standards Council (PCI SSC) general manager, told eWEEK that over the last few months as his organization has been discussing the new standard with its members, the response has been very positive. The PCI SSC started to publicly promote and discuss the new PCI-DSS 3.0 standard in August. The new standard places renewed emphasis on continued security monitoring and clarifies the rules that merchants will need to comply with to be PCI-certified.
“A lot of companies are already doing most of what’s in PCI-DSS 3.0 as there really isn’t very much that is actually different in many areas,” Russo said. “It’s a lot of re-emphasis in the areas that merchants need to make commonplace, rather than just treating security compliance as a once-a-year event.”