What to Expected for PCI in 2010

The PCI Council held its latest Open Mic session last week where Bob Russo briefed callers on new developments at the Council. These webinars are a great two-way communication between Participating Organizations and the Council. Bob and his colleagues from the payment brands also fielded a number of questions although they explicitly avoided any comment on possible changes to the PCI DSS expected this fall. Earlier, Bob had given press interviews where he said he did not expect any major changes to PCI DSS this year.

Those of you who follow me on StorefrontBacktalk.com know that I reported on a presentation at the Electronic Transaction Association meeting where some of the preliminary directions were presented. Nothing is yet finalized - indeed, as I also reported, the Technical Working Group was meeting at the same time as ETA and still discussing possible changes.

While there is nothing official, we can do a little informed speculation. As I reported, I expect there will be clarification of some requirements. I think we'll also see some very welcome papers on emerging technologies that promise to make PCI compliance easier.

All of this is welcome news and supports the Council's position that PCI DSS is a stable standard that still can respond to emerging threats and new technologies. On the webinar, Bob gave the impression that information will be coming out in stages over the summer.

As soon as information becomes public, you can count on seeing it here. And for those of you attending the Treasury Institute's PCI workshop next week, you will have the opportunity to hear from Bob directly on developments at the Council.