The Payment Card Industry Security Standards Council will update all three of its standards this year, and eventually may put all of them on a three-year update cycle, according to Bob Russo, the council's general manager.
The council expects the first update to be for the PIN Transaction Security standard for devices that use PIN pads by the end of this month, and then it would revise the Payment Application Data Security Standard and the PCI Data Security Standard in October, Russo said in an interview last week. The PA-DSS is for software used in point of sale systems, and the PCI DSS is the umbrella standard for all payment devices.
The payments industry wants more guidance about how to use the standards and a better understanding of how they will evolve, Russo said, and the revised standards will address these issues.
The council also may move the revision cycles to three-year periods for all three standards, he said. The council now updates PCI DSS every two years and the PTS and PA-DSS every three years.
The council has not started work on standards covering emerging mobile payment devices, Russo said. "Ultimately, we will get to these devices because they accept card payments."