Six merchant trade groups have submitted a joint letter to the Payment Card Industry Security Standards Council calling for changes to the PCI data-security standards. Members of the merchant groups "take data security seriously and have spent in excess of $1 billion on PCI DSS compliance as part of their security programs," says the letter, signed by representatives of the National Retail Federation, National Restaurant Association, American Hotel and Lodging Association, National Council of Chain Restaurants, Association for Convenience Petroleum Retailing, Merchant Advisory Group and the International Franchise Association. "However, it is becoming increasingly difficult for our members to comply with the program's requirements in a cost-effective and timely manner, especially in this difficult economic climate." The coalition wants council members to be able to formally review and comment on revisions to the standards before the full council approves them. It also seeks to delay the sunset date of version 1.1 of the PCI standards to Dec. 31, 2009, from Dec. 31, 2008, and to give merchants the option to not have to store card information for possible dispute resolution. The letter also asks the council to start developing a new standard to protect cardholder data that includes end-to-end encryption, similar to the planned development of a new standard the Accredited Standards Committee X9 Inc. announced in April. "The council actively seeks and encourages collaborative input on the PCI DSS from all interested parties," Robert Russo, council general manager, said in a statement responding to the letter, noting that on July 1 the council will enter the first feedback stage on the next version of the standard. "We encourage all participating organization stakeholders, including the letter's authors, to actively participate in that feedback process."