The PCI Security Standards Council this fall plans to launch a website dedicated to small merchants, which have asked the council for help in understanding how data-security measures affect them.
The site will explain the principles and rationale behind the council’s efforts to get merchants to comply with the Payment Card Industry Data Security Standard and “why it’s important to protect their customer information,” Troy Leach, the council’s chief technology officer, told PaymentsSource at the council’s Community Meeting in Orlando, Fla., earlier this week.
Details of the new site were not yet available, but it should be easier for merchants to navigate than the existing site, which was designed for anyone interested in council activities and documents, he says.
The council also will revamp it primary website. “We will be completely re-laying it out,” says Jeremy King, the council’s European regional director.
The council’s online revisions are just some of the changes the council has addressed this year, King says. Chief among them is aligning the three security standards–Data Security Standard, Payment Application-DSS and PIN Transaction Security–into three-year cycles, he says (see story).
The Data Security Standard’s move to a three-year lifecycle, which the two other standards already were on, should give merchants more time to work with the existing version while having more time to review upcoming versions, King says.
The Wakefield, Mass.-based council also introduced an internal security assessor training program this year that King says has been successful (see story).
Banks, acquirers or merchants employ internal security assessors to evaluate their organization’s PCI-compliance effort, and they work with third-party qualified security assessors that ascertain an organization’s compliance level.
What do you think about this? Send us your feedback. Click Here.