When the PCI Council last gave some hints as to what the upcoming PCI DSS 3.2 rules will be (about two weeks ago, back on Feb. 17), it said the spec would be released “in the March/April timeframe.” A council official on Wednesday (March 2) tweaked that guidance, ruling out March and saying that the council “anticipates an April release of the standard.”
The timing of the new PCI rules (aka guidelines that really and truly do not like being ignored) is important as they are lengthy, complicated and merchants—especially smaller merchants—are going to expect PFs to know them intimately. Also, as PCI requirements get increasingly stringent and complex, the need for PFs to take over those duties will grow.
Council spokesperson Lindsay Goodspeed said in an e-mail on Wednesday that the decision to announce the new rules on the later end of the initial timetable was based on industry comments.
“We are making some minor clarifications to the existing draft of PCI DSS 3.2 based on additional industry feedback and anticipate an April release of the standard,” Goodspeed said.