There's been plenty of complaints about the Payment Card Industry Data Security Standard (PCI DSS), since it went into effect in 2005. Next week, stakeholders, will have a chance to do something about it.The PCI Security Standards Council is seeking feedback on its payment security guidelines starting Wednesday July, 1 through November 1, when merchants, processors, financial institutions and other key stakeholders will "have the opportunity to provide detailed and actionable feedback in an effort to revise future editions of the Council's standards to improve payment data security," the council said in a statement.
So there you have it. If you think the standard focuses too much on "checklist security" or is too prescriptive, or even too vague, let them know. More information on how is available here.
The council will also hold two community meetings where proposed revisions will be discussed, one meeting is planned for Las Vegas (September) and the second will be held in Prague (November).
To make it easier to file feedback, the standards council will be distributing an electronic form to members next week. I suggest using it.