We've been talking about the next iteration of Payment Card Industry Data Security Standard (PCI-DSS) for quite a while; the timeline for the release of PCI DSS 2.0 was never a secret. You could say the PCI Security Standards Council did a decent job with the transition.

The text of version 2.0 will be out next month and will be up for discussion at council meetings. The standard will likely be finalized  in late October, which will allow it to take effect on Jan. 1, according to ComputerWorld.

The big issues were well known. Virtualization topped many people's list of pressing enterprise issues. While 2.0 addresses this, the real meat of the council's guidance is expected in 2011.

End-to-end encryption was also expected to be discussed. The standard, however, will not make a firm recommendation, while it will also avoid discouraging the use of the practice. It might include guidance on how the use of end-to-end encryption could satisfy already-existing PCI requirements. We wonder if tokenization will be discussed? 

There will be a lot of clarifications in general. Will this be enough to satisfy the critics of PCI-DSS, who came out in force last year? Recall the congresswoman who declared, "I do want to dispel the myth once and for all that PCI compliance is enough to keep a company secure." The many high profile card breaches were certainly a black eye. We'll likely see the critics emerge again. Some will no doubt be disappointed.

For more:
- here's the article

Related Articles:
Tokens and encryption to save PCI-DSS?
Europe readying for Visa's new CodeSure card
Security and compliance still the focus of IT spending
The PCI-DSS 2010 roadmap