PCI Rollout Plans Solidifying, U.S. Briefing Sept. 23
Written by Evan SchumanWhile various payment players are still arguing this summer about what to include in PCI 1.2—still slated to be unveiled in late October—they now have some real deadlines: the PCI Security Council will be officially briefing members and QSAs at a pair of three-day meetings starting in September.
The North American briefing/feedback session will happen in Orlando, Fla., at the Omni Champions Gate Resort Sept. 23-25, followed by a European briefing in Belgium at a Crowne Plaza hotel Oct. 21-23.
The meetings are officially going to be opportunities for feedback—and there is always the chance that if enough opposition is voiced about any one area, it could change—but the PCI drafts released to those attending will reportedly be virtually final.
Officially, PCI participants are still debating exactly when to roll out the PCI specs to the world, but they have consistently said it would happen before the end of October. Given the desire to share these details with members before the public, the Oct. 21-23 Belgium briefing certainly suggests an announcement will most likely happen the week of Oct. 27.
Indeed, it further questions how seriously the PCI Security Council plans on considering European feedback, given that they are briefing them a mere handful of days before their self-imposed public release deadline. Then again, at least the European community is getting their own briefing, which is more than Asian or Australian retailers are getting. One insider said that plans are in place to make sure Asia gets its own briefing with the next major PCI rollout.
Cards issued by European banks when used online cross border don't usually support AVS checks. So, when a European card is used with a billing address that's in the US, an ecom merchant wouldn't necessarily know that the shipping zip code doesn't match the billing code.
-Marc
