Chip, by Declan Jewell

PCI DSS 2.0 has been out for over a year now, and the feedback period is almost closed (ends April 15). If you have not submitted feedback yet, do so! But here’s an interesting challenge I would suggest. If you could pick three to five requirements to REMOVE from PCI DSS, what would they be, and why? I’m looking for options to simplify the standard without compromising its goal as it stands today. I’m looking to make this a serious exercise in improvement that we can submit as part of the feedback period.

Comments below are open! Debate below and I’ll forward this entire thread over to the Council for review.

This post originally appeared on

Possibly Related Posts: