There were technical issues—such as segmentation and tokenization—that didn't get referenced, but also policy issues. Why isn't there a more clear-cut appeal process, for retailers who believe their assessor is improperly interpreting the rules? Today, the council will try and address technical questions, but that rarely involves overruling an assessor. Visa has been known to get involved with a retailer who has an assessor complaint, but that's a very rare occurrence. Read more.
When the PCI Security Council this week detailed a bunch of changes it will include in PCI 1.2, what might be more worthy of note is what they didn't address.