Visa USA, Inc. and MasterCard International, Inc. will be releasing new security standards within 30 to 60 days. Payment Card Industry (PCI) standards are about one year old now and this is the first major update.

PCI became a universal requirement on June 30, 2005. Adoption of these rules is growing which pleases industry analysts. Visa says that about 22% of Tier 1 merchants are compliant now. This accounts for the processing of more than 6 million card transactions per month. Another 72% of merchants are on schedule to becoming fully compliant. Unlike rules required by federal regulation or other laws, these are private standards that don't have the penalties associated with them that might otherwise be found.

The security standards are broad and list 12 controls that retailers, online merchants, data processors and other businesses implement to protect cardholder information. These include technology controls such as data encryption, end-user access control and activity monitoring, as well as procedural mandates.