Russo today pointed to the feedback process and the PwC review as efforts by the PCI security standard council to make the standards process inclusive, transparent and relevant. He noted that since its inception, the PCI council has relied heavily on input from its members and others in the payment industry to shape the standards.

The PCI council's move to ban retailers from using wireless networks based on the Wired Equivalent Privacy (WEP) protocol is one example where the council acted on the feedback from the community, he said. The PCI SSC has also eliminated or consolidated redundant requirements or tweaked requirements based on industry feedback.

"The changes in 1.2 were the result of feedback from the community at large and what they thought needed to be addressed with the standard," Russo said. "This is an opportunity for everyone to come together ... and discuss what needs to be changed for the good of the community or for the benefit of a particular vertical [industry]," he said.

Russo downplayed recent criticisms about the effectiveness of the standards and insisted that when implemented properly, they adequately protect companies against current threats. "At this point, we haven't seen anything in the standard that causes us concern," Russo said. He added that the PwC review was prompted by apparent interest in end-to-end encryption and other emerging technologies.

"What they will be doing is looking at these technologies and seeing what needs to be [included] for them to be considered for the standard," he said. The effort also includes seeing whether the technologies can be used as compensation controls in place of existing PCI requirements, he said.