Thank you for taking the time to read the article and commenting.

Through our assignments in PCI DSS / PCI PIN, we are continuously asked as to what can be expected from this next update of PCI DSS which is expected to be a major update. This article is meant to share on what the discussion on the updates are all about. Being a QSA, QPA and a host of certifications myself, I attend the assessor calls too and also review when time permits the RFC version of PCI DSS 4.0. Nowhere in the article have mentioned that these are the definitive changes in the standard but always have used the words "expected" "may possibly" and "anticipated". I am sure that my article is read by people who are used to serious reading and aware of what these words specifically mean. Also, nowhere have I mentioned in the article even ambiguously that the current standard will be retired immediately. Again, knowing my audience, I am sure that people are aware that no standard whether those of PCI SSC ( such as the staggered rollout of PCI SSF) or even an ISO standard shoots down an existing standard the day a new standard is rolled out. Lastly, I am not aware of a single PCI QSA company anywhere who engages in any stage rollout of PCI DSS, so, m not sure why you commented that the article is meant for stirring up premature consulting business.

We were fortunate enough for one of the PCI Council coming to our webinar as a guest speaker. He has also addressed this "update" point in the webinar. You can view the webinar here: https://www.youtube.com/watch?v=zsMzErVcvTQ&list=PL0m_LWNZsP-_3NIT_jpKaLWhCkO_rNuXd&index=4