The PCI Security Standards Council gave notice today of a 90-day extension for the PABP (Payment Application Best Practices) expiration date.

After discussion with Payment Application vendors, the PA-QSA community and other stakeholders, the Council is extending this deadline by 90 days to March 2nd 2011. Accordingly, after March 2nd 2011, PCI SSC listed PABP v1.4 applications may only be used in pre-existing deployments.

This updated deadline recognizes the challenges many merchants and Payment Application end users have in implementing system changes over the busy holiday period, and allows the Payment Application vendor community to consider submitting new versions of their products for assessment against the new PA-DSS 2.0 standard that was discussed at our recent Community Meetings.

Neither the PA-DSS 2.0 standard nor the holiday period are any kind of surprise, so the Council may have had other reasons at this late date for extending the deadline.