The update to the Payment Card Industry (PCI) Data Security Standard, due this summer, responds to evolving attacks as well as to challenges some businesses have with the encryption of consumer data, Tom Maxwell, director of e-Business and Emerging Technologies at MasterCard International, said. The proposed update includes a requirement to, by mid-2008, scan payment software for vulnerabilities, Maxwell said in a presentation at a security conference hosted by vulnerability management specialist Qualys. The new version of PCI will offer merchants more alternatives to encryption as a way to secure consumer data.