With the unveiling of new rule changes by the Payment Card Industry (PCI) Security Standards Council (SSC) in November 2013, enterprise compliance and security professionals face the third full evolution of PCI Data Security Standards since its introduction. With added requirements around practices such as risk management and third-party responsibility, as well as additional technical requirements, PCI 3.0 will challenge organizations to once again reevaluate their PCI compliance stance. Already struggling organizations will still find PCI compliance costly and just plain hard to achieve.