In June, the PCI Security Standards Council separately issued guidance on how the PCI Standards should be applied to protect payment card data used to conduct transactions virtually (e.g., in the cloud) and using mobile payment applications. First, the virtualization guidance describes how the PCI Standards apply to virtual environments, including identifying practical methods and concepts for the deployment of virtualization in payment card environments and suggested controls and best practices for meeting the requirements of the PCI Standards in those environments. In addition, the mobile payment application guidance separates mobile payment acceptance applications into three separate categories based on the type of underlying platform and its ability to support PCI compliance. Importantly, the guidance identifies payment applications that operate on a consumer electronic handheld device (e.g., smart phone) that is not solely dedicated to payment acceptance for transaction processing as a category of application that will not be evaluated for validation under the Payment Application Data Security Standard until further guidance and standards can be developed.