I ended up missing NRF’s Big Show in NYC in 2008 and it was a little disconcerting. Prior to this year, I had attended 10 straight shows and, although the memories of the cold (it is always the coldest week of the year) and lugging booth equipment for blocks weren’t the best, I actually enjoyed going. It gives you a good indication of what the industry is going to be focused on for the upcoming year and what the vendor cosmos is up to…

This year (2009), I am going in a new role and with a new focus and I’m excited to re-connect with partners and friends in the industry. I am however a little confused by something - given the focus and attention that PCI has received in 2008, I was expecting a large number of exhibitors to be PCI-related or focused. I thought that the world of retail information security would be front-and-center, but apparently that isn’t the case…

It seems as though PCI is still being looked at as a product-centric issue - if you buy the right products then you will be compliant and your data will be secure. The only exhibitors that show up when you do a search on NRF’s site for keyword PCI are these:

• ACI Worldwide
• Cybera, Inc.
• Hughes Network Systems
• iCongo, Inc.
• ISD Corp.
• MAGENSA
• MagTek
• MTXEPS
• Postilion
• Shift4
• Spacenet
• XAC Automation

To me this is really telling - most of these companies have a ’solution’ for PCI, but it’s really just a way for retailers to offload a small part of PCI-related process/data/technology. I don’t see a single exhibitor that is focused on consulting with retailers to build information security into their business. I don’t see a single exhibitor that is talking about the changing nature of PCI and how to manage that fluid situation.

Maybe they’ll properly address some of these issues during sessions or keynotes? I couldn’t find a schedule at this point detailing what the sessions will cover this year, but I sure hope someone is addressing PCI in an intelligent, holistic manner.

We are not going to be exhibiting this year as it is my company’s first trip to the show (other than me), but I will be wandering the floor, attending sessions, and hitting the after events and I do hope that retailers are starting to understand that point solutions simply can not address information security adequately in today’s environment. I’ll certainly be bringing it up every chance I get (which should make me really popular at the party events.)