Since Heartland is a company that has taken a very strong view of security, this is very interesting…
Heartland Payment says system was breached - International Herald Tribune.

Thanks to the guys at PaymentsNews for the heads-up.  Here’s the press release - link
More information is also available here

American Express bitten by XSS bugs again • The Register.
I haven’t seen this confirmed anywhere and I need to look around a little more for supporting information, but, if true, this sort of ironic situation always makes me laugh a little….

NetSPI was the feature article in today’s Star Tribune business section.
Penetrating IT security to find the weaknesses.

It’s good to see a ‘vendor’ understanding that providing a secure solution is extremely valuable to the retail community…
VeriFone Takes Lead in Securing Card Payments with PA-DSS
Will Only Provide PA-DSS Audited Payment Applications in Initiative that Supports New Rules Governing PCI Compliance for All Levels of Merchants
VeriFone Takes Lead in Securing Card Payments with PA-DSS - MarketWatch.

This is an article on Storefrontbacktalk that think everyone should see…  PA-DSS is a very misunderstood situation at the moment and has a LARGE number of software vendors suddenly scrambling for certification.
Their scrambling successfully (or unsuccessfully) is going to have real impact on the PCI standing and security posture of the entire retail community.  There are currently only 16 consulting organizations in the US that are performing this work and, as my employer (NetSPI) was one of the first 8 on the list, we are heavily focused on this aspect …

Here’s the link to the summary of changes that are going to take effect on October 1, 2008 and the link below is the FAQ that accompanies …
pci_dss_summary_of_changes_v1-2.pdf (application/pdf Object).
FAQ
There will be a follow-up post on this and it’s potential immediate impact on L1 and L2 retailers over the next few days.

This is a new site/certification (CPISM) for professionals involved in the payments industry. It’s something that has been very necessary as PCI expertise does not often equate to payments expertise.
Society of Payment Security Professionals.