OK - I should be adding some content here, but this short post on Anton Chuvakin’s blog is too good.  If you are in retail IT and ‘compliance’ has been ‘given’ to you (aren’t you lucky), you need to read this post and follow the links….
Anton Chuvakin Blog - “Security Warrior”: Tales From the “Compliance First” World.

American Express bitten by XSS bugs again • The Register.
I haven’t seen this confirmed anywhere and I need to look around a little more for supporting information, but, if true, this sort of ironic situation always makes me laugh a little….

Just got the January 2009 issue of Wired magazine and the first thing I notice is an article about the rise and fall of Max Butler - a hacker that tried to take over the ‘carder’ community.  Wired always does a good job writing these types of articles in a way that is engaging and it is a very interesting read.  I just looked and it’s not on the website, but if you pick up the hard copy, it’s in there…
I think it’s interesting that there are still people out …

I have to admit that I don’t always see eye-to-eye with the PCI Knowledge Base on their approach to PCI in retail (it’s a philosophical thing - they are very good about accuracy, etc.), but this article was very interesting and, I think, very relevant.
I’m actually involved with a webinar that is going to happen in January that discusses PA-DSS and it’s impact on retail technology strategy and buying decisions over the next 18 months.  In other words, as a retailer, why should I care about PA-DSS….  As it get’s …

Here are two good posts giving some clarification that really seems to be confusing for people.  Also, I know I’ve just been re-posting lately, but things have been a little nuts around here - I’ll try to throw together a good rant shortly…
http://pcianswers.com/2008/12/07/saas-compliance-and-levels/
http://pcianswers.com/2008/12/07/service-provider-or-pa-dss/

PCI Blog - Compliance Demystified » Blog Archive » Web application vulnerabilities at large.

NetSPI was the feature article in today’s Star Tribune business section.
Penetrating IT security to find the weaknesses.

Today I got RISNews’ Cross Channel Insights newsletter in my email inbox and the first article I notice is this one…
Enhancing Online Security: U.S. Consumers Lose Nearly $8.5 Billion to Online Threats | | RIS Cross-Channel Retailing Insights: Targeted Articles for Multi-Channel Retailing, E-Tail, and Web Analytics.
Interesting article about a online consumer threats (not really PCI-related) that are affecting online purchasers in a big way. The funny thing - the next article on the newsletter is this one -
High Gas Prices Drive More Shoppers Online This Holiday Season
So, online …

This is an older segment, but it’s interesting to note how much press things like this get out in the general news world.  As information security and identity theft get bigger and bigger as an area of concern in our society, this sort of report is going to be more and more common and people are going to continue to pay more and more attention to this type of situation.
Hi-Tech Heist, How Hi-Tech Thieves Stole Millions Of Customer Financial Records - CBS News.

Not PCI / info-security related, but a little sad news regarding a retailer that ’s been around for a while and is a MN company…
Former Wilsons leather chain says it’s closing
Former Wilsons leather chain says it’s closing.