So NRF looms large today as the seminars have begun - I’m going to stick to the Expo floor (convenient since I didn’t purchased a full pass to the show.)  There is the Wincor-Nixdorf reception tonight, which I may or may not be attending, but I’m going to be heading over to get registration out of the way this afternoon. 
Tomorrow I am going to be spending some time with some partners and managing a Q&A session on PCI and PA-DSS, but I’m also going to be walking the show, …

Finally…..
OK, it looks like we have finally gotten our next webinar scheduled for the 27th of January at 1pm Eastern time.  The focus is going to be on the PCI PA-DSS and its impact on the retail (i.e. merchant) community.  It is going to be a joint webinar with a leader in the payments industry and is going to be focused on three areas:

PA-DSS Overview (non-technical)
Why it matters to retailers as they make strategic technology decisions in 2009
Who in the payments / POS ‘world’ understands PA-DSS’s impact and are making …

Thanks to the guys at PaymentsNews for the heads-up.  Here’s the press release - link
More information is also available here

PCI Council and Visa See More PCI Compliance - Bank Systems & Technology.

This has been a needed piece for some time - PCI has created a mad rush to sell, sell, sell and has allowed some companies to exploit fear and confusion to profit unfairly to the detriment of their clients.
I have seen too many situations where we get involved with a client that has previously been working with another partner only to find multiple vulnerabilities that were somehow ‘missed’ by our predecessor or to learn that our client has just spent $2M buying hardware from their audit company (based on that …

Here’s the link to the short article on Chain Store Age…
article

I’m late here, but another very good article from StorefrontBacktalk regarding the Hannaford breach and the reaction from Bill Homa.
StorefrontBacktalk - Former Hannaford CIO: Avoid Microsoft And Change PCIs Encryption Rules.
I think this one paragraph is particularly interesting:
As for the oft-repeated song that Hannaford was breached while PCI compliant indicates some sort of a PCI indictment, Homa said it comes down to two things: “Either the standards weren’t strong enough or the assessor wasn’t doing his job.”
I think this is an interesting statement for a couple of reasons - first …

Thanks to the guys at Payments News
The PCI Security Standards Council is putting on a webinar to help explain how the various PCI standards fit together. Here’s the link to the press release (which has a link to the registration site.)
A Perfect Fit: Understanding the PCI Security Standards

Here’s the link to the summary of changes that are going to take effect on October 1, 2008 and the link below is the FAQ that accompanies …
pci_dss_summary_of_changes_v1-2.pdf (application/pdf Object).
FAQ
There will be a follow-up post on this and it’s potential immediate impact on L1 and L2 retailers over the next few days.

PCI Blog - Compliance Demystified » Blog Archive » Credit card theft indictments show why small crime matters.