OK - maybe not all of them, but the most common that I’m hearing anyway…
After asking you all to give me some questions for PA-DSS, I finally am getting around to posting up some answers.  Some of them are also taken directly from numerous conversations that I have had with software vendors over the last several months and, truthfully, I’m glad that I waited to put that post together…It’s not entirely retail focused, as PA-DSS crosses most industries, but I hope it proves useful in answering some common questions…
It’s located …

The links are a little messed up, so you might want to wait until about 10AM tomorrow to take a look, but, my newest NetSPI post is up.
Also, if you are interested in understanding a bit more about how PCI impacts industries outside of retail and hospitality or in looking through some more technical posts on penetration testing and the like, I’d tune into the NetSPI blog.  The team has really embraced blogging and collectively we are putting out a very good mix of posts (at least I think so.)
Although …

Just a reference to another NetSPI blog post that just went up…  link

This morning I had an interesting thought - I want to offer up something to anyone that is reading this blog and may have some questions regarding the Payment Application Data Security Standard (PA-DSS.) 
This is an invitation to a ‘passive PA-DSS Q&A session’.  The reason I am calling this ‘passive’ is that this is not going to be a live session - if you have questions regarding the PA-DSS, what certain requirements mean, or how your particular situation affects it’s applicability to you, post it in the comments and …

Here’s a video of Seth Peter, NetSPI’s CTO, presenting to the Minnesota OWASP chapter’s annual half-day conference…

Seth Peter: The Developers Guide to PCI DSS and PA-DSS Requirements from David Bryan on Vimeo.

So my first post for the official NetSPI PCI blog is up there and, true to form, it’s not of a technical nature - merely an observation on how far the impact of PCI reaches.  One of the things that I talk about is how the retail and hospitality communities have gone through something very close to the grieving process in dealing with PCI - now organizations outside of retail and hospitality are starting this process - and it’s just as painful for them as it was for the retail …

I have spoken with a number of companies over the last several weeks that are preparing themselves to go through the PA-DSS assessment process (software providers, not security firms) and they all are trying to understand the level of priority that they need to set.  Particularly smaller firms are trying to come to grips with the fact that they are now required to go through an expensive, potentially disruptive assessment process that they didn’t have to address previously.
It only makes sense that they all end up asking the question, ‘are …

For those software vendors out there that are digging into PA-DSS and what it means for their organization, please read on.  This is not an in-depth discussion of PA-DSS, just a couple of things that have been popping up repeatedly for me in conversations with your peers - things that sometimes need clarification or that should be mentioned.  Stuff You Probably Should Know About PA-DSS

It’s not PABP - this may sound obvious, but I’m going to repeat it - PA-DSS is not PABP.  Accept this fact - if your assessment …

The webinar that NetSPI put on with VeriFone is up on the VeriFone webex repository.  It requires registration, but they have been very careful with the use of the registration information that they have gathered, so I’m not concerned about it.
The webinar was built to answer some questions for merchants in particular, so this isn’t an overly technical presentation, but it should help shed some light on how PA-DSS differs from PABP and why retailers and online merchants should care about the standard.  It also showcases some of VeriFone’s solutions …

I have to admit that I don’t always see eye-to-eye with the PCI Knowledge Base on their approach to PCI in retail (it’s a philosophical thing - they are very good about accuracy, etc.), but this article was very interesting and, I think, very relevant.
I’m actually involved with a webinar that is going to happen in January that discusses PA-DSS and it’s impact on retail technology strategy and buying decisions over the next 18 months.  In other words, as a retailer, why should I care about PA-DSS….  As it get’s …