It’s good to see a ‘vendor’ understanding that providing a secure solution is extremely valuable to the retail community…
VeriFone Takes Lead in Securing Card Payments with PA-DSS
Will Only Provide PA-DSS Audited Payment Applications in Initiative that Supports New Rules Governing PCI Compliance for All Levels of Merchants
VeriFone Takes Lead in Securing Card Payments with PA-DSS - MarketWatch.

This is an article on Storefrontbacktalk that think everyone should see…  PA-DSS is a very misunderstood situation at the moment and has a LARGE number of software vendors suddenly scrambling for certification.
Their scrambling successfully (or unsuccessfully) is going to have real impact on the PCI standing and security posture of the entire retail community.  There are currently only 16 consulting organizations in the US that are performing this work and, as my employer (NetSPI) was one of the first 8 on the list, we are heavily focused on this aspect …

This is an early version of a position paper that I am working on, but I thought it might be interesting to throw out here and see what initial reactions are to the general ideas presented. To summarize very rapidly - in my opinion, investing in security is an extremely efficient way to utilize corporate funds even in a down economy. Here’s the initial draft document. Again, this is a ‘position paper’ not a full white paper, so it’s pretty high level…
Also, there are Return-On-Security-Investment (ROSI) strategies …