Hey look - another lawsuit….
Well - right now it’s just the threat of a suit…  The information is a bit thin and I’m not sure (based on the press release) whether or not this is a complaint about the software, the implementation of the software, the hardware system, or all of the above.
What it does look like is a bit of a fishing exercise by the law firms - let’s send out the press release, make it general enough that we include just about anyone that even thought about touching the …

The link to the article on StorefrontBacktalk is below (thanks Evan) - this is really interesting.  It appears that VISA is providing an extension to ExxonMobil on the July 1st, 2010 PA-DSS deadline…
This implies two things (as far as I can see):

That the deadline everyone was wondering about is legit - why would ExxonMobil feel the need to negotiate an extension with VISA unless the deadline was going to mean something and VISA was going to enforce it at some meaningful level?
If you are big enough, VISA is going to …

OK - maybe not all of them, but the most common that I’m hearing anyway…
After asking you all to give me some questions for PA-DSS, I finally am getting around to posting up some answers.  Some of them are also taken directly from numerous conversations that I have had with software vendors over the last several months and, truthfully, I’m glad that I waited to put that post together…It’s not entirely retail focused, as PA-DSS crosses most industries, but I hope it proves useful in answering some common questions…
It’s located …

The links are a little messed up, so you might want to wait until about 10AM tomorrow to take a look, but, my newest NetSPI post is up.
Also, if you are interested in understanding a bit more about how PCI impacts industries outside of retail and hospitality or in looking through some more technical posts on penetration testing and the like, I’d tune into the NetSPI blog.  The team has really embraced blogging and collectively we are putting out a very good mix of posts (at least I think so.)
Although …

Just a reference to another NetSPI blog post that just went up…  link

This morning I had an interesting thought - I want to offer up something to anyone that is reading this blog and may have some questions regarding the Payment Application Data Security Standard (PA-DSS.) 
This is an invitation to a ‘passive PA-DSS Q&A session’.  The reason I am calling this ‘passive’ is that this is not going to be a live session - if you have questions regarding the PA-DSS, what certain requirements mean, or how your particular situation affects it’s applicability to you, post it in the comments and …

Here’s a video of Seth Peter, NetSPI’s CTO, presenting to the Minnesota OWASP chapter’s annual half-day conference…

Seth Peter: The Developers Guide to PCI DSS and PA-DSS Requirements from David Bryan on Vimeo.

So my first post for the official NetSPI PCI blog is up there and, true to form, it’s not of a technical nature - merely an observation on how far the impact of PCI reaches.  One of the things that I talk about is how the retail and hospitality communities have gone through something very close to the grieving process in dealing with PCI - now organizations outside of retail and hospitality are starting this process - and it’s just as painful for them as it was for the retail …

For those software vendors out there that are digging into PA-DSS and what it means for their organization, please read on.  This is not an in-depth discussion of PA-DSS, just a couple of things that have been popping up repeatedly for me in conversations with your peers - things that sometimes need clarification or that should be mentioned.  Stuff You Probably Should Know About PA-DSS

It’s not PABP - this may sound obvious, but I’m going to repeat it - PA-DSS is not PABP.  Accept this fact - if your assessment …

I have to admit that I don’t always see eye-to-eye with the PCI Knowledge Base on their approach to PCI in retail (it’s a philosophical thing - they are very good about accuracy, etc.), but this article was very interesting and, I think, very relevant.
I’m actually involved with a webinar that is going to happen in January that discusses PA-DSS and it’s impact on retail technology strategy and buying decisions over the next 18 months.  In other words, as a retailer, why should I care about PA-DSS….  As it get’s …