After posting about the press release regarding the potential lawsuit (here) I got an email from the PR firm that had sent the release out.  He, in turn, connected me to Charles Hoff - the attorney for the retailer that is considering the suit, Brew HaHa!.  We had a very interesting conversation and, not being a lawyer, I’m not going to make any comments about the merits of any lawsuit that may or may not come from this episode, but, as I said, the conversation was interesting and this is …

The link to the article on StorefrontBacktalk is below (thanks Evan) - this is really interesting.  It appears that VISA is providing an extension to ExxonMobil on the July 1st, 2010 PA-DSS deadline…
This implies two things (as far as I can see):

That the deadline everyone was wondering about is legit - why would ExxonMobil feel the need to negotiate an extension with VISA unless the deadline was going to mean something and VISA was going to enforce it at some meaningful level?
If you are big enough, VISA is going to …

Here’s the link to a webinar that NetSPI and CoreTrace are doing on April 8th.  So far we have a really good set of attendees and David Gianna, one of NetSPI’s senior consultants and QSAs, is going to be presenting on:

Quick PCI overview, including the role of the PCI Security Standards Council and QSAs; the interrelationship of PCI-DSS, PA-DSS and PED; Merchant-Acquirer-QSA relationship; and the major PCI-DSS requirements
Discussion of PCI compliance versus Information Security and the relationship between each
Baseline view of the operational realities that make …

Thank you to David Navetta - his site is an excellent source of information regarding privacy law and he spends a lot of time putting out very good information about the legal issues surrounding compliance.
FAQ on Washington State’s Impending PCI Law : Info Law Group .

The Council is hosting a couple of ‘open mic’ webinars for industry stakeholders on the 8th and 9th of December.  They are trying to update the industry following the Community Meeting and get some feedback or questions….
These are typically reserved for Participating Organizations, but for this round they are opening it up to the broader industry…  Here’s the link:
PCI Council Webinar Release

OK - this is the feedback on the Community Meeting that I had mentioned although it really turned into a philosophical post about what your PCI partners should really be doing for you (hint: being a partner).
This one’s over at the NetSPI blog as well (I swear that I’m still going to be posting over here on a more regular basis, but, since NetSPI’s doing a good job with the blog, I’m going to blend my posts between the two blogs…).  Any feedback is going to have to come here, …

PCI is just so damn interesting - it’s like a soap opera…  Seriously - if you don’t have to deal with it everyday, I’m sure (as a retailer) that you count yourself lucky, but honestly it’s a hoot.
The game at hand is a combination of punishment and liability avoidance - the case of Hannaford is a good example.  Just when you think it’s all over and Hannaford gets to pick up the pieces and move on, everything takes a new twist.  Now the Maine Supreme Court is getting involved and …

OK - I’ve got a couple of posts that I’ll be putting up shortly - one on some feedback from the PCI Community Meeting and one on that list of questions on PA-DSS.  I’ll try to get them up this weekend (work has been crazy and I just haven’t found/committed the time to get these written), but here’s a link to a post this morning from Deke George on the NetSPI blog regarding acquisitions in the security space.
NetSPI Blog - Mergers & Acquisitions

Just a reference to another NetSPI blog post that just went up…  link

I’m posting this up here again - I realize that a lot of people have already seen this, so it’s not new, but since some very detailed questions popped up in a conversation this week regarding wireless and PCI I thought I’d put it out there again…
Information Supplements - PCI Security Standards Council.