This week the PCI council has posted updates to implementing PCI compliance.  As a solution provider you should be aware of the 12 areas for PCI DSS compliance and the council’s recommended approach.  As you review this remember that Heartland was compliant, yet vulnerable.  PCI compliance does not mean a company is secure.  In fact you’ll notice that the end-node security requirements don’t necessarily stop computers from being part of P2P networks (note: we’re not saying it would be in compliance, but taking these steps won’t prevent it).  As a sales person selling high-tech solutions, you should know the 12 points if you call on anyone taking credit cards.  The first PDF link on the PCI council site explains the 12 steps, the excel sheet then elaborates on the recommended process.

https://www.pcisecuritystandards.org/education/prioritized.shtml