Enterprises are spending millions on PCI compliance...

Isn't it fascinating to know that large enterprises are spending millions of dollars on PCI compliance? Did you know that in order to be a PCI auditor, all you have to do is take a three day course? Did you know that this course spends an entire fifteen minutes on web application security?

Anyone else have any thoughts on PCI?