The council says the goal is to certify hardware-based equipment for use with payment card processing by early next year. It would be totally voluntary and optional for merchants to use any of this, but it might help them get through PCI audits more easily. One issue, though, is that a lot of the larger merchants have already adopted their own encryption methods for use with their payment-card processors.

Vendors have long made a living circling around , building software for or Internet Explorer browser plug-ins. But when Microsoft does something they don't expect, these vendors can find their business in trouble.

That's what apparently happened to StrikeForce Technologies, the Edison, N.J., maker of the GuardedID anti-spyware product that has a browser plug-in component for Microsoft and Firebox.

StrikeForce executive vice president George Waller last week that when Microsoft released its IE9 browser in the spring, the encryption in the StrikeForce GuardedID software for stopping key-logging payload no longer worked right. What caught StrikeForce off guard in all this is that the beta version for IE9 didn't cause that to happen. "But the release candidate prevents our technology from securing the corporation (or user) from malicious code," Waller said.

He said StrikeForce has contacted Microsoft hundreds of times to try to sort out what StrikeForce says is a "bug" in IE9 that StrikeForce says wasn't in the IE beta code. Still frustrated months later, and coping with business problems that include informing customers they can only use GuardedID with IE8, StrikeForce last week took its story to the trade press.