Can I have a certificate with that?

I will be holding some talks on the sense and nonsense of security certifications (ISO 27001, Common Criteria, PCI-DSS, whatever) in the next couple of weeks, and I am really curious what the public will say. My past forays into public appearances were less than exciting - people are nodding, people are saying "yes, we need", people do not really understand what this is about.

In particular, I have yet to see a bank that really understands what PCI-DSS is about (which is probably due to my limited exposure to banks, but hey, I know at least two now that are candidates for the "clueless in Bavaria" prize).