I understand that Visa recently updated the list of payment applications that are storing prohibited data. I can appreciate why this list is sensitive, but would also like to know what was recently added to the updated list so we can compare against our list of payment applications. Who has been the best contact for this information? Is this something typically gotten from our processor?

This Bulletin states: (http://www.electran.org/docs/compliance/Payment_Application_Security_Mandates.pdf)

A list of vulnerable payment applications is updated
quarterly and is available on Visa Online at www.us.visaonline.com/us_riskmgmt/cisp.

So you if don't have access to Visa online I would check with your processor or acquiring or issuing bank. I remember having a list, but I think that was in the past when I was a QSA for a QSAC, and that we received it from PCIco...

Edit: using GoogleFu: brings us to this link: http://www.eps-na.com/payment_apps_tat_store_prohibited_data.pdf