- 1
- 2
- < previous
But court documents filed by the banks that are suing TJX allege that the company wasn't compliant with nine of the mandated controls during the period when the intrusions were taking place. And TJX was by no means alone. In response to the slow adoption of the PCI controls, Visa threatened to start imposing hefty fines and higher transaction fees on merchants if they didn't become compliant by the end of last September.
Visa won't disclose whether it has fined any merchants since then, but there is ample anecdotal evidence that it has.
The card payment process has issues
The TJX breach exposed a fundamental rift, with banks and credit card companies on one side and merchants on the other. In several states, credit unions and smaller banks have lobbied the legislatures to pass new laws requiring retailers to reimburse them for the costs involved in notifying customers of breaches and reissuing cards.
But the lobbying attempts failed everywhere except in Minnesota, which last May approved the Plastic Card Security Act -- a law that holds breached entities financially responsible if they were storing prohibited card data on their systems.
In fighting the state bills, retailers have argued that the commissions they pay to card companies on each transaction are supposed to cover fraud-related costs, making any additional payments a double penalty. They also said that the only reason they store payment card data is because they're required to by the credit card companies. In October, the National Retail Federation (NRF) asked Visa and the other card companies to drop that requirement.
The NRF's request is echoed by Litan, who long has argued for fundamental changes in the card industry's payment process, via the introduction of measures such as one-time passwords and all PIN-based transactions.
The bad guys remain hard to catch
For all the attention paid to the breach by TJX, and all the hired forensics experts and law enforcement authorities on the case, the perpetrators thus far haven't been tracked down. Some individuals who allegedly used card numbers stolen in the breach have been arrested. But the hackers themselves have remained frustratingly out of reach, as is the case in most breaches.
"The crooks are still at it," Litan said. "They probably will strike again. They're laughing all the way to the bank."
- 1
- 2
- < previous
- +
Ticked Off at Tick the Box Mentality 04/02/2008 13:01:15
Does your executive search firm know the difference between an MIS manager and a CIO, and if it does, can it explain that difference to its corporate clients?Does your executive search firm know its MIS managers from its elbow? Does it even know the difference between an MIS manager and a CIO, and if it does, can it explain that difference to its corporate clients? - +
How to Get Real About Strategic Planning 04/02/2008 12:50:59
Everyone agrees that having a strategic plan for IT is a good thing but most CIOs approach the process with fear and loathing. In fact, the majority of CIOs (and the enterprises they work for) are faking it when it comes to strategic planning. Isn't it time we all got real?Oh, it must be nice to be the CIO of a FedEx or a GE or a Credit Suisse. Places where IT and the business are so tightly aligned you can barely tell the two apart. Where corporate leaders understand that IT is a strategic asset and support it as such - +
Process Trip 04/02/2008 13:07:03
Why Maritz Travel revamped key business processes — and how business and IT came together to make it workWhen Rich Phillips became COO OF Maritz Travel about two and-a-half years ago, he sat down and took a hard look at the big industry picture
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Zones provide focussed content from Computerworld and leading technology partners.
Discover how SOA can create smarter outcomes for your business.
Attend and learn:
- How SOA is helping leading companies to become more agile
- Where you should be applying SOA processes in your company
- The top SOA implementation mistakes to avoid
Click here for more information.
- +
Computerworld Live Podcast #97: The Future of Enterprise Networking 25/07/2008 09:45:36
This week CW Live chats with Mark Thompson, global sales and marketing manager for HP ProCurve, on the future of the enterprise networking. Mark discusses the trends we can expect to see in the near future and how the right infrastructure can ensure your enterprise network is secure. - +
Computerworld Live Podcast #96: Security at the Edge 11/06/2008 09:22:22
CW Live speaks with Amol Mitra, HP ProCurve Director of Marketing for Asia Pacific and Japan. Today's topic: how enterprises are starting to shift away from simply controlling security via server logins, firewalls and moving to more adaptive security frameworks. - +
Data Management Edition #10: Multi-Petascale Systems 02/05/2008 09:12:33
This week we look at sustainability and the development of multicore technologies to build multi-petascale systems. - +
IT Security Edition #11: How to poison the Storm botnet 01/05/2008 08:51:55
This week CW Live presents a case study on how to poison the notorious Storm botnet . Plus we take a look at Cisco's plans for Ironport. - +
IT Security Edition #10: Cyber-battles fought and won 24/04/2008 11:09:47
Vendors bow to end user pressure to improve product security, and we take a look at the latest concepts shaping the cyber-battlefield of the future.
Vignette Announces 2008 Excellence Awards 2008-11-21 10:50:00+11
PGP and Ponemon Institute Unveil Inaugural Australian Data Breach Study 2008 2008-11-20 17:34:00+11
Symantec Cloud Services Transform Data Centre Operations Through Proactive Management 2008-11-20 12:06:00+11
Verizon Business Offers Tips to Building a Successful Unified Communications and Collaboration Plan 2008-11-20 12:04:00+11
AARNet Brings 4K Digital Cinema to Australia: First 4K HD Video Signal delivered into Australia by AARNet 2008-11-20 12:02:00+11
Enterprise Wireless WLAN Security
Learn more about the security challenges to be faced when defining and implementing security mechanisms within diverse wired and wireless network environments. Download this must-read guide to plan your wireless data protection strategy now.
Buying Guides
Latest Products
Buying Guides
