Merchant911 Blog

¬Ý

According to an article in the Boston Globe, TJX has settled with Visa and everyone has joined together to fight credit card fraud. It all sounds like everyone is patting themselves on the back but from where I stand, I think it’s called spin. Isn’t it wonderful that TJX wants to cooperate and “end the finger-pointing.”

¬Ý

I don’t have to be convinced that the recent TJX fiasco has put a lot of focus on us merchants. But let’s not loose site of: May 13, 2006 - Baltimore’s Mercantile Bankshares Corp. Lost 50,000 records including names, DOB and SSNs; Sept. 8, 2006 when Chase Card Services lost 2.6 million credit card account details; Nov. 5, 2006 when the North Carolina State Employees Credit Union lost 27,500. In fact, what I was able to track in the on-line press in 2006 amounted to 4.5 million credit card records and a whopping 32.9 million data sets with enough information to commit full identity theft. A small portion of the card numbers could be attributed to merchants - none of the ID data sets were.¬Ý¬Ý

¬Ý

In this world of technology, credit card safety is to fraud prevention like a bucket of water is to the South China Sea. It will certainly stop some credit card fraud but when you look at the statistics posted by attrition.org and others, credit card numbers are only a part of the picture.¬Ý

¬Ý¬Ý

I‘m a merchant advocate but I’m also in favor of holding merchants accountable for the kind of stupidity exhibited by TJX. But remember that we now know that Visa knew about TJX’z weaknesses even as the thieves were mining the data and yet TJX STILL isn’t being forced into compliance by the very entities that pushed so hard for PCI.¬Ý

¬Ý

TJX just settled with Visa for a sum of money that equals a bit less than fifty cents per compromised card number. ¬ÝI’d say that’s a small slap on the wrist for the largest date breach in the history of the world.¬Ý

¬Ý

Whoopie!