FTC rules on TJX case
March 28th, 2008 Posted in Credit Card FraudIt seems the FTC ruled on the TJX breach similarly to how it did for ChoicePoint. The full press release and WSJ article. From the WSJ article:
TJX Cos. (TJX) was one of three firms that agreed to settle charges that each “failed to provide reasonable and appropriate security for sensitive consumer information,” federal regulators said Thursday in two unrelated data-breach decisions.
![[del.icio.us]](http://images.del.icio.us/static/img/delicious.small.gif){kind=small}
One Response to “FTC rules on TJX case”
By MBridge on Jun 4, 2008
Perhaps there needs to be a stronger sense of on-going security compliance, rather than a “snap-shot” approach. TJX may actually have been in compliance at the time off their PCI audit. However as we all know things change very quickly online (malware, 0 day exploits, etc).
I wonder if the folks at PCI have started looking into having the largest level merchants and processors have continual audits (monthly perhaps). This would of course be cumbersome and costly, though not as costly as having your company no longer able to handle credit-cards.
http://www.MBridge.com