ARLINGTON, Va. — Card security took a page out of a Dickens novel this year, beginning with the infamous TJX breach but culminating in increased efforts to strengthen information security standards when it comes to plastics.
The year started off on a bad note as the TJX Companies, the parent firm for TJ Maxx, Marshalls, and several other retail chains, announced in January that its computer systems had been intruded upon for more than a year. The biggest-ever security breach resulted in the compromise of millions of credit card numbers as well as other consumer information and wound up costing credit unions and its insurer CUNA Mutual Insurance Group million of dollars in losses.
But as bad as that card breach was, it spurred both the card industry and the credit union industry to audit their card security standards and to make necessary changes.
CUNA Mutual continued to promulgate its guidelines for card security, backing up the new program with increases in insurance rates for those CUs that had breaches in the past but also giving rate breaks to credit unions that demonstrate appropriate protections.
Visa USA and MasterCard continued to step up with new card security standards and to insist that retail firms put the new data security standards into place, moving methodically through the retail industry, starting with the retailers who have the largest number of transactions per year. Retailers that did not have their new card security systems in place by the fall deadline faced losing their most preferential interchange rates from Visa and paying a much higher rate for card transactions.
The combined effort seems to have made a difference. No other major card security breaches have been reported since the TJX breach in January. Yet media reports documented that vulnerabilities still exist in major retailers and analysts have warned that card security experts are in an ongoing race with hackers to prevent card security breaches before they happen, and limit their impact when they do.
The year closed with an announcement that TJX and its acquiring bank, Fifth Third, have planned to offer more than $40 million for issuers, including credit unions, to recoup some of their losses from the breach. Visa announced that it supported the company's offer–although it did not offer any money to help fund it–as the plan's success will prove the industry is able to resolve the biggest card security breach as well as induce issuers to sign on.
Visa also noted that it has led the industry in driving merchant compliance with the Payment Card Industry Data Security Standard. In less than 18 months, Visa reported that it has been able to drive compliance among the largest U.S. merchants from about 12% in March 2006 to 66% in Oct. 2007 through a multi-tiered strategy of fines, incentives and education.
“We've made steady progress in accelerating merchant compliance with PCI standards to protect cardholder information and reduce the cost and impact of fraud,” remarked Richey. “Security is a shared responsibility and this progress demonstrates that many of the largest participants in the system understand their role and responsibility for protecting this information.”
–dmorrison@cutimes.com
© Arc, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to TMSalesOperations@arc-network.com. For more information visit Asset & Logo Licensing.