Monday, November 19, 2007
According to a recent filing with the U.S. District Court for Massachusetts in a class action lawsuit brought by various banks against The TJX Companies Inc., Visa Inc. had fined Fifth Third Bancorp $880,000 as of June 2007 for the massive security breach disclosed by TJX in late 2006. TJX is the parent company of TJ Maxx and Marshalls, the retailers compromised by the breach.
The card Associations are technically only permitted to fine processors, but processors typically pass those costs on to the merchants involved in incidents leading to fines.
It is estimated the TJX breach affected at least 96 million consumers over a multiyear period during which credit card data was stolen by intruders. (For more details about how the theft was accomplished, see "Security breaches costly to all" by David Mertz in this issue of The Green Sheet.)
Fifth Third was fined $500,000 due to the seriousness of the incident and its effect on Visa. The remaining $380,000 was levied for failure to comply with the Payment Card Industry (PCI) Data Security Standard (DSS).
Visa reserved the right to escalate fines to Fifth Third, which reached $100,000 per month in April and May 2007, for what Visa Vice President Joseph Majka called "the largest data breach in the payment card industry."
The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.
