Wednesday, April 02, 2008

Ouch - Mastercard and TJX to Settle

I just read this article from the Boston Globe where they are reporting a $24M settlement between Mastercard and TJX. Ouch!

Framingham retailer TJX Cos. reached a settlement with MasterCard Inc. in which it will pay up to $24 million to banks and other institutions to cover fraud losses stemming from a massive data breach disclosed last year.

TJX, parent of discount retain chains including TJ Maxx and Marshalls, struck a similar deal with rival card network Visa in which it agreed to pay up to $40.9 million. As in that deal, TJX said the costs of its MasterCard settlement are included in the $256 million the company has set aside to pay for computer work and other costs associated with the breach.

TJX said the MasterCard settlement will be valid only if accepted by banks that issued 90 percent of the cards with fraud claims following the breach, which affected as many as 100 million card numbers, a record. In exchange banks would agree not to sue TJX or institutions that processed the charges at its stores.

The deal helps TJX wind down the episode, though it still faces court claims and just last week was criticized by the Federal Trade Commission over past security practices.

In a statement, TJX chief executive Carol Meyrowitz said: “We believe this settlement agreement provides a fair resolution for MasterCard and its issuing banks and look forward to a high level of issuer acceptance. Providing a secure shopping environment for our customers remains a priority for TJX. Beyond the many millions of dollars we have spent to add significant security to our computer system, we are installing security measures which exceed those of many other retailers and current industry requirements.”
(By Ross Kerber, Globe staff)


Blogger mish said...

This comment has been removed by the author.

1:52 AM  
Blogger mish said...

As the PCI Compliance dead line is coming soon on June 30th, We searched for the best solution in order to be ready and withstand with the PCI 6.6 segment requirements.
There are 2 options as you familiar with:
Ensure that all web-facing applications are protected against known attacks by applying either of the following methods:
1. Having all custom application code reviewed for common vulnerabilities by an organization that specializes in application security.
2. Installing an application layer firewall in front of web-facing applications.

We were examined the dotDefender web application firewall and found it to be very dynamic application to protect our servers.
In the same time we realized that the dotDefender withstand with the PCI 6.6 segment compliant.
The price is also an important issue comparing the maintenance needed in other solutions.


2:07 AM  

Post a Comment

<< Home