TJX Agrees to Settle FTC Charges
The Federal Trade Commission has announced that TJX has agreed to settle charges that it engaged in practices that, taken together, failed to provide reasonable and appropriate security for sensitive consumer information. The settlements will require that TJX implement comprehensive information security programs and obtain audits by independent third-party security professionals every other year for 20 years. Full details available here.
“By now, the message should be clear: companies that collect sensitive consumer information have a responsibility to keep it secure,” said FTC Chairman Deborah Platt Majoras. “These cases bring to 20 the number of complaints in which the FTC has charged companies with security deficiencies in protecting sensitive consumer information. Information security is a priority for the FTC, as it should be for every business in America.”
According to the FTC complaint, TJX, with over 2,500 stores worldwide, failed to use reasonable and appropriate security measures to prevent unauthorized access to personal information on its computer networks. An intruder exploited these failures and obtained tens of millions of credit and debit payment cards that consumers used at TJX’s stores, as well as the personal information of approximately 455,000 consumers who returned merchandise to the stores. Banks have claimed that tens of millions of dollars in fraudulent charges have been made on the cards and millions of cards have been cancelled and reissued.
We agree with the FTC chairman that “companies that collect sensitive consumer information have a responsibility to keep it secure.”
Security issues, or breaches of security, have become more common as people find new and improved ways to hack and steal personal information.
That is the reason eBIZ.mobility LTD, created a revolutionary online payment processing service for digital downloads, called OneTouch Online Purchasing™. The OneTouch Online Purchasing™ service enables consumers to purchase digital content (such as music, ring tones, games, video clips, wallpapers etc.), via their computer or their mobile handset, and charge their purchase directly to a billing account with any telecom service provider, bank, or ISP of their choice. Using OneTouch to make an online purchase, no personal or financial information is transmitted to the merchant, or to OneTouch. We designed our payment system to eradicate the possibility of identity theft online. It's simple really: since we do not store any personal or financial information anywhere in our system there is nothing for criminals to steal.
You can read more about us at http://www.onetouchpurchasing.com or at our corporate site http://www.ebizmobility.com .
Posted by: Mirit Reif | March 30, 2008 at 03:29 AM
The FTC treated TJX unfairly. The FTC should rethink the law of credit card security, and stop treating merchant victims of organized crime as culprits. http://hack-igations.blogspot.com/2008/03/ftc-treats-tjx-unfairly.html --Ben
Posted by: Benjamin Wright | March 30, 2008 at 09:39 PM