Processing Your Payment

Please do not leave this page until complete. This can take a few moments.

October 15, 2007

Retailers, Credit Card Industry Clash On Security

Data breach at Framingham's TJX continues to reverberate

By Mark Jewell

Retailers and the credit card industry are at odds as they try to restore consumer confidence after recent massive thefts of credit card information.

The National Retail Federation recently urged a card industry organization to stop requiring retailers to keep customers' card numbers for up to 18 months.

The stored data helps track product returns and disputed or suspicious transactions. But retailers say the data would be more secure if only credit card companies and banks that issue the cards stored it.

"It makes more sense for credit card companies to protect their data from thieves by keeping it in a relatively few secure locations than to expect millions of merchants scattered across the nation to lock up their data for them," David Hogan, the retail federation's chief information officer, said in a strongly worded letter.

The biggest recent retail data breach involved TJX Cos., the Framingham-based discount retailer, which said early this year that information from at least 45 million customer credit and debit cards had been exposed to potential fraud. Last month, Canadian investigators concluded TJX had kept data with insufficient encryption - and for years after it should have been purged.

Less than half the nation's biggest merchants appear to be complying with card industry security standards - which include encryption and other safeguards - despite a Sept. 30 deadline set by Visa USA, which plans to levy monthly fines up to $25,000 against merchant banks that noncompliant retailers rely on.

Visa, the nation's largest credit card network, said that, as of Aug. 31, 44 percent of big retailers had complied with the Payment Card Industry Data Security Standard. That's up from 40 percent compliance in July. Those retailers account for about half of nationwide Visa transactions.
Banks could try to pass along the fines, but noncompliant retailers' biggest burden is the higher fees they pay for each transaction if they don't comply with the standards, said Avivah Litan, a Gartner Inc. analyst.

"If they're not compliant, that can cost millions of dollars," Litan said.

Visa USA Vice President Rosetta Jones said the card network considers noncompliant merchants "delinquent," which will lead to fines for large banks starting this month and for medium-size retailers' banks in January.    

Sign up for Enews

WBJ Web Partners

Most Recent

Most Recent

0 Comments

Order a PDF