Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Applications
    • Applications
    • Cybersecurity
    • IT Management

    TJX Defense: Everybody Was Doing It

    By
    Evan Schuman
    -
    October 22, 2007
    Share
    Facebook
    Twitter
    Linkedin

      As the latest TJX saga—the banks versus the retailer—unfolds, I cant help but be reminded of driving along a major New York highway. Cars are speeding through every lane. “What are the chances that, with all of these cars speeding, the police will nab me?”

      As the legal arguments begin to be made—as they were the week of Oct. 15 in a Boston federal courtroom—there is little discussion yet about responsibility to protect cardholder data. Most of the TJX defenses seem to be variants of, “Everybody was doing it, so why pick on me?” As the state trooper would reply on that New York highway, “because you got caught.”

      A major element of this case is proving fraud. To do that, lawyers for the banks are going for a sin-by-omission approach. By not having told MasterCard, Visa and others that its security was, in the words of U.S. District Court Judge William Young, “antiquated and deficient,” it tricked those card companies into letting them continue to accept credit cards.

      TJXs response in court was both cynical and regrettably true. To paraphrase: “Oh, come on. Cut me a break. Everyone—and especially Visa and MasterCard—know how terrible the security was at all of the major retailers. So to say now we were had is ludicrous.”

      /zimages/6/28571.gifClick here to read more about the ultimate gift for the cyberthief.

      Instead of paraphrasing, lets listen to the exact words of Breck Weigel, one of the attorneys for TJX card processor Fifth Third Bank: “We have a very broad record here, a number of depositions of these issuing banks. They attended meetings where Visa and MasterCard specifically pointed out to them there are merchants out there storing Track 2 data. Visa and MasterCard specifically pointed out to them there are a number of merchants who are not PCI compliant. So not only do we have the name plaintiffs in this case who attended these meetings and would not have replied upon any authorization, security assurance as we call it, but obviously large financial institutions who are on the board of directors of Visa and MasterCard, certainly they are not relying upon issuing banks or acquiring banks or merchants as to some authorization. That just simply doesnt exist.”

      Interestingly enough, TJXs attorneys are using the extreme severity of the TJX data breach to argue why TJX shouldnt be punished. In what is widely considered the worst data breach reported, the Framingham, Mass., retail chain in January disclosed that the credit card data of some 46 million consumers fell into unauthorized hands in a series of penetrations from July 2005 to December 2006.

      One could point to the long duration of the unnoticed data breaches as evidence as somebody being less than attentive to security. But TJX is using that long duration to say that too much changed during that time period.

      When it started, PCI was barely real and no one was taking it very seriously. (Are they taking it seriously today? Well, no, but that ruins my point. Stop distracting me with context.) Heres a wonderful line from TJX attorney Richard Batchelder, referring to the PCI Council: Theyll “say youre going to have to move to this standard by such and such a date. And so theres this entire period of time when theres a standard out there, but you dont have to comply with it until Visa or MasterCard says you have to comply with it.”

      TJXs official position is that they ignore the PCI Council babysitter until Visa Mom or MasterCard Dad get home? Candor is a wonderful gift.

      In civil litigation, the vast majority of cases settle out of court. TJX had better hope this one does. If they ever have to face an emotional jury of—gasp—consumers, they may find that trier of fact not nearly so forgiving. Judges instructions notwithstanding, they may not clear TJX because of the rampant security carelessness of consumers financial data. They may actually punish them for it. Silly consumers. Dont they know the law?

      Retail Center Editor Evan Schuman has tracked high-tech issues since 1987, has been opinionated long before that and doesnt plan to stop any time soon. He can be reached at Evan.Schuman@ziffdavisenterprise.com.

      To read earlier retail technology opinion columns from Evan Schuman, please click here.

      /zimages/6/28571.gifCheck out eWEEK.coms for the latest news, views and analysis on technologys impact on retail.

      Evan Schuman
      Evan Schuman is the editor of CIOInsight.com's Retail industry center. He has covered retail technology issues since 1988 for Ziff-Davis, CMP Media, IDG, Penton, Lebhar-Friedman, VNU, BusinessWeek, Business 2.0 and United Press International, among others. He can be reached by e-mail at Evan.Schuman@ziffdavisenterprise.com.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×