Privacy Digest

Could this chip have prevented the TJX breach? - Via The Boston Globe:

TJX Cos. is urging banks and other retailers to embrace a multibillion-dollar technology that uses a tiny computer chip to stop criminals from using stolen debit and credit cards.

In one of the first interviews by a top TJX executive following a record security breach, vice chairman Donald G. Campbell told the Globe that the US payment system should follow countries in Europe and Asia that have rolled out credit and debit cards embedded with computer chips. If the cards were in use worldwide, he said, the technology would have ruined a scheme in which thieves stole as many as 100 million account numbers from TJX since 2005, by making the numbers harder to reuse.

Amid rising losses to fraud, the remarks add to a debate among merchants, banks, and payment companies over how to improve the security of the 1 billion plastic cards held by US consumers. Many other countries already have introduced the high-tech cards that slide into special readers at the checkout counter. But the technology hasn't caught on in the United States because of the high costs, and TJX says that puts the country at a greater risk for fraud.

"Criminals, I believe, are focusing on the countries that haven't added that higher level of security," said Campbell, TJX's third-highest operating executive.

TJX discovered the breach at the end of 2006, drawing wide attention to payment card security issues. TJX estimates it spent $202 million related to the breach including security reviews and settling consumer lawsuits - a number reduced from an earlier estimate of $256 million by insurance payouts and other factors.

On Aug. 5, the Justice Department unsealed indictments against a group of Florida men and others in connection with the intrusion. An attorney for one of the alleged ringleaders, Albert Gonzalez, has said he will deny wrongdoing. The indictments allege the group used wireless connections to tap into two Marshalls stores TJX operated in Miami. Prosecutors also alleged the group compromised the security of other retailers including BJ's Wholesale Club and OfficeMax, tying together some of the best-known intrusions to date.

The TJX breach still appears to have been the largest, and the company's reaction was closely watched among security experts. As part of a settlement with Visa Inc. last year, TJX agreed to speak out more about security improvements.

In his comments to the Globe in an interview and follow-up e-mail statements, Campbell talked about the need for better security and addressed other lingering questions for the company.

To Canadian regulators and others that say TJX should have had better security on its network, Campbell said that TJX "believes its security was comparable to most other major retailers and generally better than retailers who are not as large."

(Read Original Article - Via .)