The Massachusetts Bankers Association, a trade group, announced that it is filing a class action lawsuit against retailer TJX over a data breach that put more than 45 million credit and debit cards holders at risk of having their financial information accessed.
The bankers association, along with the Connecticut Bankers Association and Maine Association of Community Banks, filed the lawsuit in the U.S. District Court in Boston. The three banking associations represent almost 300 banks and are seeking to recover "tens of millions of dollars" in damages, according to the filing. Last month, TJX announced it discovered a data breach of its customers' records that spanned a two-year period.
TJX will hire some smart lawyers. They will bring up two dirty little secrets, that aren't really secrets:
1) The PCI designed a flawed system that has the Sensitive Cardholder Data flying around in the clear. If the PINs can be encrypted in the POS terminals, why isn't the rest of the data?
2) The card networks and the issuers, the plantiffs in the suit, are not required to encrypt Sensitive Cardholder Data and most don't. In fact the settlement files that fly around the networks at night are never encrypted - they are delivered to the acquirers and merchants systems in the clear. The PCI has no current plans to encrypt them.
The PCI is an issuer organization. For a group of issuers to sue the poor merchants is an indication of how powerful and arrogant the PCI is.
I'm guessing that the rest of the retail industry that is currently sueing the PCI over interchange fees will come to the aid of their brother, TJX.
This will all come out in court, because why should TJX pay for the PCI's mistakes?
It will be verrryyyy interesting to watch it all go down.
Prominent corporate governance organization says Facebook's dual-class stock structure gives CEO Mark Zuckerberg too much control over the company's future.
Google creates an animated doodle that features a boy, a girl, Google's search engine, and a jump rope. But might there be darker, more analytical, more troubling interpretations to this tale?
When the sun goes down, that's when the iPad gets busy for folks with news readers. The iPhone? It's more of a daytime habit. If you're building an app for both devices, heed the lesson.
Is the public ready for Samsung's new Galaxy Note device, which melds tablet and phone into one unique mobile device? We hit New York streets and received some surprising results.
EnerG2 opens a plant to make an engineered carbon that will improve performance of energy storage devices and make storage for start-stop hybrid cars less expensive.
1) The PCI designed a flawed system that has the Sensitive Cardholder Data flying around in the clear. If the PINs can be encrypted in the POS terminals, why isn't the rest of the data?
2) The card networks and the issuers, the plantiffs in the suit, are not required to encrypt Sensitive Cardholder Data and most don't. In fact the settlement files that fly around the networks at night are never encrypted - they are delivered to the acquirers and merchants systems in the clear. The PCI has no current plans to encrypt them.
The PCI is an issuer organization. For a group of issuers to sue the poor merchants is an indication of how powerful and arrogant the PCI is.
I'm guessing that the rest of the retail industry that is currently sueing the PCI over interchange fees will come to the aid of their brother, TJX.
This will all come out in court, because why should TJX pay for the PCI's mistakes?
It will be verrryyyy interesting to watch it all go down.