Executive Briefings

Who Should Pay for Retail Data Breaches?

Financial services and retail executives disagree on which side bears the brunt of the burden to ensure compliance with the Payment Card Industry (PCI) Data Security Standard.
Executives from JPMorgan Chase & Co. and First Horizon National Corp. told a user that high-profile data breaches at retailers like The TJX Companies Inc. are not originating from their side of the fence--yet they must spend significant sums to make sure such incidents don't happen.
The TJX incident "was not a JPMorgan [data breach]; it wasn't at First Horizon or Citigroup. It was at a merchant. And yet all the plans to remediate that have been with the banks," says Christopher Leach, senior vice president and chief information security officer at Memphis-based First Horizon.
Framingham, Mass.-based TJX disclosed early this year that more than 45 million credit and debit card numbers were stolen from two of its IT systems over an 18-month period.
An AT&T Inc. executive, on the other hand, contended that banks have so far done little to share in the burden of ensuring credit and debit card security compared with businesses that accept such payments.
The PCI standards were created by five credit card companies--Visa International Inc., MasterCard International Inc., American Express Co., Discover Financial Services LLC and JCB Co.--to protect credit card data before, during and after transactions.
Source: BPM Today, http://www.bpm-today.com

Financial services and retail executives disagree on which side bears the brunt of the burden to ensure compliance with the Payment Card Industry (PCI) Data Security Standard.
Executives from JPMorgan Chase & Co. and First Horizon National Corp. told a user that high-profile data breaches at retailers like The TJX Companies Inc. are not originating from their side of the fence--yet they must spend significant sums to make sure such incidents don't happen.
The TJX incident "was not a JPMorgan [data breach]; it wasn't at First Horizon or Citigroup. It was at a merchant. And yet all the plans to remediate that have been with the banks," says Christopher Leach, senior vice president and chief information security officer at Memphis-based First Horizon.
Framingham, Mass.-based TJX disclosed early this year that more than 45 million credit and debit card numbers were stolen from two of its IT systems over an 18-month period.
An AT&T Inc. executive, on the other hand, contended that banks have so far done little to share in the burden of ensuring credit and debit card security compared with businesses that accept such payments.
The PCI standards were created by five credit card companies--Visa International Inc., MasterCard International Inc., American Express Co., Discover Financial Services LLC and JCB Co.--to protect credit card data before, during and after transactions.
Source: BPM Today, http://www.bpm-today.com