Comments on: 60 Minutes Report On TJX Raises New Charge http://storefrontbacktalk.com/securityfraud/60-minutes-report-on-tjx-raises-new-charge/ Techniques, Tools and Tirades about Retail Technology and E-Commerce Wed, 08 Feb 2012 16:02:40 +0000 hourly 1 http://wordpress.org/?v=3.2.1 By: Barry Silverstein http://storefrontbacktalk.com/securityfraud/60-minutes-report-on-tjx-raises-new-charge/comment-page-1/#comment-20700 Barry Silverstein Thu, 06 Dec 2007 02:50:05 +0000 http://www.storefrontbacktalk.com/securityfraud/60-minutes-report-on-tjx-raises-new-charge/#comment-20700 Utter poppycock ! The notion that VISA wants merchants to retain cardholder data is the most uninformed statement I have ever seen in payments circles. The damage to the reputation of the networks, merchants and casrd issuers is in the hundreds of millions. The few measly dollars taken in fines pales in comparison.. I can not disagree more - anyone who works closely with PCI or the card networks will take issue with this drivel ! Utter poppycock ! The notion that VISA wants merchants to retain cardholder data is the most uninformed statement I have ever seen in payments circles. The damage to the reputation of the networks, merchants and casrd issuers is in the hundreds of millions. The few measly dollars taken in fines pales in comparison.. I can not disagree more – anyone who works closely with PCI or the card networks will take issue with this drivel !

]]> By: Don Jackson http://storefrontbacktalk.com/securityfraud/60-minutes-report-on-tjx-raises-new-charge/comment-page-1/#comment-20611 Don Jackson Fri, 30 Nov 2007 20:41:25 +0000 http://www.storefrontbacktalk.com/securityfraud/60-minutes-report-on-tjx-raises-new-charge/#comment-20611 As an IT compliance auditor, and hearing the remarks made about VISA, and seeing the type of information that 60 Minutes had gathered, I have to agree with Mr. Hogan, that type of information would not be privy to a merchant, that information is kept at the bank. Also, my opinion on PCI is very low to begin with, although it is a start, I think that Congress should take PCI and make it an amendment to the GLBA, because it is true that VISA is making money if a merchant is non-compliant with PCI. As for PCI, the objectives and control objectives are so vague that it’s open to interpretation by only the VISA certified auditors that also must pay VISA to certify them to do PCI audits, yeap I’d say this is a huge money maker for VISA. As an IT compliance auditor, and hearing the remarks made about VISA, and seeing the type of information that 60 Minutes had gathered, I have to agree with Mr. Hogan, that type of information would not be privy to a merchant, that information is kept at the bank. Also, my opinion on PCI is very low to begin with, although it is a start, I think that Congress should take PCI and make it an amendment to the GLBA, because it is true that VISA is making money if a merchant is non-compliant with PCI. As for PCI, the objectives and control objectives are so vague that it’s open to interpretation by only the VISA certified auditors that also must pay VISA to certify them to do PCI audits, yeap I’d say this is a huge money maker for VISA.

]]> By: Tyler Hannan http://storefrontbacktalk.com/securityfraud/60-minutes-report-on-tjx-raises-new-charge/comment-page-1/#comment-20512 Tyler Hannan Tue, 27 Nov 2007 05:21:32 +0000 http://www.storefrontbacktalk.com/securityfraud/60-minutes-report-on-tjx-raises-new-charge/#comment-20512 Evan, I agree with you completely. In my blog on this topic, I mention that I was "taken aback" by the statement from Dave Hogan. While I understand his organizations role in the ongoing battle between retailer and card association. . .it was very surprising to hear that he felt Visa, etc. were hoping solely to monetize data breach. With that said, I'm glad that the story of security at the physical retail location is being to be widely reported. PA-DSS as an extension to PCI further underscores the importance this topic will continue to have in the future. http://tylerhannan.blogspot.com/2007/11/60-minutes-heist-analysis.html Evan,

I agree with you completely.

In my blog on this topic, I mention that I was “taken aback” by the statement from Dave Hogan. While I understand his organizations role in the ongoing battle between retailer and card association. . .it was very surprising to hear that he felt Visa, etc. were hoping solely to monetize data breach.

With that said, I’m glad that the story of security at the physical retail location is being to be widely reported. PA-DSS as an extension to PCI further underscores the importance this topic will continue to have in the future.

http://tylerhannan.blogspot.com/2007/11/60-minutes-heist-analysis.html

]]>