By: Benjamin Wright

Benjamin Wright — Mon, 18 Aug 2008 17:57:32 +0000

The numbers surrounding the TJX incident are hard to nail down. Nevertheless, the industry needs to think about the numbers in aggregate. I argue that the aggregate fraud suffered from TJX is small compared to the aggregate cost incurred by card issuers to cancel cards. Therefore, I argue, the industry — as a whole industry — over-reacted to TJX. Data breaches will happen; breaches are inevitable. The response to data breaches must change at an industry (systemic) level. The industry needs to reduce the cost of its response so that the cost of the response is closer to the value of the actual risk. I develop more of my argument at http://legal-beagle.typepad.com/wrights_legal_beagle/2008/08/credit-card-iss.html What do you think? –Ben

Comments on: The TJX 11′s Retailers Oblivious To Repeated Breaches

By: Benjamin Wright