According to documents filed in Federal court on November 8, credit card company Visa was aware of the security problems at TJX as early as 2005 and gave the company a three-year grace period to remain non-compliant.

The letter, dated Dec. 29, 2005, was from Visa’s fraud control vice president, Joseph Majka. The letter, written to Diana Greenshaw of TJX’s credit card processor, Fifth Third Bank, reads:

“Visa will suspend fines until Dec. 31, 2008, provided your merchant continues to diligently pursue remediation efforts. This suspension hinges upon Visa’s receipt of an update by June 30, 2006, confirming completion of stated milestones.”

The letter shows a foreknowledge by Visa of security problems at TJX. In the summer of 2007, Visa did fine Fifth Third Bank $880,000 in fines. This fine may indicate Visa’s awareness that TJX was not improving security conditions as per the extended grace period agreement.

Unfortunately, thieves had already infiltrated the TJX systems prior to the December, 2005 letter. This continued security gap would eventually breach the data of 94 million (earlier estimated at 45 million) credit card holders.

Via eweek ; Tags: , , , , , , ,

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • del.icio.us
  • Digg
  • StumbleUpon
  • Technorati