Shark Bait

Knowledge Centers

Operating Systems

Networking & Internet

Mobile & Wireless

Security

Storage

Business Intelligence

Servers & Data Center

Computerworld Reports

Industry

See your link here

Robert L. Mitchell

Reality Check

Your credit card data may have been compromised. But don't worry.

14 comments

IT TOPICS:Security

Two most unwelcome letters arrived in Saturday's mail. One, from my local bank, alerted me that my wife's VISA debit card "may have been compromised" by an intrusion into an unnamed merchant's database. The other stated that my VISA credit card was also potentially at risk. Given our shopping patterns, it's fairly safe to assume that we were a victim of the TJX break in.

The bank that issued the VISA debit card is canceling the card and sending a new one. But the issuer of the VISA credit card, which tells me it had 4,000 customer accounts compromised, is not. It wrote that "there is no reason to believe that your card information will be used for any fraudulent activity."

Uh-huh.

The letter goes on to say that if I really want to, I can ask to have the card canceled and reissued at no charge. I was on the phone in five minutes, and you should be too if you get one of these letters.

Most certainly there is a risk that the stolen data could put my credit card at risk. I asked for a new card and would recommend that anyone else who receives a notification do the same. Even if the risk were small, why take it? There is little upside for the consumer who does not ask for a new card. But there is a big benefit for the issuer, which can avoid the costly process of canceling compromised cards and mailing out new ones to every customer whose card was affected.

Now for the bigger question: Why am I in this situation in the first place? Why do TJX and many other brick and mortar retailers continue to store my credit card number when online retailers apparently do not?

When I shop online I'm almost always asked if I want the merchant to save my credit card information. I always say no. TJ Maxx and other retailers never ask this question and apparently go right ahead and store the my credit card data without asking. I see no convenience benefit when they do this because I am still asked to present my credit card each time I make a purchase. But there are obvious marketing benefits for the retailer who retains credit card numbers in its database. Retailers are not supposed to do so - it's against the Payment Card Industry Data Security Standard rules. But too many merchants continue the practice. According to the Computerworld story above, some blame their legacy point of sale systems for gathering such information by default.

Uh huh.

While it's true that TJX security was inadequate to protect its database, the bigger problem is that data that shouldn't have been there in the first place. Its customers' credit card numbers - my numbers - were compromised.

To retain my business TJX needs to change its practices. Until then, with respect to protecting my credit card data, ordering online through Amazon.com and other reputable e-tailers appears to be a much safer bet than using a credit card at my local TJ Maxx.

Email this

Digg this

What People Are Saying

Add new comment

Discover compromised

Submitted by Anonymous on March 2, 2009 - 6:36 A.M.

i only order through 2 some times 3 online retailers that i trust. I had a call from Discover card that someone was trying to open a paypal account. i confirmed i bought several things from Amazon.com, LL Bean, and bought E-tickets from Orbitz.com for May. but i don't know or bought anything by NY or paypal. Discover closed my account and are investagating and will issue me a new card with diffrent #'s on it.
i don't use my card alot only several times every three or four months. my chase i only use once a month to pat my cell phone bill at MetroPCS.com, so, chase is still ok for now.
i guess you can never be careful online or at retail stores.
lately i have been using cash only when possible.
i also check my annual credit report through the three credit bureaus, Equifax, Transunion, and Experian once a year, to make sure everything is ok.
my Daughter's Visa Debit card was compromised someone posing as a company from the Netherlands, she only uses her card to pay her cell phone bill and order from Amazon.com.

Reply | Report this comment

I received a call this

Submitted by Anonymous on January 28, 2009 - 11:08 P.M.

I received a call this morning from my bank that my Visa debit card has been compromised. I'm not sure if this is the same one, or if somebody new has started up with this scheme, as I have not shopped at TJ Maxx, but I have with Amazon. Just be aware that this issue hasn't gone away.

Reply | Report this comment

It is NOT a tjx problem this

Submitted by Anonymous on February 25, 2009 - 2:48 A.M.

It is NOT a tjx problem this time. They patched the holes in their system, I would read more current information. This one is on the debit processors this time. (Star, etc.)

Reply | Report this comment

amazon

Submitted by Anonymous on September 5, 2008 - 3:46 P.M.

It appears amazon's been hacked as well, but no one is interested in acknowledging it at either Amazon or the credit card companies. So online shopping isnt' any safer.

Reply | Report this comment

How did you trace it back? I

Submitted by Anonymous on November 2, 2007 - 2:06 P.M.

How did you trace it back? I have now had this happen to me twice within 3 months with 2 different debit cards. It is obviously a store a frequent. I do not make online purchases. I have contacted all the mastercard numbers and no one can seem to track down who is getting my numbers and making purchases in Mexico. I am now buying everything in cash not knowing what local business is doing this. If anyone has any ideas please pass them on. Thanks!

Reply | Report this comment

If you really had your Visa

Submitted by To Anonymous on March 29, 2007 - 1:58 P.M.

If you really had your Visa debit card used by someone else to make fraudulent purchases, you would get your money back. Even though it isn't a credit card, Visa debit cards have the same fraud protection as Visa credit cards. $50 is the most you should be liable for.

Reply | Report this comment

Amazon does store cardholder

Submitted by Anonymous on March 14, 2007 - 1:14 P.M.

Amazon does store cardholder account numbers. My card number is always there when I place a new order. Amazon has no opt-out provision available.

Reply | Report this comment

Having just (apparently)

Submitted by Anonymous on March 5, 2007 - 9:34 P.M.

Having just (apparently) become the victim of this myself, I'm less than concerned about TJX being a "Victim" than I am in the fact that I just lost my entire checking account balance when my Visa Debit card number was stolen and used to buy a bunch of crap in Mexico. Somehow I'm feeling slightly more vicitmized than TJX. They lost data. I lost a week's pay.

Reply | Report this comment

| ...I just lost my entire

Submitted by Anonymous on August 24, 2007 - 1:49 P.M.

| ...I just lost my entire checking account
| balance when my Visa Debit card number was
| stolen and used to buy a bunch of crap in
| Mexico.

This happened to me, and I traced it back to University of Phoenix office perps stealing my debit card and using it to pay bar bills in Mexico! UoP refused to do anything about it.

Reply | Report this comment

Strong accusations about the

Submitted by Anonymous on October 26, 2007 - 5:04 P.M.

Strong accusations about the UOP people stealing your data. Who did you report it to?

Reply | Report this comment

Testing Microsoft Security Essentials and the Hosts file

Spammer trick of the month: Delayed DNS

And things were going along so well, too

Oh, THAT one!

LIVE Nov 10, 2009 12:00 PM ET

Architecting Business Intelligence Applications for Change: The Open Solution

LIVE Nov 12, 2009 02:00 PM ET

The State of PCI DSS Compliance at Organizations Today
Download this resource today!

Managing Secure File Transfer to Save Time, Money and IT Resources
Learn how companies are using innovative technology to overcome these challenges and improve user productivity by offloading e-mail attachments and replacing FTP with...

Can Heuristic Technology Help Your Company Fight Viruses?
What is Heuristic Technology and how can it help safeguard your business against viruses? Learn more.

Security Convergence Equals Network Security Cost Savings
Listen to IBM Internet Security Systems' take on network security convergence.

Why Email Must Operate 24/7 and How to Make This Happen
Learn how to avoid an email outage by implementing a hosted email continuity solution.

Lower the Cost and Complexity of a Mobile Workforce through Automation
Download This Resource Now!

All White Papers | All Webcasts

Computerworld Reports

8 Questions To Ask About Your Intrusion-Security Solution

Computerworld Technology Briefings IT Service Management

Computerworld Briefing - Analytics: The Art and Science of Better

All Computerworld Reports

Receive the latest technology news and information.

	Computerworld Daily News (First Look and Wrap-Up)
	Computerworld Blogs Newsletter
	The Weekly Top 10

View all newsletters

* E-mail Address:

* Industry:

* Job Title:

* Company Size:

* Country:

* State:

I would like to receive offers via e-mail from Computerworld partners.

Robert L. Mitchell's Archive

IT Topics

Sponsored Links

Play NetApp's New Data Defense Game.

How Do You Rank as an Innovation Leader? Download Recent Study.

Play NetApp's New Data Defense Game.

Extraordinary times demand Brocade Extraordinary Networks.

No Payments for Up to 6 Months on Orders over $500.

NetScaler VPX : Harness the Power of Virtualized Web App Delivery

64-page prescriptive guide to security, compliance, and IT operations.

Streamline IT Costs. Boost Performance with WAN Optimization

Enterprise Network & Server Monitoring Software. Cross over to Traverse...

Keep your IT expertise up to date. Join the Intel Premier IT Professionals.

Crystal Reports Server: More options. Not more money.

Parallelism is not just for HPC. Create rich apps from desktop to device. Get the eval.

Tolly Performance Report "Citrix NetScaler with nCore Outperforms F5 BIG-IP"

Save up to 61% plus Free Cheesecake

Find IT jobs in the Healthcare industry on Dice.com

With the NEW KODAK i700 Series Scanners get full speed at 300dpi!

Not All QSAs Are Created Equal: What You Should Know Before You Buy

The arrival of Serial Attached SCSI (SAS) marks a new era in storage scalability

The AMD Virtual Experience Virtual Trade Show

New DW Options and Price Points. View Teradata Platform Family Data Sheet.

See how AT&T can help protect your network.

3 Innovations. 3 Free Downloads. Free trials of Windows 7, Windows Server 2008 R2 and Exchange Server 2010.

Take the Netezza TwinFin TestDrive!

Citrix NetScaler with nCore Outperforms F5 BIG-IP - Learn More

New Analytical Platform Options. Download Data Sheet and More.

Get more enterprise mobility value for up to 25% less.

Unified Communications: Thoughts, Strategies and Predictions. Join the discussion.

NYUs M.S. in Management and Systems. Offered Online and On-site.

Increase UPS efficiency without sacrificing protection

Crystal Reports Server: Single server access to reports & dashboards

Create new opportunities. See business making progress now

ESET NOD32 with ThreatSense(R) - Get your free trial now!

Looking to add Unix/Linux functionality to Windows?

Join the conversation about the hottest IT trends with Computerworld on Twitter.

ITwhitepapers.com - Access thousands of white papers on 300+ technical topics.

Leverage Your Cisco infrastructure for Superior Application Performance

Learn about the AMD Virtual Experience

Introducing: Project Icebreaker

About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map

CIO

Computerworld

CSO

DEMO

GamePro

Games.net

IDC

IDG

IDG Connect

IDG Knowledge Hub

IDG TechNetwork

IDG Ventures

IDG.net

InfoWorld

ITwhitepapers

ITworld

JavaWorld

LinuxWorld

Macworld

Network World

PC World

The Industry Standard

Copyright © 1994 - 2009 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of
Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.

Your credit card data may have been compromised. But don't worry.

What People Are Saying

Discover compromised

I received a call this

It is NOT a tjx problem this

amazon

How did you trace it back? I

If you really had your Visa

Amazon does store cardholder

Having just (apparently)

| ...I just lost my entire

Strong accusations about the

Related Posts

Today's Top Stories

Hot Posts

Recent Comments

White Papers & Webcasts

Computerworld Reports

Newsletters

Robert L. Mitchell's Archive

IT Topics

Sponsored Links