GS Logo
The Green Sheet, Inc

Please Login

Banner Ad
View Archives

View PDF of this issue

Care to Share?


Table of Contents

Lead Story

Wal-Mart: A new center of gravity for payments

News

Industry Update

Job rebound in acquiring?

Processors press industry for more standards

Retailer wanted breach connection hushed up

Trade Association News

Features

GS Advisory Board:
Positive economic signs and actions - Part 3

Research Rundown

Selling Prepaid

Prepaid in brief

Consumers in the prepaid driver's seat

Security standard in store for stored-value

Views

ACH grows, B2B payments plod along

Patti Murphy
The Takoma Group

The cost of credit card processing - past and present

Jared Isaacman
United Bank Card Inc.

The 'Wal-Mart case' revisited

Brandes Elitch
CrossCheck Inc.

Education

Street SmartsSM:
No ISO demise with niche markets

Ken Musante

Contractual pricing pitfalls

Adam Atlas
Attorney at Law

Building a global Web site

Caroline Hometh
Payvision

Crossing the POS chasm

Dale S. Laszig
Castles Technology Co. Ltd.

Healing the Achilles heel of business

Nicholas Cucci
Network Merchants Inc.

Company Profile

Secure Payment Systems Inc.

New Products

Memory card-based NFC

SideTap MicroSD cards
Company: Tyfone Inc.

Portable gateway enhancement

PaySaber
Company: USA ePay

Inspiration

Change, the best business medicine

Departments

Forum

Resource Guide

Datebook

Skyscraper Ad

The Green Sheet Online Edition

April 26, 2010  •  Issue 10:04:02

previous next

Retailer wanted breach connection hushed up

Arguing that the revelation of its connection to the Heartland Payment Systems Inc. data breach in 2008 would cause "confusion and alarm," department store chain J.C. Penney Company Inc. tried to keep that news under wraps, according to court documents unsealed in March 2010. The documents were part of the trial of Albert Gonzales, who received a 20-year prison sentence in March for his role in three major hacking cases.

Additionally, the clothing and jewelry retailer said that forcing the company to reveal its connection to the breach would set a bad precedent and cause retailers in similar situations to not report data breaches of their networks.

Disclosure of J.C. Penney's connection to the Heartland matter "may discourage other victims of cyber crimes to report the criminal activity or cooperate with enforcement officials for fear of the retribution and reputational damage that may arise from a policy of disclosure as espoused by the government in this case," argued retailer's attorneys.

The judge in the case, which was held in the U.S. District Court for the District of Massachusetts, eventually ruled in favor of disclosure. Until that time, J.C. Penney had been referred to in court documents as "Company A." In arguing for disclosure, U.S. prosecutors contended that consumers are entitled to know when their card information is compromised.

Consumer protection wins out

Bankcard industry attorney Paul Rianda said that, while there is merit to J.C. Penney's contention, the court decision was correct in boiling the issue down to one of consumer protection.

"It's very difficult because Visa and MasterCard rules impose this duty on the merchant that when any third party is breached, be it a payment gateway or processor, it's the merchant's problem in addition to the party that's breached," Rianda said. "It's a little unfair to the merchant, but I don't know there's a better solution out there because you're trying to protect consumers, and how can you do that if you don't disclose this information?

"The end result is that, for customers that are potentially going to have information compromised, it seems to me something that I as a consumer would want to know about," he added. "I don't know necessarily that it's in the best interest of J.C. Penney, but it seems to be in the interest of their customers to get that information out."

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

North American Bancard | Harbortouch | USAePay | IRISCRM.COM | Humboldt Merchant Services