Massachusetts Bankers Association Responds to TJX Companies Data Breach.BOSTON -- The Massachusetts Bankers Association: * MasterCard now Reporting Data Breaches to Banks * Thus far, 28 Massachusetts Banks Report Compromised Cards * Work of MBA MBA abbr. Master of Business Administration Noun 1. MBA - a master's degree in business Master in Business, Master in Business Administration Task Force is Underscored * Has TJX been "Victimized?" * Advice for Cardholders The Massachusetts Bankers Association (MBA) said today that in addition to VISA USA, now MasterCard is contacting Massachusetts banks to report that some of their customers' personal banking information may have been compromised due to the data breach reported by TJX Companies The TJX Companies, Incorporated (NYSE: TJX), is the largest international apparel and home fashions off-price department store chain, based in Framingham, Massachusetts, in the United States. yesterday. Bay State banks are acting quickly to protect customers who have been red-flagged by the two card associations after doing business with TJX stores including TJMaxx, Marshalls, Winners, HomeGoods, TKMaxx, AJWright, and HomeSense. After surveying its banks, the MBA is reporting that thus far 28 banks have been contacted by the card associations indicating that some of their card holders have had personal information that may have been exposed due to the TJX data breach. The MBA is cautioning, however, that the number is likely to grow higher as, thus far, only 48 out of 205 banks in Massachusetts have reported in to the Association. In addition, the MBA is questioning the TJX's self-characterization as being "victimized" by the intrusion in a news release issued yesterday by the retailer. Daniel J. Forte, CEO (1) (Chief Executive Officer) The highest individual in command of an organization. Typically the president of the company, the CEO reports to the Chairman of the Board. and president of the MBA said, "We think it's a little odd that they would characterize themselves as victims when it appears that they may have been capturing data that is unnecessary." Retailers, upon processing a debit A monetary amount that is subtracted from an account balance. A debit from one account is a credit to another. See credit. or credit card purchase -- that is, verifying that the information on a card is correct, and that customers have money or credit in their accounts -- are prohibited pro·hib·it tr.v. pro·hib·it·ed, pro·hib·it·ing, pro·hib·its 1. To forbid by authority: Smoking is prohibited in most theaters. See Synonyms at forbid. 2. by card network rules from retaining that information. "After the transaction clears," said Forte, "there is no reason to store any data." TJX has not indicated what data it routinely captures, but the range of problematic data includes account numbers, expiration dates Expiration Date The day on which an options or futures contract is no longer valid and, therefore, ceases to exist. Notes: The expiration date for all listed stock options in the U.S. , personal identification numbers, and other verification information. "The company did indicate," said Forte, "that driver's license Noun 1. driver's license - a license authorizing the bearer to drive a motor vehicle driver's licence, driving licence, driving license license, permit, licence - a legal document giving official permission to do something information may have been captured and exposed." Two years ago, after a data breach that occurred at BJ's Wholesales Club, the MBA established the New England New England, name applied to the region comprising six states of the NE United States—Maine, New Hampshire, Vermont, Massachusetts, Rhode Island, and Connecticut. The region is thought to have been so named by Capt. Debit Card debit card, card that allows the cost of goods or services that are purchased to be deducted directly from the purchaser's checking account. They can also be used at automated teller machines for withdrawing cash from the user's checking account. Task Force. The group, consisting of the banking trade associations from the New England states, individual community bankers, representatives from the American Bankers Association The American Bankers Association (ABA) is comprised of banks and other financial institutions. It seeks to promote the strength and profitability of the banking industry by Lobbying federal and state governments, building industry consensus on key issues, and providing products and , the America's Community Bankers, the Independent Community Bankers of America, and the California Bankers Association, has been meeting frequently to address this very issue and develop ways to moderate fraud. The task force has worked closely with Visa and Mastercard, engaging in dialogue centered on protecting consumers and seeking to moderate the impact and the costs that banks must bear when such data breaches occur. "Visa and MasterCard have both been increasing fines and penalties for retailers when violations such as this are uncovered," said Forte. "Moreover, in Massachusetts," added Forte, "through the work of the Debit Card Task Force, we have been leading an effort to manage the impact of fraud on consumers and our banks when it occurs due to a retailer's data breach. We are strongly supporting recent legislation in Massachusetts that would place the liability for the expenses that banks must bear in the hands of the retailers at fault. We hope that long term, this approach would be the motivation that retailers need to enhance the security of their systems and protect consumers, as well as your local bank. While expensive for all banks, Ninety-five percent of the banks in Massachusetts are community banks, and these costs can be particularly tough for smaller banks and credit unions to absorb." Forte explained that when a bank must issue new cards due to a retailer's data breach, it can add up to a significant expense considering that thousands of cards could be involved. "MasterCard, and now Visa, has in place a process for banks to make claims for the cost of re-issuing cards," he said, "however, there is no guarantee that the full amount will be reimbursed. Additionally, there is the fraud issue. If a fraud does take place, MasterCard and Visa have a zero liability policy in place for the benefit of consumers, which is good. However, the cost is borne by the bank even if the retailer is responsible for a major violation of the card association rules resulting in fraud. Does this make sense?" Forte added, "Bottom line, we believe it is critical that the card associations - Visa, MasterCard, etc. - and public officials carefully evaluate whether retailers should be held liable for a data breach, particularly when the information being stored is in violation of card network rules." The New England Debit Card Task Force, following the breach involving BJ's Wholesale Club BJ's Wholesale Club, Inc. NYSE: BJ is a membership-only warehouse club chain operating in the East Coast of the United States, as well as in the state of Ohio. History , began advocating a number of steps to enhance security. Its major recommendations include: 1) Notification - Giving banks the ability to notify customers on a timely basis; 2) Liability for the Fraud - Retailers should be held accountable, at present banks absorb the cost; 3) Full Reimbursement Reimbursement Payment made to someone for out-of-pocket expenses has incurred. for card re-issue - This cost if not fully covered can be significant for banks; 4) Stronger Encryption The reversible transformation of data from the original (the plaintext) to a difficult-to-interpret format (the ciphertext) as a mechanism for protecting its confidentiality, integrity and sometimes its authenticity. Encryption uses an encryption algorithm and one or more encryption keys. Standards and Data Capture Limits - a must to protect consumers. Although the MBA expects the number of banks and exposed cardholders in the TJX incident to rise, the MBA is telling customers not to worry. "You may not be in the affected group," said Forte. "There is no reason to contact your bank. It will reach out to you if there is a problem. This is a situation that was not caused by your bank but you should know, if your information was exposed, we are working hard on your behalf. If you are notified that you are in the impacted group, remember just because your data was exposed, fraud may not occur. Nonetheless, it's a good idea to check your statements and balances regularly, and order a credit report which you can receive free of charge once a year." The Massachusetts Bankers Association represents 205 commercial, savings and co-operative banks The Co-operative Bank is a co-operative bank trading in the United Kingdom with headquarters in Manchester, UK. It is an ethical bank, and refuses to invest in companies involved in the arms trade, genetic engineering, animal testing and use of sweated labour as stated in its and savings and loan savings and loan n. a banking and lending institution, chartered either by a state or the Federal government. Savings and loans only make loans secured by real property from deposits, upon which they pay interest slightly higher than that paid by most banks. institutions in Massachusetts and elsewhere in New England. Massachusetts Bankers Association, Inc. 73 Tremont Street Tremont Street is a major thoroughfare in Boston, Massachusetts. The name is a variation of one of the original appellations of the city, "Trimountaine," a reference to a hill that formerly had three peaks. Beacon Hill, with its single peak, is all that remains of the Trimountain. , Suite 306 Boston, MA 02108-3906 Tel: 617-523-7595 / Fax: 617-523-6373 http://www.massbankers.org |
|
||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion