In his StoreFrontBacktalk blog, Evan Schuman offers another historical nugget about how Visa knew as far back as 2005 that TJX’s security posture was not even close to upright.
According to more court documents, he writes, Visa knew of TJX’s security shortcomings but still decided to give the retail giant until Dec. 31, 2008 to get its PCI DSS house in order.
Visa fraud control VP Joseph Majka wrote the following in a letter to Diana Greenshaw, an official with TJX’s credit card processor, Fifth Third Bank: “Visa will suspend fines until Dec. 31, 2008, provided your merchant continues to diligently pursue remediation efforts. This suspension hinges upon Visa’s receipt of an update by June 30, 2006, confirming completion of stated milestones.”
Of course, we now know that Visa was less than satisfied with TJX’s dilligance in pursuing those remediation efforts, since Visa hit Fifth Third bank with $880,000 in fines over the TJX security breach this past summer.