Reports suggest that TJX, the parent company of T.J.Maxx (known as T.K.Maxx in the UK) may have broken Visa and Mastercard payment rules by holding onto customer data for too long, worsening the effect of the security breach first announced on January 15.
Information stolen included data from the magnetic stripe on Visa cards which shows the cardholder’s card number, the card’s expiration date, and the card verification value (CVV), a three- or four-digit code on a card that’s used to verify the card’s authenticity. According to some reports, data held by the retailer went back to 2003, way beyond what is recommended by the credit card issuers.
Some reports state that stolen card details have already been used to make fraudulent purchases - illustrating that this particular theft presents much more than a ‘theoretical’ risk to affected consumers. Seventy-seven percent of the fraudulent transactions committed using stolen TJX customer information are being committed in the United States.
More on InformationWeek
