Comments on: California’s Payment Card Bill Gets Another Chance http://blog.subjunctive.com/2008/09/12/cal-pci-new-chance/ Notes on Security, Privacy, and the Law Tue, 04 Jan 2011 03:25:09 +0000 hourly 1 http://wordpress.com/ By: jtgraves http://blog.subjunctive.com/2008/09/12/cal-pci-new-chance/#comment-35 Mon, 15 Sep 2008 03:42:36 +0000 http://jtgraves.wordpress.com/?p=101#comment-35 Benjamin,

I don’t see in your post any evidence that the TJX breach was not as bad as we’ve been told. Do you have information that fewer than 45 million cards were compromised?

As I wrote in my response to that post, I disagree that the FTC or issuers overreacted. I also think its important that we distinguish between known effects, actual effects, and potential effects of the breach. The DOJ indictment gave a dollar figure that could be traced to the defendant, but that doesn’t imply that the figure accounts for all loss to consumers from the theft. More importantly, a mere comparison of settlement costs to DOJ indictment numbers ignores the probability that those numbers aren’t any higher precisely for the reason that issuers were prompt and diligent in replacing credit cards.

]]> By: Benjamin Wright http://blog.subjunctive.com/2008/09/12/cal-pci-new-chance/#comment-34 Mon, 15 Sep 2008 02:56:21 +0000 http://jtgraves.wordpress.com/?p=101#comment-34 Jim: Careful reading of the indictments of the TJX data thieves show that the media, card issuers and Federal Trade Commission over-reacted to the TJX incident. The TJX break-in was not as bad as we were led to believe. –Ben http://legal-beagle.typepad.com/wrights_legal_beagle/2008/08/credit-card-iss.html

]]>