Co-Branded Card Crossroads
Co-branded credit cards are mature products ripe for change. A new report suggests some nuances are beginning to emerge as both issuers and brand partners seek differentiation within this homogenous product set.
Citi Trends President & CEO Steps Down
Citi Trends announced that David Alexander, who has served as President and CEO since April 2009, has resigned as President and CEO and as a member of the Board, effective immediately, to pursue other business opportunities. Ed Anderson, who served as the Company’s CEO from December 2001 through April 2009, and as Chairman of the Board of Directors since May 2006, has returned as CEO. He will continue to serve as Chairman of the Board.
Mercator Examines PCI Fraud and Prevention Methods
PCI risk managers are implementing new fraud prevention for authentication at the moment the transaction begins. As fraudsters become more sophisticated so must payment processes evolve, but global fraud is at a relatively low and stable rate. This, according to a new Mercator Advisory Group report “The Evolution of Payment System Risk Management: And the Changing Dynamics of Credit Card Fraud Prevention,” also shows fallout from security breaches has stimulated the industry to innovate with a paradigm shift amidst the conceptualization and implementation of payment card data security. The report assesses selected available statistics about card fraud as reported by various reporting bodies around the world, presents the discussion of how fraud prevention paradigms are shifting to incorporate emerging technology in the market, as well as more sophisticated schemes by fraudsters.
GE Capital Acquires TJX Card Program
Acquiring the existing card program assets from JP Morgan Chase for undisclosed financial terms, GE Capital Retail Consumer Finance has forged definitive multi-year agreements to provide the TJX Companies consumer credit card programs in the United States. TJX operates over 2,000 T.J. Maxx, Marshalls and HomeGoods stores in the U.S. and its “TJX Rewards” credit card program will include the private label credit card and the co-branded MasterCard program. This designed to provide cardholders benefits and convenience, as well as the opportunity to earn special rewards.
Major Retailers Add PhoneFactor for PCI-DSS
PhoneFactor phone-based multi-factor authentication services announced several major retail chains have enabled PhoneFactor to secure access to credit card data, critical in the holidays. Retailers who have recently joined PhoneFactor’s customer list include New York & Company, Uno Chicago Grill, and Party City. Large retailers face a number of unique challenges in addressing PCI-DSS with geographically diverse retail locations, high employee turnover rates, and seasonal workers. These risks all are compounded during the holiday season, making them a key target for hackers. With PhoneFactor, all user data is stored within the customer’s network and advanced logging is available for auditing purposes. In addition to meeting PCI DSS requirements for two-factor authentication, many retailers incorporate PhoneFactor’s fraud alerting capabilities into their incident response plans.
MagTek Responds to the SPVA’s E2E Guidelines
CA-based payment security provider MagTek has responded to the Secure POS Vendors
Alliance and its published guidelines on the application of encryption
technology to payment card data used for retail financial
transactions. The guidelines establish an auditable set of requirements
that can be used to validate cardholder data security across the many
entities that participate in the transport of payment card data.
MagTekâs IPAD and its entire product line of secure card reader
authenticators (SCRAs) are protected by MagneSafe security which
conforms to the SPVA recommended guidelines. The encryption
begins within the magnetic sensor, the instant the card is read.
Experts agree that payment card data should be encrypted from the point
of swipe to the point of authorization. This will increase the degree of
difficulty thieves encounter when trying to steal cardholder data
for nefarious purposes. But E2E will do little to deter
criminals, or detect and stop counterfeit card fraud and ultimately may
not by itself be worth the investment.
TJX Hacker Pleads Guilty and to Serve 20 Years
The TJX hacker, Albert Gonzalez, who inflicted major payment card damage to Heartland Payment Systems, Hannaford Brothers, 7-Eleven and others is pleading guilty in federal court. He is expected to receive a sentence of between 15 and 25 years in prison. The latest agreement was filed in U.S. District Court in New Jersey, where the Heartland charges were filed in August. A federal judge transferred the case to Massachusetts, where Gonzalez is seeking to merge it with two other cases to which he has already pleaded guilty. Gonzalez was charged in August, accused of stealing more than 130 million debit and credit cards from card-processor Heartland and other companies. He had previously been charged in May 2008 and in August 2008 in Massachusetts with intrusions into TJX, OfficeMax, Dave & Busters, among other companies. He pleaded guilty to those charges in August and is scheduled to be sentenced in Massachusetts on Dec. 21 in both cases.
TJX Settles with State AGs Over 2006 Breach
Donating $2.5 million to establish a new Data Security Fund to allow
states to advance effective data security and technology, TJX Companies
have settled with a multi-state group of 41 Attorneys General to resolve
investigations of the criminal intrusion into the Organization’s
computer system announced over two years ago. Maintaining no violation
of consumer protection or data security laws were committed, TJX
representatives disclosed the settlement was made to avoid distraction
and promote cyber security measures. Additional stipulations under the
settlement require TJX provide a settlement amount of $7.25 million to
cover expenses related to the Statesâ investigations; certify its
computer system meets detailed data security requirements specified by
the States; and to encourage the development of security technologies.
The TJX Companies operates 882 T.J. Maxx, 811 Marshalls, 322 HomeGoods,
and 141 A.J. Wright stores in the USA.
Another HPY Lawsuit is Filed Over Breach
Another class action lawsuit has been filed on behalf of consumers
against NJ-based Heartland Payment Systems over a recently discovered
security breach. Philadelphia-based Berger & Montague filed the suit
last week in the U.S. District Court for the District of New Jersey.
PA-based Chimicles & Tikellis also filed a similar lawsuit against HPY
in the same court. Two weeks ago Heartland confirmed it was the victim
of a security breach within its processing system last year. The
intrusion was discovered in January, but the processor believes it is
contained. The Company insists that no merchant data or cardholder SSNs,
unencrypted PIN, addresses or telephone numbers were involved in the
breach. In January, HPY formed an internal department dedicated
exclusively to the development of end-to-end encryption. Heartland
delivers credit/debit/prepaid card processing, payroll, check management
and payments solutions to more than 250,000 business locations
nationwide. (CF Library 1/21/09; 1/28/09; 1/30/09)
Fujitsu Transaction Unveils GlobalSTORE v4
Fujitsu Transaction Solutions has released the newest version of
“GlobalSTORE 4.0” modular point-of-sale (POS) software. The updated
platform includes enhanced back-office capabilities that
leverage Microsoftâs Windows Communication Foundation and Windows
Presentation Foundation technologies, allowing retailers to easily add
and customize features like back-office and cash-management functions.
Additional features include enhanced training with The GlobalSTORE
Interactive Training System that allows users to view instructions and
interact with the back-office screens at the same time; GlobalSTOREâs
back-office interfaces are
fully touchable and donât require the use of pointing devices to perform
complex administrative actions; a foreign language translation tool that
enables retailers to reduce the time and effort needed to meet multiple
language requirements for their operations and robust reporting
capabilities to create more than 55 standard reports, as well as
customized documents.
Genesco Upgrades to Fujitsu TeamPo
Nashville-based footwear retailer Genesco will upgrade its POS systems using Fujitsuâs “TeamPoS 3000 XL2 systems”.
The rollout includes 1,350 locations across Genescoâs Journeys, Journeys
Kidz, Shi by Journeys, Underground Station and Johnston & Murphy chains.
Fujitsuâs TeamPoS 3000 XL2 is the first POS system to feature Intelâs
Coreâ¢2 Duo mobile processor, giving retailers powerful performance and
energy efficiency. Point-of-sale processing is 300 percent faster with
the dual-core processor than previous technology â and 40 percent more
energy efficient than desktop architecture. Fujitsu also will provide staging, project management and installation
for the initiative, which began this summer and is scheduled to continue
through 2009.
Belk Migrates from SVS to SmartClixx
NC-based retailer Belk has switched from Comdata’s SVS platform to the
“SmartClixx” software platform for processing gift card transactions in
its 300 department stores. SmartClixx works with some of
the world’s largest retailers
providing in-house stored value card and gift card application
software and services without charging per-transaction fees. Security,
flexibility, streamlined processes and operations, data mining, and
future capability with significant cost savings.