Some retailers launched online deals well in advance of Thanksgiving, Black Friday and Cyber Monday.
A card processor whose poor security measures left exposed the confidential information of 40 million cardholders, will set up a comprehensive data security program, under a proposed settlement with the Federal Trade Commission.
The former CardSystems Solutions Inc., the payments processor whose poor security measures left exposed the confidential account information of 40 million cardholders, has agreed to implement a comprehensive data security program, under a proposed settlement with the Federal Trade Commission.
CardSystems-now doing business as Pay By Touch Solutions-last year processed transactions for more than 119,000 online and offline merchants, representing about $15 billion.
The proposed settlement requires CardSystems to establish and maintain a comprehensive information security program that includes administrative, technical and physical safeguards. The settlement also requires the processor to undergo audits by an independent third-party security professional every two years for 20 years to confirm it is complying with the settlement. The processor also must comply with standard bookkeeping and record-keeping provisions.
The FTC charged that CardSystems engaged in a number of practices that failed to provide reasonable and appropriate security for sensitive customer information. Those practices led to millions of dollars in fraudulent purchases, the FTC alleged.
“CardSystems kept information it had no reason to keep and then stored it in a way that put its consumers’ financial information at risk,” said Deborah Platt Majoras, FTC chairman.
This is the ninth FTC case targeting companies whose security practices compromised consumers’ confidential financial information, and the first the commission has brought against a credit card processor.