The credit card data theft at TJX Companies is considered one of the worst ever. The case is significant because of a lack of appropriate security and control. Resources: Ch. 7 & 12 of Essentials of Management Information Systems Answer the following questions in 200 to 300 words: •? List and describe the security controls in place. Where are the weaknesses? The thieves used several entry points to access TJX corporation systems. They accessed many TJX’s retail stores through poorly secured kiosks.
We will write a custom essay sample
on The credit card or any similar
topic specifically for you
The hackers opened up the back of those terminals and inserted USB drives to install utility software that enabled them to turn the kiosks into remote terminals linked to TJX’s networks. The firewalls that TJX use and had in place did not have enough security to offer and let bad traffic in from the in-store kiosks. The hackers also used mobile data access technology to decode data transmitted wirelessly between handheld price-checking devices, cash registers, and the store’s computers.
TJX was using an outdated (WEP) encryption system, which made it easy for hackers to crack. The hackers stole user names and password to setup their own TJX account using handheld equipment and also used the data to crack encryption codes. This allowed them to access TJX system from any computer with internet. The hackers also obtained personal information which could be used for identity theft, including driver license numbers, social security numbers, and military identification of 451,000 customers.
The data theft took place over an eighteen month period without anyone’s knowledge. The security controls in place out grew the total size of the company. The system was way overdue for a complete overhaul, because the system was so far out of date with the new technology. I read further about this on the internet and came to find out that the hackers went undetected for seventeen months. This time frame gave the hackers plenty of time to take forty-five million to over one hundred million user’s information. TJX was still using the old Wired Equivalent
Privacy (WEP) encryption system, which is relatively easy
Page 2 The credit card Essay
for hackers to crack. They also neglected to install firewalls and data encryption on many of the computers using the wireless network, and didn’t properly install another layer of security software it had purchased. •? What tools and technologies could have been used to fix the weaknesses? They could have switched to the more secure Wi-Fi Protected Access (WPA) standard with more complex encryption. They also could have installed firewalls and data encryption software on any computer that uses a wireless network.
Today there is what’s called Chip & PIN technology, identity verification system (security codes), also you are not responsible for unauthorized purchases made on your credit card. [MasterCard International and Visa got together and came up with a set of guidelines called the Payment Card Industry Data Security Standards. This is a list of 12 guidelines that imposes strict regulations on all transactions taking place between the card company and the merchants it trades with. VeriSign’s SSL (Secure Sockets Layer) technology is the leader in the field.
VeriSign will give each merchant it conducts business with 2 “keys” (like coding alphabets), a public key and a private key. The public key is used to encrypt information, and the private key is used to decipher it. VeriSign’s technology now offers this encryption in 128- to 256-bit encryption, which provides a nearly un-guessable number of possible combinations of codes. There are still issues with security, such as scanners and hackers on the internet. Any time you provide your credit card number it is at risk. •? What was the business effect of TJX’s data loss on TJX, consumers, and banks?
The business effect of JTX’s loss was that banks that issue credit and debit cards so far received the brunt of the TJX losses from fraudulent credit card charges rather the retailers who accepted the fraudulent cards, the credit card networks such as MasterCard and Visa, or TJX itself. They may have to spend 300 million just to replace the stolen cards, in addition to covering fraudulent purchases. Consumer groups and banks have filed lawsuits against TJX and its merchant banks for failing to protect account data. Since the time of the data breach in security, at least one business;
Wal-Mart, has lost millions of dollars as a result of the theft, while TJX has spent more than $20 million investigating the breach, notifying customers, and hiring lawyers to handle dozens of lawsuits from customers and financial institutions. Should TJX lose in the courts, it could be on the hook for millions more in damages. But there’s an even broader TJX Effect: The data breach, which actually took place over a period of years, has put the entire retail industry on the defensive and stirred up demands for all businesses that handle payment card information to do a better job of protecting it.
Legislators are invoking TJX’s name to fast-track data-security bills. •? Which moral dimensions may be applied in this situation? How? TXJ should take responsibility for what they let happen. If their systems were up to date and their kiosks were not as vulnerable as they were, none of this would have happened. It seems that the banks and credit card companies are taking most of the hit from this situation. They made enough money every year to make sure that their information was securely kept, and they need to pay those people back for them not keeping up with the times.