The Ashimmy Blog

Everyone remembers the loss of tens of millions of consumers credit card and debit card numbers from CardSystems Solutions, Inc. last year.  Representing the single largest compromise of consumers confidential financial information, it came on the heels of several other well publicized data compromises at companies like Lexis-Nexis, Choicepoint and DSW Shoe Warehouse.  It eventually led or contributed to the company being taken over by new ownership.  Today the FTC announced it has settled its claims against the company.  Like the other cases, the company will have to institute clearly defined information security policies and programs.  It will also have to undergo an independent 3rd party audit, every other year for the next 20 years.  What was different is there does not appear to be any fine involved in this settlement.  In the other cases millions of dollars in fines were levied, but it appears not so here.  I am baffled.  It is admitted by all sides that this incident led to millions of dollars in fraudulent credit and debit card claims.  Shouldn't their be a fine involved?  The settlement release does mention that the company is still subject to civil litigation and credit card fees in the millions of dollars, but I think the FTC let them off to easy compared to other offenders.