iEntry 10th Anniversary RSS Archive

IT Management Begins With Security
SecurityProNews > Insider Reports > Insider > DSW Settles Up With FTC
Search:
[ insider_reports_insider ]

DSW Settles Up With FTC



John Stith
Staff Writer
2005-12-02

SecurityProNews: Insider Reports Insider Reports RSS Feed


Designer Shoe Warehouse (DSW) agreed with the Federal Trade Commission (FTC) they need to do better. This comes as part of the agreement reached after DSW had the information for 1.5 million customers lifted from its computer systems back in March.

DSW Settles After Credit Card Info Stolen
DSW Settles After Credit Card Info Stolen

The FTC charged the Columbus, Ohio based DSW failed to take reasonable security measure to protect sensitive customer data and called it an unfair practice. The hackers had access to credit and debit card info as well as checking account information.

The complaint said DSW left open all the information including name, card number and expiration date as well as the magnetic strip information, which can be used to generate counterfeit cards. For checking information, they took routing numbers, account numbers, check numbers and driver's license numbers.

The charges specifically were:

· created unnecessary risks to sensitive information by storing it in multiple files when it no longer had a business need to keep the information;

· failed to use readily available security measures to limit access to its computer networks through wireless access points on the networks;

· stored the information in unencrypted files that could be easily accessed using a commonly known user ID and password;

· failed to limit sufficiently the ability of computers on one in-store network to connect to computers on other in-store and corporate networks; and

· failed to employ sufficient measures to detect unauthorized access.

The totals include, 1.4 million credit and debit cards and 96,000 checking accounts being compromised. There was fraudulent activity on some of the cards The FTC also stated a number of checking account customers have requested reimbursement for some of their expenses for starting new checking accounts.

The FTC voted unanimously to accept the consent agreement. The consent agreement means DSW has agreed to a settlement and is not an admission of guilt. The terms included a requirement for improved security to be monitored by a third party security firm every other year for the next 20 years.

Bruce Cundiff of Javelin Strategy and Research said, "I think this makes perfect sense. I think we've seen through all the data breaches for the last year and a half, companies need to do more. They'll be subject to more scrutinies. Businesses are now seeking out enhanced security solutions.

"There needs to be increased tabs on insiders. Nothing seems to be hacker proof because hackers always seem to find a way."

He went on to say that while there are a variety of solution providers, companies need to be more proactive in their approaches because with those increased scrutinies include customers, consumer groups, and federal and state governments. The governments are also working on legislation for these issues.

Hacks like this continue to be a huge problem as other companies have been hacked in recent months and weeks due to the very same reasons just about every time. These companies maintain insufficient security measures. In most cases these accounts are merely password protected. It's fairly easy for even the most basic hackers to get into something like that.

With 1.5 million accounts compromised, DSW had an obligation to tighten their security. Unfortunately, many companies don't take such precautions until after the fact. Examples like this show carelessness on the part of the various businesses to protect themselves and their customers.

DSW certainly isn't an isolated case this year. Others have been hacked or had similar problems. In the end, these companies need to remain more vigilant. DSW did nearly one billion dollars last year. Since the event, they've improved their security. It might be prudent of other companies to not wait until it happens to them, go after your Internet security.





About the Author:
John is a staff writer for SecurityProNews covering cyber security.

More insider_reports_insider Articles

SecurityProNews: Insider Reports Insider Reports RSS Feed

Get Your Site Submitted for Free in the World's Largest B2B Directory!

Email Address:
* URL:
*
*Indicates Mandatory Field

Terms & Conditions

iEntry Featured Services: Jayde Member Services | Forums | Freeware | Advertise with Us

Contact Us | Advertise | Newsletter Archive | Sitemap | Submit an Article | News Feeds
SecurityProNews is an iEntry, Inc.® publication - $line) { echo $line ; } ?> All Rights Reserved | Privacy Policy and Legal		 Join the WebProWorld Forums: Click Here
Virus Warnings

Subscribe to
SecurityProNews FREE!


[ more newsletters ]

Featured On:
article resources
Search Articles:
[advanced search]

WebProWorld.com
Get in-touch with industry experts and leaders
Post your site for review by expert and peers
Ask Security, IT, Development and Design questions

Free Membership: Join Now!

Visit WebProWorld.com

Titan Quest Forum
The #1 Titan Quest forum
Halo 3 Forum
The best Halo, Halo 2, Halo 3 forum
Nintendo Wii
Nintendo Wii news and views
Mac Software
The best in OS X freeware
Graphics Forum
Your source for graphic tutorials
SecurityProNews.com | Breaking eBusiness News Get Your IT Questions Answered - Click Here SecurityProNews News Feeds