The weakest links in the United States payment system continue to be businesses that accept credit and debit card payments and the consumers themselves. 1 To address these issues, the payment card industry requires merchants to comply with stringent information security standards. The enforcement of these standards, however, is not always adequate. For example, the security breach at the TJX Companies, Inc. ("TJX") 1 last year that compromised the credit card information of millions of customers resulted from the merchant storing credit card data in

violation of the Visa Operating Regulations 1 and Payment Cards Industry Data Security Standard. 1 To prevent such incidents, IBM and Microsoft are working on technological solutions aimed at securing online purchases of goods and services. Visa, the world's leading credit card payment company, regularly brings together leaders and decision makers from business, government, and technology organizations to discuss security of electronic payments. 1 To help the private sector and government agencies ensure that their information security staff has an

up-to-date knowledge of the best industry practices and procedures, several not-for-profit organizations are offering a number of information security certifications and educational resources. The next Section discusses the role of industry-wide information security standards and looks at the attempts of private parties to hold businesses that failed to comply with the standards accountable for the resulting losses. Written by James M. Sheehan, Special Agent in Charge, Criminal Division, FBI Los Angeles.