WASHINGTON (4/1/08)—A Federal Trade Commission (FTC) decision to require TJX Cos. to beef up security and submit audits--every other year for the next 20 years--by independent third-party security professionals appears to be a constructive settlement, according to the Credit Union National Association (CUNA). The FTC last week announced its resolution with the company whose hacked information was the source in 2007 of in the largest reported breach of credit and debit card information in history. TJX is parent company to such discount retail stores as TJ Maxx, Marshalls and Homegoods. CUNA General Counsel Eric Richard said Monday the FTC agreement with TJX appears to be comprehensive and should “send a message to merchants that they must take appropriate security measures to protect customer data.” “If all merchants were to take similar measures, credit unions would, I think, be exposed to less risk and have to consider reissuing large numbers of cards much less frequently," Richard said. The FTC announcement noted that TJX, as well as data brokers Reed Elsevier and Seisint, have agreed to settle charges that each engaged in practices that, taken together, failed to provide reasonable and appropriate security for sensitive consumer information. The settlements will require that the companies implement comprehensive information security programs and obtain the audits. The breach event, coupled with a significant increase in sophisticated attempts to phish personal information from consumers, were integral to changes in the way credit unions and their members deal with security issues. More credit unions are taking precautions by offering credit monitoring identity theft services and security solutions.