The Dec. 29, 2005, letter from Joseph Majka, a fraud control vice president for Visa, was written months after cyberthieves had already secretly infiltrated TJX's systems, starting the work that would ultimately become the worst data breach in credit card history.
Majka wrote the letter to Diana Greenshaw, an official with TJX's credit card processor, Fifth Third Bank. "Visa will suspend fines until Dec. 31, 2008, provided your merchant continues to diligently pursue remediation efforts. This suspension hinges upon Visa's receipt of an update by June 30, 2006, confirming completion of stated milestones."
The letter regarding TJX ended with this ironic-in-hindsight line: "I appreciate your continued support and commitment to safeguarding the payment industry."
Apparently, Visa didn't consider TJX's later efforts to be "diligently" pursuing remediation efforts because Visa issued $880,000 in fines to Fifth Third Bank—regarding TJX—this summer.