Re:A good start (Score 1)

I think it's fair to say that Level 1 merchants are taking PCI compliance pretty seriously, but I'm also sure many are making the trade off against the potential for legal exposure. After their breach, TJX took a nice hit to their stock price (off about 15%), but as it became clear that had little to no customer flight, it recovered well. It makes good sense that the bill for notification costs should be served to the responsible party.