Guess Tightens Web-Site Security To Resolve Federal ChargesGuess Tightens Web-Site Security To Resolve Federal Charges

WASHINGTON (AP) -- Clothing marketer Guess Inc. will tighten security for its Web site to resolve federal charges that it failed to protect customer credit-card information from computer hackers.

The Federal Trade Commission said Wednesday that Guess misled visitors to its Web site with promises that personal information would always be protected in a secure form that couldn't be read by hackers. The FTC said the information was vulnerable to common hacker attacks and last year one Internet intruder accessed customer credit card numbers.

"Companies have an obligation, particularly when they promise security, to take steps to make sure that obvious vulnerabilities aren't there," said Howard Beales, director of the FTC's Bureau of Consumer Protection. "They need to lock the doors."

The Guess Web site has been vulnerable to attack since at least October 2000, the FTC said.

"There are relatively easy fixes that Guess could have done," Beales said. "They just didn't until after it was brought to their attention by the FTC."

By settling, Guess doesn't acknowledge breaking any law. A company attorney did not immediately return calls seeking comment.

Under the settlement, Guess must create a new security program that is certified annually by an independent expert. The company also is banned from making false claims about its security.

The settlement is the third FTC case involving misleading Internet privacy or security claims. Past cases involved Microsoft Corp.'s Passport Internet service and drug maker Eli Lilly and Co., which mistakenly released the E-mail addresses of more than 600 people taking Prozac.