Friday, May 1, 2015
Settlement terms stipulate that MasterCard will offer recovery terms to issuers of MasterCard-branded payment cards compromised by the Target breach. Target said all eligible issuers will be notified of their individual settlement offers and asked to respond by May 20. The company agreed to fund $19 million in recovery payments if MasterCard secures a 90 percent approval from its eligible card issuers by the deadline.
Eileen Simon, Chief Franchise Integrity Officer at MasterCard, said that while MasterCard will recommend that its issuers accept the offers, the company will not attempt to influence outcomes or decisions. "We have made it very clear throughout the process that [participation] is entirely an individual choice for issuers," she said. Payment analysts anticipate that Target and Visa Inc. will reach a separate settlement agreement soon. A Visa statement to the media indicated the company is analyzing relevant information "to ensure we reach a resolution that is accurate and fair to all Visa clients and participants in the payments system."
In addition, numerous claims brought against Minneapolis-based Target since the data breach was first reported were consolidated into a single appeal seeking class action status. Plaintiffs include Mutual Bank in Whitman, Mass.; Village Bank in St. Francis, Minn.; CSE Federal Credit Union in Lake Charles, La.; First Federal Savings of Lorain in Lorain, Ohio; and Umpqua Bank in Roseburg, Ore., a subsidiary of Umpqua Holdings Corp. While Minneapolis U.S. District Judge Paul Magnuson has not yet ruled on that case, similar settlement rulings have required claimants to sign a release to be compensated for damages.
In a similar action filed in an Atlanta federal court, small card issuers are seeking relief for expenses related to The Home Depot Inc.'s 2014 data security breach. When card issuers were notified of the data breach in September 2014, which involved approximately 56 million cardholder accounts, JPMorgan Chase Bank and Capital One Financial Corp. swiftly replaced the cards of all potentially affected customers. Smaller financial institutions lacked the economies of scale to react as quickly or extensively to the epic data breach.
Many smaller institutions lack the infrastructure and economies of scale to reissue millions of cards and otherwise absorb the costs of wide-scale attacks. Additionally, many smaller banks with assets below $1 billion were not even compensated for breach-related costs, according to a 2014 survey by the American Bankers Association. The Association also noted that the average cost of replacing a credit card is $10 for a small bank, compared with $3 for a large bank.
First Choice Federal Credit Union, based in New Castle, Pa., joined New Orleans-based First NBC Bank and other small institutions in September 2014 to file complaints against Home Depot, seeking restitution for costs of cancelling and reissuing customer debit cards. NBC Bank stated that Home Depot failed to implement and maintain the Payment Card Industry Data Security Standard, which left numerous financial institutions on the hook for tens, if not hundreds, of millions of dollars as a result of Home Depot's Security Breach."
Payment analysts estimate community banks and credit unions have spent about $350 million on Target and Home Depot security breach-related issues. Diana Dykstra, President and Chief Executive Officer of the California Credit Union League, stated that in most data breach cases "recovery amounts for credit unions and community banks are insufficient as compared with the losses." The League and the Credit Union National Association are participating in the Home Depot lawsuit.
Editor's Note:
The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.
