Friday , November 22, 2024

MasterCard Issuers Reject Proposed Settlement for Target Data-Breach Losses

A proposed $19 million settlement forged by MasterCard Inc. and retailer Target Corp. to compensate MasterCard issuers for fraud and other expenses they incurred after Target’s 2013 data breach failed to win approval from issuers representing 90% of eligible accounts that the so-called alternative-recovery plan needed by a May 20 deadline, MasterCard confirmed Friday.

“As of today, the 90% threshold has not been reached,” a MasterCard spokesperson said in a statement. “Therefore, the settlement will not become effective. The alternative-recovery offers were provided to issuers as a way to deliver to them certain and prompt payments for a portion of the costs they incurred as a result of the Target data breach, including card re-issuance costs and fraud losses. At this stage, we will continue to work to resolve the matter.”

MasterCard would not say what the vote was or say why issuers rejected the proposed deal.

Minneapolis-based Target issued a brief statement saying that MasterCard informed it that the settlement did not reach the 90% threshold by the May 20 deadline and that “Target has nothing further to share at this time.”

Continuing litigation seems certain. A group of banks suing Target in federal court in St. Paul, Minn., to recover their breach-related expenses had tried and failed to block the settlement, although the judge did express concerns about its fairness. Any bank that accepted the settlement would have been required to drop out of the lawsuit.

In a statement to the Reuters news service, the lead lawyers for the plaintiffs said, “We are pleased that financial institutions have resoundingly rejected Target and MasterCard’s attempt to avoid fully reimbursing the losses suffered during one of the largest data breaches in U.S. history.”

Lawyers for the banks have estimated total losses at more than $160 million, with about half that amount lost to fraud and the other half for reissuing nearly 9 million credit cards, according to Reuters.

Data-security analyst Julie Conroy, research director at Boston-based Aite Group LLC, tells Digital Transactions News by email that the dispute is “absolutely a cost issue.”

“Many banks, smaller ones in particular, were quite vocal about the fact that this settlement was pennies on the dollar compared to their losses, so I’m not surprised in the least that this one didn’t go through,” she says.

An executive with a small bank who asked not to be identified says of the proposal that “If you do it per card, it’s a very token amount.”

Target said the breach compromised a total of 40 million credit and debit cards, as well as non-card information on 70 million customers. Target reportedly is negotiating with Visa Inc. over a compensation plan for Visa issuers affected by the breach.

Check Also

Click to Cancel Effective Jan. 14 and other Digital Transactions News briefs from 11/21/24

The Federal Trade Commission said its Negative Option rule, also known as click to cancel, goes into effect …

Digital Transactions