Target’s recent settlement with Visa to reimburse card issuers up to a reported $67 million for expenses related to the retailer’s 2013 data breach may pave the way for a similar revised settlement with MasterCard. And it could eventually derail banks’ pending lawsuit against retail giant.
In May, banks and credit unions rejected MasterCard’s proposed $19 million settlement
with Target on the grounds that the compensation for breach-related expenses, including card reissuance, was inadequate. The card issuers chose, instead, to continue to push for more money through their class action lawsuit – reports Bankinfosecurity.
But now that Visa’s leading issuers impacted by Target’s breach have accepted Visa’s settlement deal, MasterCard says it, too, is wrapping up negotiations with the retailer for a revised settlement to present to its issuers.
In an Aug. 19 statement provided to ISMG, MasterCard says it plans to submit a new settlement plan to Target that resembles Visa’s deal.
“MasterCard is pleased that Target announced its settlement agreement yesterday,” the statement says. “We have been working closely with Target on this from the start, and they have indicated to us that the same approach and comparable terms are being made available to MasterCard issuers. This reflects our ongoing collaborative efforts over the past few months to resolve the matter. We will now place the revised Target settlement offer in front of our customers for their consideration.”
And if that revised settlement gets the approval of MasterCard’s major issuers, some observers predict the banks’ lawsuit against Target eventually could be dropped.
“If the banks can just get a couple of dollars per card they had to reissue because of a breach, they will settle,” says one attorney who specializes in cybersecurity and breach litigation, who asked not to be identified. “Banks are conservative. They’re litigation and risk averse,” and that could work in Target’s favor.
Banks and credit unions will likely accept any settlement that offers a reasonable payout, says Jeff Man, a strategist and security evangelist for continuous network monitoring firm Tenable Network Security. That’s because they want the media attention surrounding the Target breach and questions about payments security to go away, says Man, a former qualified security assessor for PCI compliance.
“You have to remember that all of the players have a vested interest in Target succeeding as a company, which translates into more credit and debit sales,” Man says. “Conflicts of interest aside, it would behoove all of the banks, processors and card brands to quickly move to settlement. The more common breach settlements become, the more normalized the breach recovery costs will become, which will make negotiating these settlements easier in the long run.”