Despite the hefty sum, many in the industry believe that the amount does not come close to the actual costs incurred by the thousands of banks and other financial institutions that issue cards under the Visa name.
Retailer Target announced in late December, 2013 that hackers infiltrated the company’s transaction records, compromising the debit and credit accounts of over 40 million cardholders. The theft became one of the largest data-breaches in history. On Tuesday, the retailer and Visa came to an agreement over the card issuers’ losses due to the breach. Although neither company would confirm the amount of the settlement, a source familiar with the case has said that Target could pay Visa up to $67 million in order to reimburse the banks for costs related to the breach. A similar $19 million dollar settlement agreement between Target and MasterCard fell through in May, after the threshold of at least 90 percent of banks approving the deal was not met. In that case, the banks found the amount to be insufficient. On Monday however, Visa announced the negotiations had yielded that threshold, thus certifying the settlement. $67 million is the maximum amount scenario in negotiations between the two companies, with people close to the case saying that Target has agreed to the maximum.
Although the deadline for consumers who had their data compromised between November 27th and December 18th 2013 to file a claim passed on July 31st, Target is extending its offer to the few institutions that rejected the deal. The retailer will offer these institutions compensation “using a settlement formula that would enable them to achieve the same economics as the Visa issuers that have already settled with Target and Visa.” Spokeswoman Molly Snyder said in a statement, “Target is pleased that we have reached a settlement agreement with Visa related to the data breach we experienced during the fourth quarter of 2013.” Snyder also noted that, “The costs of the settlement are already reflected in Target’s previously reported fiscal 2013 and 2014 results.” The data breach was also largely responsible for the ouster of former Target Chief Executive Gregg Steinhafel in May, 2014. In addition to the 40 million debit and credit card numbers, industry analysts estimate about 70 million customers had some form of identifying information stolen during the hack.
Despite the hefty sum, many in the industry believe that the amount does not come close to the actual costs incurred by the thousands of banks and other financial institutions that issue cards under the Visa name. Several banks previously decried the settlement parameters, calling the compensation insufficient for the actual costs of issuing new cards and the hiring of additional call-center staff to field an increase in consumer questions. Trade groups representing banks and credit unions, especially smaller institutions, have repeatedly cited the financial hardship due to the Target and subsequent Home Depot breaches. One group estimates the banking industry as a whole to have spent over $350 million dealing with the two widespread retail identification thefts.
Minneapolis Star-Tribune – Bree Fowler/Associated Press
Patch – Marc Torrence
Wall Street Journal – Robin Sidel