Small Lenders Wage On In Fight Against Breach Settlements

The major breaches that happened at Target in 2013, or Home Depot in 2014, have spurred a strong alliance between the small banks and credit unions who’ve joined together to make their case for recovering hundreds of millions of dollars of losses that occurred from those breaches, The Wall Street Journal reported.

The smaller financial institutions are claiming that the big banks have cut them out by allowing the major credit card companies like Visa and MasterCard to negotiate settlements — leaving the smaller institutions without a voice to make their case or recover what they believe to be adequate settlement amounts.

Recently, it was reported that some of the banks and credit unions whose customers’ MasterCard payment cards were compromised in Target’s data breach are trying to stop a proposed $19 million settlement between the retailer and the card brand.

“The agreement between Target and MasterCard is nothing more than an attempt by Target to avoid fully reimbursing financial institutions for losses they suffered due to one of the largest data breaches in U.S. history,” Charles Zimmerman, the co-lead attorney for the banks and credit unions, said in a prepared statement.

The small banks and credit unions are saying that the process to settle breach costs inherently favor bigger banks, noting that the major banks have the budgets to handle breaches and issue new cards — while the small financial institutions don’t.

Earlier this week, the small banks/credit unions involved in the case filed a motion with a judge that would enable them to forgo their efforts to secure additional settlements, which would shake up the traditional settlement model that allows banks to give up their rights to other reimbursement claims, WSJ reported. Allowing the bigger banks to take the reins is what has led to the smaller banks feeling left out when it comes to recouping what they say is rightfully theirs in settlement cases.

“The banks contend the Target settlement would cover only a ‘minimal portion of the actual damages,'” WSJ reported, following Monday’s (April 27) hearing.

Outside of the Target case, the smaller institutions have also filed a similar case against Home Depot, which has reportedly received backing from trade groups. Neither Visa or MasterCard has settled its breach case with Home Depot as of April 28.

The National Association Of Federal Credit Union President and CEO Dan Berger and Scott Arney, CEO of association member Chicago Patrolmen’s Federal Credit Union, also voiced concerns of the small card issuers in relation to the data breaches.

“When you have to absorb losses for something you had nothing to do with, it’s tough,” Arney told the WSJ. He indicated that credit unions have seen $55,000 in fraud losses in the first part of 2015. Berger also shared his frustrations, saying that the small financial institutions are “looking to pursue any channel that makes them whole.”

Target reported in 2013 that at least 40 million payment cards were compromised by the breach during November and December that year, and the compromise might also have resulted in the theft of personal information on as many as 110 million people. Home Depot’s breach impacted 56 million debit and credit cards.