Top Issuers Stalled MasterCard’s Target Breach Settlement

When news broke that MasterCard’s $19 million security breach settlement with Target had come to a halt, there wasn’t much indication as to why — except that it didn’t get the necessary support. But a Wall Street Journal report yesterday (June 2), gave a bit more insight as to why the MasterCard settlement deal never materialized.

Citing people said to be familiar with the situation, The Journal reported that it was the decision of three major MasterCard issuers that shut down the MasterCard deal with Target. That involved a pact made among Citigroup, Capital One and JPMorgan Chase to reject the settlement, which caused what appeared to be nearly a done deal to fizzle. While MasterCard looked ready to move forward, without the backing of its three biggest banks, the sources indicated that the settlement was too small to compensate for the breach losses.

That breach, of course, refers to the one that struck the retailer at the end of 2013 and impacted 40 million payment cards and personal details for 70 million customers.

But the big banks weren’t the only ones who were against the settlement. Small banks and credit unions were the first to publicly relay their opposition of the settlement, saying that breach settlements disproportionately impacted the smaller financial institutions. In those case, the smaller financial institutions are claiming that the big banks have cut them out by allowing the major credit card companies like Visa and MasterCard to negotiate settlements — leaving the smaller institutions without a voice to make their case or recover what they believe to be adequate settlement amounts.

“The agreement between Target and MasterCard is nothing more than an attempt by Target to avoid fully reimbursing financial institutions for losses they suffered due to one of the largest data breaches in U.S. history,” Charles Zimmerman, the co-lead attorney for the banks and credit unions, said in a prepared statement. “It provides paltry restitution for the substantial losses suffered. This sweetheart deal for Target was negotiated without involvement of the court or the legal representatives of the impacted financial institutions.”

Now, however, it looks like the big banks have stepped in, but not for the benefit of Target. Instead, the new pact to negotiate better breach settlement terms now appears to have joined the perspective of banks and credit unions, based on The Journal’s report. While the settlement deal was announced in April, the settlement didn’t get the required 90 percent backing from the banks that actually represent the cardholders impacted by the breach.

“We believe this settlement provides our issuers a reasonable resolution of the Target data breach event,” Eileen Simon, chief franchise integrity officer at MasterCard, said in a news release in April announcing the settlement that was supposed to be paid out by May 20. “The timely reimbursement of costs and losses under the agreement delivers MasterCard issuers a faster and more certain resolution to the event, while reinforcing our commitment to maintain the integrity of industry security standards.”

Now, without a deal in hand, Target and MasterCard will go back to the drawing board on settlement terms, and in terms that must appease the banks that issue those MasterCard payment cards. But those three major issuers are key in this equation as, according to Nilson, they make up 40 percent of all purchases on MasterCard-branded credit cards, which equates to about 100 million cards.

Sources indicate that MasterCard and Target have continued negotiations about how to move forward with a settlement. There was no information released on how much support the most recent settlement received, nor was information provided on individual issuers’ votes.

Following the initial news that the deal was being vetoed, Target issued a brief statement: “The alternative recovery offers were provided to issuers as a way to deliver to them certain and prompt payments for a portion of the costs they incurred as a result of the Target data breach, including card reissuance costs and fraud losses. At this stage, we will continue to work to resolve this matter.”

To check out what else is HOT in the world of payments, click here.



The PYMNTS Cross-Border Merchant Friction Index analyzes the key friction points experienced by consumers browsing, shopping and paying for purchases on international eCommerce sites. PYMNTS examined the checkout processes of 266 B2B and B2C eCommerce sites across 12 industries and operating from locations across Europe and the United States to provide a comprehensive overview of their checkout offerings.

Click to comment