Target Settlement Over Data Breach Vetoed by MasterCard

POSTED JUNE 16, 2015

A special to USLAW NETWORK and USLAW DigiKnow

By Karen Painter Randall, Connell Foley LLP, Roseland, New Jersey

Citigroup Inc., Capital One Financial Corp., and J.P. Morgan Chase & Co. rejected a $19 million pact backed by MasterCard Inc. last month over the high-profile Target Corp. data breach, which resulted in the settlement’s unexpected failure. The three banks decided to reject the pact that was negotiated on the industry’s behalf by MasterCard because they thought it was too small to cover their losses in the incident. As a result, the carefully negotiated pact is now in flux as other banks and credit unions hope that they can get a better deal in court, while Target and MasterCard discuss their next move.

MasterCard announced the settlement with Target in April, but the deal did not receive the required 90% backing from banks representing cardholder accounts that were affected by the data breach. Although banks typically support such agreements, which are negotiated on their behalf by card networks, the big banks were unhappy with the payouts that they would have received. In addition, the card issuers wanted to send a message to merchants that they are unhappy with their security efforts. Small banks, as well as credit unions were the first to oppose the settlement as not allowing them to be properly compensated for damage.   Without a deal on the table, Target and MasterCard must go back and renegotiate the settlement terms.

Trade groups representing community banks and credit unions estimate that they have spent more than $350 million to reissue credit and debit cards and deal with other issues related to the Target breach and a subsequent hacking at Home Depot Inc.   Additionally, thieves made $9 billion of fraudulent transactions that were tied to existing card accounts last year, according to Javelin Strategy & Research, a unit of consulting firm Greenwich Associates LLC. The settlement’s unusual defeat underscores the banking industry’s growing frustration with both the hacking incidents that have hit U.S. retailers in the past year, and the relatively small reimbursements they have received for their losses. Furthermore, the rejection by the three institutions was especially important because as MasterCard’s largest U.S. credit-card issuers, they carried more sway than other issuers. The three represent roughly 40% of all purchases made on MasterCard-branded credit cards, or 100 million cards.

With the future of a potential settlement unclear, more negotiations and court hearings loom. Moreover, large card issuers are paying increased attention to proceedings in a Minnesota court case in which small banks and credit unions have sued Target over the breach. While large issuers are currently not parties to the litigation, they could eventually become plaintiffs in the case if it receives class-action status in coming months.

Designed & Developed by Peak Seven