More than a year-and-a-half after Target’s December 2013 announcement of a massive data breach, the retailer has reached an agreement with Visa, whereby it will reimburse Visa and certain affected card issuers up to $67 million for expenses incurred in connection with the breach. This will include costs associated with reissuing cards. The agreement comes three months after the company’s proposed $19 million settlement with MasterCard fell through as not enough banks accepted the deal. The MasterCard deal required the approval of 90 percent of banks representing cardholder accounts that were affected by the breach. The Visa deal is less likely to fall apart because it was conditioned on a majority of issuers entering into direct settlements with Visa and Target, which Visa has since certified. According to sources within the company and at MasterCard, the retailer is also renewing efforts to settle with MasterCard on a similar basis.
Meanwhile, a class certification motion hearing on behalf of the financial institution plaintiffs is scheduled to be held September 10, 2015. According to lead counsel for the plaintiffs, Charles Zimmerman of Zimmerman Reed PLLP, plaintiffs seek to hold Target accountable for damages “far greater than what has been offered under this settlement.” Zimmerman further contends that “[j]ust as with the proposed MasterCard settlement… [the Visa deal] was negotiated under a veil of secrecy without the involvement of the court or the court-appointment legal representatives of financial institutions.”
As we previously reported, Target has also agreed to pay $10 million to resolve a class-action lawsuit brought by consumers whose personal information may have been compromised in the breach. Back in March, a Minnesota federal judge granted preliminary approval of Target’s proposed $10 million settlement. The final approval hearing is scheduled for November 10, 2015.
The Target data breach incident has pushed U.S. banks, retailers and card companies to speed the adoption of microchips in credit and debit cards as a safer alternative to magnetic strip cards. The Visa settlement comes at an interesting time because in October 2015, the EuroPay, MasterCard and Visa (EMV) “liability shift” is scheduled to take effect in the United States; under this regime, any merchant or financial institution that does not use or support such chip technology assumes the risk of liability for any counterfeit card transactions.